The “KYC update” scam keeps resurfacing under different guises. In a previous Scamguard article, we revealed how scammers use fake Know Your Customer (KYC) update websites to steal victims’ personal information in real time. This time, instead of fraudulent websites, a simple phone call and a text message serve as their secret gateway to your bank. The only common element is the script they follow: scare you into thinking your account will be blocked in seconds. Before long, you are drawn into a fake verification process, and your money is quietly siphoned off.
Here’s a closer look at how this shape-shifting fraud works and how to stay a step ahead of it.
Modus Operandi
“Bank” Calling: Scammers make cold calls, pretending to be your bank representative, and tell you that your KYC details are missing or out of date. They warn that your account will be frozen if you don’t respond immediately.
The “Quick” Update: The scammer offers assistance with the KYC process and sends a suspicious link or a fake app via WhatsApp, claiming it is essential to complete the update.
Device Hacked: Once you tap the link, the app downloads onto your phone and could give the scammer remote access, potentially compromising your personal information. In other cases, they ask you to enter your bank details, then generate a One-Time Password (OTP) on your phone.
OTP Trap: You’re asked to read out the OTP you received via SMS to complete the final step in the process. As soon as you do, they can use it to access your bank account or approve transactions for online purchases.
Funds Stolen: In a case reported to Scamguard, a victim’s fixed deposits valued at approximately Rs 21 lakhs were liquidated and transferred within minutes during a scam call. In short, the scam works by tricking you into unknowingly authorising or facilitating transfers.
Red Flags
“Bank officials” threatening to block or freeze your account if you do not comply with their requests. You feel pressured into acting immediately.
Calls and/or texts from unfamiliar numbers that don’t display the bank’s official caller ID.
Requesting you to share any passwords, OTPs, CVV numbers or card details.
KYC update via unknown links, third-party or fake apps.
What To Do
Verify: If you receive a ‘KYC update’ call or message, contact your bank through its verified official customer care number(s) provided on its net banking app and/or website. Confirm whether your account(s) need any such actions.
Foolproof Channel: Remember that KYC updates can only be done through official channels. You can either log into your net banking account via the app or their website, or you can visit any branch of your bank and get assistance from the help desk.
Decline: Do not download suspicious apps or click on such links, and do not share any banking details with unknown callers.
Notify: In case you’ve shared your banking details and/or OTPs, immediately contact your bank to freeze your account(s) and cards. Change the passwords and PINs for your accounts and report the issue.
Report: Highlight the incident promptly through the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call their helpline at 1930. You can also file a complaint at your local police station. Ensure that you gather relevant evidence to support the investigation.
Share: Inform your circles and communities about the scam and ask them to be cautious of any such alerts.
The Quint's Scamguard initiative aims to keep up with emerging digital scams to help you stay informed and vigilant. If you've been scammed or successfully thwarted one, then tell us your story. Contact us via WhatsApp at +919540511818 or email us at myreport@thequint.com. You can also fill out the Google form and help us take your story forward.)