"Your SBI/HDFC account will be blocked in 24 hours. Click here to update KYC." The link leads to a pixel-perfect replica of your bank's login page. You enter your credentials — and hand them to the scammer.
7 Red Flags in Every Phishing Message:
- Urgency — "your account will be blocked TODAY"
- Sender email is @gmail.com, not @sbi.co.in
- Link domain has typos (sbionline.co vs sbi.co.in)
- Asks for full password + OTP on the same page
- No personalisation — no account number or name
- Generic greeting — "Dear Customer"
- Grammatical errors or odd spacing
Rule: Banks never ask for passwords or OTPs via SMS or email. If you get such a message — go directly to the bank's app or official website by typing the URL yourself.
Websites mimicking UIDAI, Income Tax, DigiLocker, or NIC portals trick students into entering their Aadhaar number, date of birth, and OTP — enough for identity theft and SIM swapping.
How to Spot Fakes: The real UIDAI site is uidai.gov.in. Only .gov.in domains are official Indian government websites. Any other domain — no matter how similar it looks — is fake.
If You Entered Details: Lock your Aadhaar biometrics at myaadhaar.uidai.gov.in immediately. Call 1947 (UIDAI helpline).
A caller claims to be from your bank, TRAI, or tech support. They say your account has been compromised and ask you to install AnyDesk or TeamViewer so they can "fix it remotely". Once they have access — they transfer money from your banking app in front of your eyes.
Rule: No bank, government body, or legitimate tech company will ever ask you to install a remote access app to fix an account issue. Hang up immediately. Call your bank's official number to verify.