What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's helpline to report the incident. For SBI, call 1800-11-1109, and for HDFC, call 1800-202-6161. Change your passwords as a precaution.

How can I identify supplier impersonation scams?

Look for unsolicited offers, pressure for quick payments, poor grammar, and requests for sensitive information like OTPs or Aadhaar details.

How do I report this type of scam in India?

You can report nearly any online scam by ringing the cybercrime helpline at 1930 or by visiting cybercrime.gov.in. Additionally, inform your bank about the fraudulent transaction.

What are the steps to recover money after falling for this scam?

Contact your bank immediately and inform them of the fraudulent activity. Complete any necessary forms they might require. Initiate a police report and provide necessary details for further investigation.

Supplier Impersonation & Payment Phishing

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, Job

How Supplier Impersonation & Payment Phishing Works

Overview: Supplier impersonation phishing is a rapidly growing scam impacting Indian resellers, dropshippers, and online shoppers. Cybercriminals pretend to be trusted brands or large suppliers on popular platforms, tricking victims into sharing sensitive information or making payments to fraudulent accounts. The scam is dangerous as it can lead to identity theft and repeated financial loss. How It Works: 1. Fraudsters contact targets via WhatsApp, Facebook, or Telegram, introducing themselves as representatives of well-known import/export firms or local distributors. 2. They offer exclusive deals, sometimes mimicking the exact branding of big platforms (AliExpress, CJDropshipping, etc.)—often using forged links or nearly identical website addresses. 3. Victims are coaxed to share login credentials, OTPs, or to visit fake payment links for 'exclusive access.' 4. Those who pay either receive counterfeit/fake products, invalid tracking numbers, or are told to pay extra 'taxes' before receiving earnings. 5. Eventually, scammers vanish with the victim’s payment and, often, personal information. India Angle: This phishing style is prominent on Indian resale groups (OLX, Facebook Marketplace), using Hindi, English or regional languages. Fraudsters request UPI or bank transfers and often pose as “local” suppliers—especially in NCR, Mumbai, and Bengaluru. Victims include small retailers and first-time online resellers across India. Real Examples: - Telegram message: “We are Mumbai direct distributor. Pay 599 catalog fee via GPay. Get 40% margin on each order!” - OLX chat: “Confirm with OTP to secure today’s deal. Offer valid till 5PM only.” Red Flags: 1. Unsolicited messages from supposed big suppliers or brands. 2. Phishing links imitating official websites, with slight spelling or logo mistakes. 3. Urgent requests for payment or OTP for 'verification.' 4. Demands for extra fees or 'taxes' after initial payment. 5. Lack of GST or verifiable business details. Protective Measures: - Always access supplier websites by typing URLs directly; never click unknown links. - Validate supplier details independently (GST, reviews, office location). - Do not share OTPs or login credentials—real businesses never ask. - Use secure payment options with buyer protection. - Trust your instincts; pressure and urgency are warning signs. If Victimised: 1. Cease all communication and secure your accounts. 2. File a report at cybercrime.gov.in and notify helpline 1930. 3. Inform your bank and monitor for unfamiliar transactions. 4. Reset passwords and enable 2FA where possible. Related Scams: - OLX Seller/Buyer OTP Scams - 'Gift Card Investment' Frauds - Social Media Job & Task Phishing

How This Scam Works — Detailed Explanation

Supplier impersonation phishing scams are becoming increasingly prevalent in India's thriving online marketplace. Cybercriminals typically target resellers, dropshippers, and online shoppers through popular messaging platforms like WhatsApp, Facebook, and Telegram. They often craft messages that appear authentic, adopting the identity of well-known brands or suppliers. By exploiting the familiarity and trust inherent to these platforms, they initiate contact, presenting themselves as legitimate vendors eager to finalize deals or extend new offers. Once they establish a rapport, these scammers use the guise of professionalism and urgency to manipulate their victims.

The tactics employed by these fraudsters are particularly insidious as they tap into psychological triggers that compel individuals to act quickly. For instance, they might send unsolicited supplier offers and entice victims with incredible deals that seem too good to pass up. These messages frequently contain links that mimic legitimate businesses, leading recipients to fraudulent sites that ask for sensitive information like login details or one-time passwords (OTPs). Urgent payment requests further heighten the sense of pressure, often missing crucial proofs of business legitimacy—charismatic acting and fake testimonials might be shared to reinforce their credibility.

Once a victim falls into the trap, the steps unfold rapidly. First, the victim is persuaded to share personal information, such as their Aadhaar details, to verify their identity or to process payments via UPI. They are guided to make payments directly to accounts controlled by the scammers, often under a false pretext, such as fulfilling a significant order or securing exclusive inventory. In some documented cases, victims have reported losses exceeding ₹10 crore, with incidents growing notably during festival seasons when online purchasing spikes. This leads to emotional and financial turmoil, as these victims often find themselves unable to trace the funds after falling prey to these scams.

The overall impact of supplier impersonation and payment phishing has been significant in India. According to CERT-In, a considerable rise in complaints regarding financial fraud via online platforms has been recorded, with thousands reporting losses monthly. The Ministry of Home Affairs has also raised alarms about the prevalence of such scams, urging citizens to be vigilant. RBI regulations stress the importance of enhancing customers' awareness of these techniques used by fraudsters, a reality illustrated by the staggering amounts of money lost—over ₹120 crore in 2022 alone—due to such scams. It’s essential for individuals and businesses alike to educate themselves on these tactics and understand the potential harms involved in online transactions that seem hastily orchestrated.

To effectively spot this scam compared to legitimate communications, individuals must be vigilant about certain red flags. Authentic suppliers usually have verified accounts and don’t rush their transactions without providing proper business documentation. Legitimate offers won’t demand sensitive information over insecure channels, nor will they place undue pressure to secure quick payments. Knowing the official communication channels and verifying the sender's identity can help readers discern genuine offers from fraudulent ones, ultimately saving them from potential losses. Familiarizing oneself with these dynamics brings a crucial edge in combating these elusive scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Supplier Impersonation & Payment Phishing Target?

General public across India

Red Flags — How to Identify Supplier Impersonation & Payment Phishing

Unsolicited supplier offers via WhatsApp or Telegram
Fake links mimicking known brands/platforms
Requests for login details or OTPs
Urgent payment demands with no proof of business
Fake tracking or shipping updates

What To Do If You Encounter Supplier Impersonation & Payment Phishing

Report any suspicious communications to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
Verify the authenticity of supplier messages by cross-checking their claims with official company contact points.
Avoid sharing personal details such as your Aadhaar number or banking information with unverified contacts.
Do not click on links that seem suspicious, even if they appear to be from a trusted brand.
Keep track of all transactions and communications with suppliers, and save necessary screenshots for reporting purposes.
Reach out to your bank immediately if you suspect you've made a payment to a fraudulent account at helplines like SBI 1800-11-1109 or HDFC 1800-202-6161.

How to Report Supplier Impersonation & Payment Phishing in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank's helpline to report the incident. For SBI, call 1800-11-1109, and for HDFC, call 1800-202-6161. Change your passwords as a precaution.
How can I identify supplier impersonation scams?: Look for unsolicited offers, pressure for quick payments, poor grammar, and requests for sensitive information like OTPs or Aadhaar details.
How do I report this type of scam in India?: You can report nearly any online scam by ringing the cybercrime helpline at 1930 or by visiting cybercrime.gov.in. Additionally, inform your bank about the fraudulent transaction.
What are the steps to recover money after falling for this scam?: Contact your bank immediately and inform them of the fraudulent activity. Complete any necessary forms they might require. Initiate a police report and provide necessary details for further investigation.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.