What to do if I shared my OTP in a UPI scam?

Immediately contact your bank using their helpline, report the incident, and follow their instructions to secure your account.

How can I identify a phishing call using deepfake technology?

Legitimate calls will never ask you for sensitive information like passwords or OTPs. If the conversation feels rushed or demands immediate action, it's a warning sign.

How do I report this type of scam in India?

You can report phishing attempts on cybercrime.gov.in or call the cybercrime helpline at 1930, as well as report it to your bank.

What steps should I take to recover my funds after being scammed?

Contact your bank immediately, file a report with the cybercrime helpline, and consult a legal expert if necessary for further action.

Phishing with Deepfake Verification Calls

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, WhatsApp, KYC

How Phishing with Deepfake Verification Calls Works

Overview: Phishing scams in India have evolved: fraudsters now use deepfake audio or video to impersonate real bank officials on verification calls. These scams trick customers into sharing one-time passwords (OTP), personal details, or uploading KYC documents, under the illusion of speaking with a trusted authority. The result is unauthorised access to accounts, loans, or UPI wallets in the victim’s name. How It Works: The scammer uses stolen data (either from breaches or social media) and deepfake tools to clone a real bank employee’s voice or video. Victims receive a call on their mobile or WhatsApp from someone who looks and sounds like a real representative, asking for OTP, selfie, or ID photos to "complete" verification. The information is misused immediately to onboard

How This Scam Works — Detailed Explanation

Phishing scams in India have drastically evolved with the rise of technology, making them more sophisticated and harder to detect. Scammers are now employing deepfake technology to launch phishing attacks via verification calls, impersonating bank officials or trusted authorities. To find their victims, fraudsters often scout for personal information available on social media platforms. They may also purchase stolen data from the dark web, targeting users based on their public engagements and discussions about banking issues on platforms like WhatsApp or even forum sites dedicated to financial advice. Using this data, they reach out to potential victims with alarming claims, such as a potential account breach or issues requiring immediate resolution.

Once a scammer connects with an individual, they utilize psychological tricks to build trust and escalate the situation. For instance, a victim may receive a call from a number mimicking their bank's customer service, where an AI-generated voice claims to be a bank executive. This creates a false sense of security. The fraudster may skillfully manipulate the conversation, insisting that urgent action is needed, like providing a one-time password (OTP) to verify transactions or to fix so-called errors in KYC documents. They play on fear, urgency, and the victim's familiarity with the bank’s official practices, making it easier for them to comply and unknowingly share sensitive information.

Victims of this scam often face a distressing reality. Phoenix-like, their peaceful banking experience turns chaotic as they are tricked into divulging information. A well-known case involved a victim who was approached via WhatsApp, where the scammer claimed to be a representative from State Bank of India (SBI). The victim provided their OTP and other personal details under the guise of resolving an account freeze. Soon after, unauthorized transactions drained their UPI account, resulting in losses exceeding ₹25 lakh. This ordeal illustrates how benign interactions can spiral into significant financial impacts, eroding trust in digital transactions. Furthermore, those who believe they have been scammed often find it challenging to recover their stolen funds, making them feel trapped in a labyrinth of automated customer service.

The impact of deepfake verification call scams is staggering in India. According to the Ministry of Home Affairs, phishing scams resulted in losses amounting to over ₹300 crore in 2022 alone, highlighting the severity of this crime. The Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) have issued guidelines urging consumers to be vigilant, yet many continue to fall prey. CERT-In has also released advisories, reinforcing the message that cyber safety is paramount, stressing the need for education around these evolved scam tactics. Fraudsters are using increasingly sophisticated methods, and it is crucial for users to remain informed about how these scams operate and how they can keep their accounts secure.

To differentiate between a genuine call and a fraudulent one can be challenging in today’s digital ecosystem. A legitimate bank representative will never ask for sensitive details like OTPs or personal identification numbers over the phone. If you receive a call that appears suspicious, pause and assess the situation. Look for inconsistencies in the call (like unusual demands or an unfamiliar tone) and contact your bank directly using their official helpline – such as SBI at 1800-11-1109 or HDFC at 1800-202-6161. Remember, real communication from your bank will always be informative and will never rush you into giving up personal or sensitive information under pressure.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Phishing with Deepfake Verification Calls Target?

General public across India

What To Do If You Encounter Phishing with Deepfake Verification Calls

Report the incident immediately to cybercrime.gov.in or call the cybercrime helpline at 1930.
Contact your bank's customer support line (SBI: 1800-11-1109, HDFC: 1800-202-6161) and inform them about the phishing attempt.
Change your online banking passwords and enable two-factor authentication to secure your accounts.
Monitor your bank and UPI transaction history for any unauthorized activities.
Educate family and friends about deepfake scams to prevent them from falling victim.
Consider filing a complaint with the local police against the fraudulent activity.

How to Report Phishing with Deepfake Verification Calls in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank using their helpline, report the incident, and follow their instructions to secure your account.
How can I identify a phishing call using deepfake technology?: Legitimate calls will never ask you for sensitive information like passwords or OTPs. If the conversation feels rushed or demands immediate action, it's a warning sign.
How do I report this type of scam in India?: You can report phishing attempts on cybercrime.gov.in or call the cybercrime helpline at 1930, as well as report it to your bank.
What steps should I take to recover my funds after being scammed?: Contact your bank immediately, file a report with the cybercrime helpline, and consult a legal expert if necessary for further action.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.