KYC Fraud in India: What It Is and How to Protect Yourself
KYC (Know Your Customer) fraud is one of the most common scams targeting Indian bank account holders, UPI users, and mobile wallet customers. Scammers send fake messages pretending to be from your bank, UIDAI, or telecom provider claiming your KYC has expired.
Real Scam Message Examples
These are real examples of messages used in this type of scam. If you receive something similar, do not click any links.
Example 1
“Dear SBI Customer, Your KYC verification has expired. Your account will be BLOCKED in 24 hours. Update immediately: bit.ly/sbi-kyc-updt”
Example 2
“URGENT: Your UPI ID linked to Aadhaar has been suspended. Click to re-verify now or your account access will be revoked permanently: upi-kyc-verify.in/update”
Example 3
“Your HDFC Bank net banking access will be disabled due to pending KYC. Complete verification: hdfckyc-update.com/login — HDFC Customer Care”
Warning Signs of a KYC Scam
- ⚠Message says your bank account/UPI/SIM will be blocked unless you complete KYC immediately
- ⚠Asks you to click a link or call a number to 'verify' your details
- ⚠Requests your Aadhaar number, OTP, or net banking password
- ⚠Sender is an unknown number, not an official bank shortcode
- ⚠Creates extreme urgency — 'complete within 24 hours or your account will be suspended'
How Does This Scam Work?
- 1You receive an SMS or WhatsApp message about KYC expiry
- 2The message contains a link to a fake bank/UIDAI website
- 3You enter your credentials, OTP, or Aadhaar details
- 4Scammer uses these to access your real bank account
- 5Money is transferred out before you realize
Legitimate vs Scam: How to Tell the Difference
| Aspect | ✓ Legitimate | ✗ Scam |
|---|---|---|
| How they contact you | Official bank SMS from registered shortcode (e.g. SBIINB) | Unknown mobile number or unofficial sender ID |
| What they ask for | Asks you to visit branch or log in via official app | Asks for OTP, Aadhaar, or password via link |
| Urgency | Gives reasonable time — weeks or months notice | 24-hour deadline to create panic |
| Link format | Links go to bank's official domain (e.g. sbi.co.in) | Shortened URL (bit.ly) or lookalike domain (sbi-update.com) |
What Should You Do?
- ✓Never click links in unsolicited KYC messages
- ✓Call your bank's official number (on the back of your card) to verify
- ✓Report to cybercrime.gov.in or call 1930
- ✓Paste the suspicious message into ScamCheck for an instant verdict
- ✓Block and report the sender on WhatsApp/SMS
Free Tool
Received a suspicious message?
Paste it into ScamCheck and get an instant AI verdict — free, no signup needed.
Check it now — it's free →Frequently Asked Questions
Will my bank really block my account for KYC?
Banks do require periodic KYC updates, but they will never ask you to complete it via a link in an SMS or WhatsApp. Always visit your nearest branch or official app.
What should I do if I already clicked the link?
Immediately change your net banking password, block your debit card, and call your bank's fraud helpline. File a complaint at cybercrime.gov.in.
Is Aadhaar-based KYC fraud common in India?
Yes — scammers impersonate UIDAI and ask for your Aadhaar number and OTP to 'link' it. UIDAI will never ask for your OTP via phone or message.
Can I get my money back if I fell for a KYC scam?
Report to your bank and cybercrime.gov.in within 24 hours — faster reporting improves recovery chances. Call the national cybercrime helpline at 1930 immediately.
How do I verify if a KYC message is from my real bank?
Log in to your bank's official app or call the number on the back of your card. Never use the phone number or link provided in the suspicious message.
Related Scam Guides
Explore more scam guides
View all guides by category and country →