A deceptive wave of frauds targeting bank customers has emerged, where criminals masquerading as bank or digital wallet officials make convincing KYC (Know Your Customer) claims to extract personal information, deploy remote-access apps, and empty victims’ accounts. Authorities report losses totaling hundreds of thousands of rupees in recent months.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
How the Scam Operates: Urged Updates, Remote Access, and Identity Theft
According to cybersecurity analysis published by Moneycontrol, these scammers begin with phone calls or instant messages claiming that a user’s KYC is “incomplete” or “expiring,” and warns that failure to comply will result in account suspension. Victims are typically directed to click a link or call a number that takes them to a fake verification process.
Scammers may insist the recipient download remote-access apps like AnyDesk or TeamViewer. Once installed, they gain control over the victim’s device accessing bank apps, capturing OTPs, and transferring funds. One case in Delhi saw a victim defrauded of over ₹8 lakh in a single session.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Warning Signs and Protective Measures
Financial security experts emphasise several red flags and precautions:
- Fake urgency and pressure tactics—Messages stating “update now or lose access” are common in these frauds. Genuine banking requests are typically hosted on official channels, not via random SMS or WhatsApp.
- Suspicious links or caller IDs—Fraudsters often use spoofed sender IDs with unrecognisable SMS origins or unofficial email addresses referencing “KYC update”. Users should independently verify by contacting their bank directly.
- Requests to install remote-access tools—Legitimate bank personnel will never ask users to install AnyDesk or TeamViewer. Default refuseness to share OTPs or passwords over calls is essential. Never download apps from links provided in unsolicited communication.
- Identity and transaction monitoring—Banks have begun requiring biometric verification and KYC record updates. Cybersecurity authorities urge users to watch statements closely and report any unauthorized activity immediately. Many banks now implement two-factor authentication, which should be enabled .
- Report and alert mechanisms—Victims should complain directly to their bank and lodge a report with the National Cyber Crime Reporting Portal or by calling the helpline at 1930.
About the Author – Anirudh Mittal is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.