The Indian Government, through its cyber-security agencies including the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs (MHA), has issued a strict public warning about an alarming increase in cyber frauds where hackers contact people using fake identities — and cautioned that even a single mistake could lead to loss of bank funds, personal data theft, or account takeover.
The advisory comes amid a sharp rise in scams where criminals impersonate banks, government bodies or trusted institutions to intimidate victims, obtain sensitive details and drain bank accounts or steal personal identities. Citizens have been urged to be vigilant, especially when dealing with unsolicited calls, messages or links that appear genuine but may be traps set by fraudsters.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
How Hackers Use Fake Identities and Social Engineering
According to government cybercrime warnings:
- Fraudsters frequently use fake phone numbers, email addresses or social media profiles that appear official, sometimes even mimicking known government agencies or banks.
- They often contact victims with urgent threats — such as claims of legal action, account freezing, SIM closure or alleged involvement in crimes — to induce fear and rush people into making mistakes.
- A common tactic is the “digital arrest” scam, where callers posing as police or regulatory officials threaten arrest or confiscation of assets unless money is transferred or personal banking information is shared.
National regulators like the Telecom Regulatory Authority of India (TRAI) have also warned that fraudsters impersonate their officials via phone calls, forged letters, WhatsApp messages and fake legal notices as part of coordinated schemes to drain money or trick victims into disclosing sensitive information. TRAI has clarified that it has never authorised such communications and that real regulators do not demand money or personal data over unsolicited calls or messages.
What Can Go Wrong: One Mistake Is Costly
Cybersecurity experts and official advisories stress that one wrong action — such as clicking a suspicious link, downloading a fake app, or sharing any banking detail — can give fraudsters access to:
- Personal credentials or two-factor authentication (OTP) codes
- Banking login information
- Remote access to phones or computers
- Biometric or account recovery data
Once inside, criminals can initiate unauthorized transactions, transfer funds via UPI or online banking, or even drain entire bank balances. In some cases overseas advisories have noted that one wrong click on a malicious link or pop-up can install malware that secretly controls banking apps or accesses OTPs without the user’s consent.
This pattern of social engineering — where attackers exploit trust and urgency — has also been flagged by consumer protection agencies internationally, highlighting how scammers seal victims’ confidence with believable threats and promises before demanding money or access.
Targeted Tactics: Impersonation and Pressure
Officials say cybercriminals commonly:
- Impersonate banks, regulators, police or government officials and claim victims’ accounts are compromised, involved in legal violations or about to be frozen unless they comply.
- Use fear-based language and deadlines to coerce people into quickly providing OTPs, PINs, account numbers or UPI codes.
- Send malicious links disguised as “secure portals,” “refund forms,” or “verification steps” to trick users into installing malware or entering credentials.
- Employ caller ID spoofing to make a number appear legitimate, such as matching a bank’s name or government helpline, increasing the illusion of authenticity.
Cybercrime units emphasise that no legitimate bank, government agency or regulatory authority will demand money transfers, passwords, OTPs or remote access via unsolicited calls or messages.
Official Guidance: How to Protect Yourself
To safeguard against these increasingly sophisticated scams, authorities and cybersecurity experts recommend:
- Hang up immediately if a caller claims to be a bank, regulator or law enforcement officer and asks for personal information or money.
- Never share OTPs, PINs, passwords or biometric details with anyone over phone, message or video call.
- Do not click on links or download apps sent by unknown numbers — especially those asking for banking logins or verification.
- Verify official claims directly through verified channels — such as official bank numbers from your statement, the RBI or TRAI website — before taking action.
- Report suspicious calls or messages to the National Cyber Crime Reporting Portal or dial the cybercrime helpline at 1930.
Cybersecurity officials also urge families to talk to elderly relatives, who are frequently targeted due to their trust in official-sounding calls and less familiarity with digital security risks.
Why This Warning Matters Today
The government’s alert comes at a time when fraudsters are exploiting the rapid digital adoption of mobile banking, UPI payments and online services. With more people transacting online than ever before, scammers have refined their techniques, making fake identities and deceptive messaging harder to spot and more convincing.
This warning reinforces that cyber vigilance and digital literacy are essential for financial safety. Authorities continue to collaborate with banks, telecom regulators and law enforcement to track and dismantle scam networks, but public awareness and caution remain the first line of defence against financial loss and identity theft.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
