Practical, step-by-step guides built specifically for Indian students and young internet users. No jargon. Just clear, actionable steps to keep you protected.
Each guide covers a specific threat in plain language — with real examples and actionable steps you can use immediately.
Run through this checklist once and you'll be significantly safer than 95% of Indian internet users. Takes about 30 minutes total.
Gmail, Instagram, WhatsApp, your bank app, UPI apps (PhonePe, GPay, Paytm), and LinkedIn. Use an authenticator app (Google Authenticator or Authy) rather than SMS where possible.
Reusing passwords is the number-one cause of account hacking. Use a free password manager like Bitwarden to generate and store unique passwords. Never use your name, phone number, or birthdate as a password.
Go to Settings → Apps → Permissions and remove camera, microphone, and location access from apps that don't need them. Revoke permissions for apps you no longer use. This prevents spyware from running silently.
Whether it's SMS, WhatsApp, email, or Instagram DM — if someone you don't know (or even someone you do) sends a link, do not click it. Instead, go directly to the official website by typing the URL in your browser.
A UPI "collect request" is a request to take money FROM you — not send it to you. Entering your PIN approves the payment. You should ONLY approve collect requests from services you have actively initiated a payment for (like bill pay or subscriptions).
Visit myaadhaar.uidai.gov.in and lock your biometrics. This prevents anyone from using your fingerprints to authenticate as you. You can temporarily unlock it if you ever need to use biometric authentication yourself.
Save this number in your phone right now. If you or anyone you know falls victim to a cyber scam — especially financial fraud — call 1930 immediately. Quick reporting significantly increases the chances of fund recovery.
These are the most common mistakes that lead to people getting scammed. Memorise them.
Never share an OTP with anyone — not banks, police, or "Google support." OTPs are single-use and private.
QR codes sent by buyers, strangers, or "support agents" can initiate payment transfers or redirect to phishing sites.
Legitimate employers never charge candidates registration, training, ID, or joining fees. Full stop.
Links in DMs (Instagram, WhatsApp, Telegram) can lead to phishing sites that steal your login or payment info.
If one account is breached and you've reused that password, every account using it is now compromised.
If someone is offering you guaranteed investment returns or a free iPhone, it's a scam. Always.
Random friend requests from attractive profiles are often the start of romance scams or sextortion traps.
Use a masked Aadhaar for verification purposes. Never share the full 12-digit number over chats or emails.
Explore our scam library to understand exactly how each scam works so you can spot them instantly.