What to do if I shared my OTP in a UPI scam?

Immediately inform your bank via their helpline — SBI at 1800-11-1109 or HDFC at 1800-202-6161 — and request to block your account.

How can I identify this specific scam?

Look for unsolicited messages with urgent requests for your KYC or payment details and links to unofficial sites.

How do I report this type of scam in India?

Report it at 1930 or through cybercrime.gov.in, and inform your bank about the incident and any transactions made without authorization.

How can I recover money or protect my accounts after this scam?

Contact your bank immediately to dispute any unauthorized transactions, change your login details, and monitor your accounts closely.

Telegram Phishing Bot Exploiting UPI Users

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, WhatsApp, KYC

How Telegram Phishing Bot Exploiting UPI Users Works

Overview: This scam exploits Telegram's flexible bot platform to trick Indians into revealing their banking, UPI, or app credentials through highly convincing fake login pages. The primary targets are everyday Indians using mobile payments, including young professionals, students, and small business owners who transact via Paytm, PhonePe, or Google Pay. This method is dangerous because credentials stolen here are instantly forwarded to scammers for quick account takeovers and financial theft. How It Works: Scammers utilize Telegram's "Phishing-as-a-Service" (PaaS) bots. First, a scammer joins specialized bot-creator channels that offer easy tools to set up phishing bots. They configure a secondary bot—sometimes using a token or setup code—designed to impersonate official-looking sites like UPI login portals or Paytm authentication pages. The scammer then circulates links to these fake pages via SMS, WhatsApp, or Telegram DMs, pushing claims like 'urgent KYC required' or 'win prizes by logging in.' Unsuspecting users enter their sensitive details, which are silently relayed to the scammer's Telegram channel. Attackers get not only credentials but sometimes IP address[ADDRESS_REDACTED]. India Angle: This scam exploits the rise of UPI payments and widespread Paytm, PhonePe, and banking app use. Indian targets are lured using common languages (Hindi, English) and familiar payment platforms. The bots are usually created with +91 country codes, and link formatting (e.g., .in domains) resembles Indian brands. These tactics flourish in both metros and Tier-2 cities thanks to Telegram's popularity across India. Real Examples: - A user receives a 'Paytm KYC expired—log in within 24 hours or account will be blocked' message with a Telegram bot link. - "Verify your UPI for ₹200 cashback. Login via secure portal: http://paytap-veri.shop (Telegram bot link)." - A fake HDFC Bank channel urges users to 'log in for limited period reward,' linking through a Telegram bot-generated page. Red Flags: 1. Unfamiliar links (odd domains or URLs, no HTTPS certificate) 2. Telegram bots requesting you to "set up" or share a token 3. Sudden demand for KYC, urgent login, or small payment deposit 4. New or unverified Telegram channels, lacking official branding 5. Payment demands via UPI to private accounts Protective Measures: - Never enter your credentials on any page accessed through Telegram or messages—visit official apps or sites directly. - Enable two-factor authentication (2FA) on banking/UPI accounts. - Check Telegram channel authenticity: look for verification, creation date, and admin contacts. - Refuse to set up or share tokens with Telegram bots you don’t know. - Block and report suspicious bots, and notify your bank if you suspect compromise. If Victimised: - Immediately reset account passwords and enable strong 2FA. - Contact your bank or UPI provider to freeze or monitor your account for unauthorized access. - Report the incident with screenshots and bot/channel details to Indian cybercrime helpline (1930) and at cybercrime.gov.in. Related Scams: - WhatsApp-based UPI phishing sites - Social media "update your KYC" impersonation attacks - Fake support bots on other messaging platforms

How This Scam Works — Detailed Explanation

Scammers are increasingly using Telegram's bot platform to exploit UPI users in India. They typically join popular groups where financial transactions are frequently discussed or they create their own channels claiming to be associated with legitimate financial services. In these channels, they approach unsuspecting victims by advertising 'trusted' services, luring them into a false sense of security. By providing links to fake KYC or login pages, scammers can trick users into divulging sensitive personal information, with UPI being the primary target since millions of Indians use it daily for payments through apps like Paytm, Google Pay, or PhonePe.

To manipulate victims, these scams utilize various psychological tactics. For example, they may promise quick and easy access to new financial features or threaten account suspensions if certain urgent actions are not taken immediately. Leveraging urgency is part of their strategy; they send deceptive messages that notify users of a supposed issue related to their UPI account that necessitates immediate attention. By pretending to be official messages, scammers can entice their targets into clicking on malicious links and inputting authentication details into convincing yet fraudulent forms, designed to look like official banking sites.

Once a victim interacts with these fake pages, the process unfolds swiftly. For example, if a user clicks on a link provided in the Telegram chat, they are redirected to a seemingly legitimate login page. Upon entering their UPI credentials — often their Aadhaar number or bank details — this information is instantly captured by the scammers. In a matter of minutes, the scammer can access the user’s linked bank account and initiate unauthorized transactions, leading to immediate financial losses. Reports have emerged of victims losing thousands, sometimes even in excess of ₹5 crore collectively, due to these scams, exemplifying the real danger they pose to everyday users.

The impact of these scams is profound. As of 2023, it was reported that scams conducted through Telegram alone led to a staggering loss of approximately ₹500 crore across various UPI fraud schemes in India. This alarming figure has drawn the attention of government bodies such as the Ministry of Home Affairs (MHA), RBI, and CERT-In, leading to advisories urging citizens to be cautious and to verify the authenticity of financial communications received digitally. Awareness is crucial as the methods evolve constantly, effectively preying on those less informed or experienced with digital transactions.

To help individuals discern between genuine communications and scams, it is important to identify specific red flags. Any message requesting verification through unofficial links, or unsolicited KYC notifications, especially those that emphasize urgency without providing ample details, should raise suspicion. Furthermore, legitimate financial organizations never request sensitive information such as passwords or personal identification numbers via Telegram or similar platforms. Victims must stay vigilant to differentiate between legitimate banking communications and the deceptive tactics employed by these scammers.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Telegram Phishing Bot Exploiting UPI Users Target?

General public across India

Red Flags — How to Identify Telegram Phishing Bot Exploiting UPI Users

Links to unofficial login or KYC pages via Telegram
Requests to set up or share a bot token
Unverified Telegram channels or groups
Urgent KYC/payment notifications with UPI details

What To Do If You Encounter Telegram Phishing Bot Exploiting UPI Users

Report the incident to cybercrime.gov.in immediately.
Call the cybercrime helpline 1930 to report the scam.
Notify your bank about any suspicious transactions or unauthorized access.
Change your UPI PIN and bank passwords immediately.
Monitor your account for any unusual transactions regularly.
Educate friends and family about the Telegram phishing bot tactics.

How to Report Telegram Phishing Bot Exploiting UPI Users in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately inform your bank via their helpline — SBI at 1800-11-1109 or HDFC at 1800-202-6161 — and request to block your account.
How can I identify this specific scam?: Look for unsolicited messages with urgent requests for your KYC or payment details and links to unofficial sites.
How do I report this type of scam in India?: Report it at 1930 or through cybercrime.gov.in, and inform your bank about the incident and any transactions made without authorization.
How can I recover money or protect my accounts after this scam?: Contact your bank immediately to dispute any unauthorized transactions, change your login details, and monitor your accounts closely.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.