A new and highly dangerous cyber fraud pattern is rapidly spreading across India, which security experts are identifying as “doorstep parcel fraud.” Unlike traditional online scams, this method involves criminals physically approaching victims at their homes and exploiting trust to gain access to bank accounts and digital wallets.
Fake Parcels Used to Build Trust
In this emerging scam, a parcel is delivered to a person who never ordered it. However, the package carries accurate personal details such as name, address, and mobile number, which makes it appear completely legitimate. This initial confusion becomes the foundation of the fraud, as victims assume it is a genuine delivery.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
When the recipient refuses to accept the parcel, the fraudster posing as a delivery agent attempts to gain trust by claiming the order needs to be cancelled and an OTP is required for the process. This is the exact moment when the cyberattack begins. Once the OTP is shared, criminals can access banking apps, UPI accounts, and digital wallets, often draining funds within minutes.
In several cases, victims have also been pressured into entering OTPs directly on devices handed over by the fraudsters. Experts warn that this is even more dangerous, as it may expose biometric and fingerprint data, which can later be used for identity theft and larger financial crimes.
Social Engineering at the Doorstep
Cybersecurity expert and former IPS officer Prof. Triveni Singh issued a strong warning, stating that cybercriminals are increasingly using social engineering techniques to manipulate trust and emotions. He emphasized that sharing OTP or biometric information is never safe, as it effectively gives criminals access to an individual’s entire digital financial ecosystem.
Experts believe this is not an isolated phenomenon but part of a coordinated and expanding network operating across multiple regions. Criminal groups are combining technological tactics with psychological manipulation, making victims act without suspicion or verification.
Adding to the concern, organizations such as the Future Crime Research Foundation have flagged the increasing sophistication of such scams. Researchers highlight that cybercrime is now evolving through a blend of advanced technology and social engineering. In the coming years, these frauds may become even more complex, potentially using AI-generated voices, fake identities, and digital duplication techniques to deceive victims.
Citizens Urged to Verify Every Delivery
Given the nationwide rise in such incidents, experts have urged citizens to adopt strict safety practices. Individuals should never accept unknown parcels, especially if they have not placed any online orders. OTPs, PINs, or biometric data must never be shared with any person or device, regardless of how legitimate the requester may appear.
Consumers are also advised to verify all orders only through official e-commerce applications or websites. Any suspicious calls, messages, or links should be ignored, as fake tracking pages and fraudulent delivery notifications are increasingly being used to lure victims.
According to digital security agencies, citizens should immediately report cyber fraud through the national cybercrime helpline 1930 or the official cybercrime reporting portal. In cases where OTPs are accidentally shared, immediate contact with the bank and account freezing can significantly reduce financial damage if done quickly.
