Beware of KYC Scam Calls and Messages: Cybercriminals Are Draining Bank Accounts with These Tactics

The Reserve Bank of India (RBI) has made the Know Your Customer (KYC) process mandatory to enhance security and curb financial fraud. However, cybercriminals have twisted this regulation into a new tool for deception. Posing as bank representatives, fraudsters send fake messages and make alarming calls to trick individuals into sharing personal banking details. With phishing links, cloned apps, and social engineering tactics, these criminals are emptying bank accounts in minutes.

This article explains how the fraud works, the red flags to watch for, and most importantly, how you can stay protected.

How KYC-Based Cyber Frauds Are Conducted

Scammers are exploiting customers' trust in their banks. The process begins with a fake message or a phone call warning the customer that their bank account will be "blocked" unless KYC is updated immediately. These messages often contain phishing links or ask customers to install unauthorized apps. Here's how the scam typically unfolds:

• A customer receives a message like:
  "Dear customer, your account will be blocked by 5:30 PM today. Click here to update your KYC."

• The link redirects to a fraudulent website or app that closely mimics a real bank's interface.

• Once the app is installed, it seeks suspicious permissions like access to camera, microphone, SMS inbox, and contacts. This enables scammers to remotely control the phone, steal OTPs, passwords, and even conduct financial transactions.

• In some cases, scammers pretend to be bank officials and ask for confidential details like:

  • OTPs (One-Time Passwords)

  • CVV numbers

  • Debit/Credit card PINs

Once shared, these details are used to access bank accounts and drain funds quickly.

Real Risks and Growing Cases

According to recent reports, such scams have increased dramatically, particularly in tier-1 and tier-2 cities. Mobile apps and SMS-based frauds are now among the top methods cybercriminals use for financial scams in India.

This rise in KYC-related fraud has become so alarming that police departments across the country, including Uttar Pradesh, have taken to social media to warn people using creative campaigns, such as “Dil do, OTP nahi” (Give your heart, not your OTP).

How to Stay Safe from KYC Frauds

Protecting yourself requires vigilance and awareness. Here's what you must do:

Avoid Clicking Unknown Links
Never click on suspicious SMS or WhatsApp links from unknown sources, especially if they urge you to update KYC or install an APK file.

Never Share Personal Banking Details
Do not share OTPs, CVVs, debit/credit card PINs, or passwords over calls, emails, or messages.

Use Official Bank Channels Only
For any KYC updates, only use the official banking apps or visit the bank’s verified website. Avoid third-party apps and never install software from outside the Play Store or App Store.

Report Suspicious Activity Immediately
If you suspect any fraudulent message or call, report it to:

• Cybercrime Helpline: 1930

• National Cybercrime Portal: www.cybercrime.gov.in

• Email for phishing alerts: sanchar.saathi@gov.in

Contact Your Bank Directly
If you receive a suspicious message or app notification, contact your bank’s customer service center before taking any action.

Final Thoughts

As frauds continue to evolve, staying informed is your best defense. The RBI has emphasized that banks never ask for sensitive details like OTPs or PINs via phone or message. If you receive such a request, consider it a red flag.

In the digital age, where cybercriminals use sophisticated tools and tactics, your vigilance is your strongest protection. Stay cautious, verify every communication, and always double-check before clicking or sharing anything.

Stay alert. Stay safe. Don’t let scammers use KYC to empty your account.