Your Aadhaar number is linked to your bank account, SIM card, PAN, and DigiLocker. If it falls into the wrong hands, a lot can go wrong.

What attackers do with your Aadhaar:

• Duplicate SIM cards using your Aadhaar details (SIM swap — see below)
• Open fake bank accounts or take loans in your name using forged documents
• Access your DigiLocker to obtain copies of your documents
• Use your eKYC to register fake businesses or financial accounts

How to protect yourself:

• Lock your Aadhaar biometric: Visit uidai.gov.in → My Aadhaar → Lock/Unlock Biometrics. This prevents anyone from using your fingerprint/iris for authentication without your permission.
• Use a Virtual ID (VID) instead of your actual Aadhaar number when services ask for it. Generate one on uidai.gov.in.
• Check authentication history: uidai.gov.in → My Aadhaar → Aadhaar Authentication History. Look for any authentication you didn't do.
• Never share your Aadhaar OTP with anyone — no government service will call and ask for it.
• Use masked Aadhaar for documents — only the last 4 digits are visible. Download from uidai.gov.in.

SIM swap fraud is when someone calls your mobile carrier (Jio, Airtel, Vi, BSNL) pretending to be you, and gets a new SIM issued for your number. Once they have your SIM, they can receive all your OTPs — and take over your bank account, email, and UPI.

Warning signs:

• Your phone suddenly shows "No SIM" or "Emergency calls only" for no reason
• You stop receiving calls or SMS messages unexpectedly
• You get a message from your carrier about a SIM change you didn't initiate

What to do immediately:

1. Call your carrier's emergency helpline from any other phone: Jio: 199, Airtel: 198, Vi: 199, BSNL: 1500.
2. Tell them you suspect a SIM swap — ask them to block the fraudulent SIM immediately.
3. Call your bank and ask them to freeze your account until your SIM is restored.
4. File a complaint at cybercrime.gov.in and call 1930.

Prevention:

• Never share your Aadhaar number or date of birth with unverified callers
• Use an authenticator app (Google Authenticator) for 2FA instead of SMS where possible
• Set a separate SIM PIN: Android → Settings → Security → SIM card lock → Lock SIM card

UPI scams are among the most common digital frauds in India. Unlike card fraud, UPI transfers are instant and often irreversible.

Common UPI scams:

• "Collect Request" scam: Someone sends you a collect/payment request (not a payment). You enter your PIN to "receive" money — but you're actually sending it. Entering your PIN on a collect request always sends money.
• Fake seller/buyer scam: You're selling something on OLX or Facebook Marketplace. The "buyer" sends a QR code or link asking you to "scan to receive payment". Scanning sends them money instead.
• Screen sharing scam: A caller claiming to be from your bank asks you to install AnyDesk or TeamViewer to "fix" your account. They then see your OTPs and banking details on your screen.
• Fake refund scam: Someone calls about a refund for an order and asks you to "verify" by entering your UPI PIN.

The one rule that prevents all UPI fraud:

An OTP (One Time Password) is the only thing standing between a scammer and your account. Once you share it, access is instant and irreversible.

Common OTP fraud scenarios in India:

• Caller claims to be from SBI/HDFC/Paytm and says your account will be blocked — "just share the OTP to verify"
• Someone who has your number pretends to be a friend in trouble and asks you to forward an OTP "accidentally sent" to you
• Fake government schemes (PM Awas, PM Kisan, etc.) promising money — "just share the OTP to claim"
• KYC update calls from "your bank" asking for OTP to "complete verification"

What to do if you've already shared an OTP:

1. Call your bank's fraud helpline immediately (number on the back of your card).
2. Ask them to freeze transactions on your account.
3. Call 1930 (Cyber Crime Helpline).
4. Change your banking app login password immediately.

DigiLocker is linked to your Aadhaar and holds official documents — driving licence, class 10/12 marksheets, PAN, vehicle RC, insurance. If someone gains access, they have copies of all your official identity documents.

How your DigiLocker can be accessed:

• Via your Aadhaar number + OTP — if they can receive your OTP (SIM swap or OTP sharing), they're in
• Via your mobile number if they control your SIM
• Via your username and password if you've reused a weak password

How to secure it:

• Set a strong, unique password on DigiLocker (digilocker.gov.in) — don't reuse a password from another site
• Enable 2-step verification if available
• Lock your Aadhaar biometric at uidai.gov.in to prevent authentication without your involvement
• Check your DigiLocker login activity under Account Settings → Activity Log

Morphing is when someone takes your real photo from social media and digitally manipulates it to create explicit or embarrassing images. Deepfakes use AI to create fake videos that look real. Both are used for extortion and revenge.

How it typically happens:

• Someone downloads your photos from Instagram, Facebook, or WhatsApp DP
• They use free or paid AI tools (widely available in Telegram groups) to morph/generate explicit images
• They contact you threatening to send these to your family, employer, or college unless you pay or comply

The critical truth about deepfakes:

What to do:

• Do not pay. Payment confirms you're a viable target and will bring more demands.
• Preserve evidence: Screenshot the threat, their profile, and any messages.
• Report to cybercrime.gov.in — this is covered under IT Act 66E and Section 67A.
• See our full Deepfake Defense Toolkit for detailed steps including how to detect, report, and recover.

Prevention:

• Set your Instagram and Facebook accounts to Private — this limits who can download your photos
• Don't post close-up face photos with your full name visible in comments/captions on public profiles
• Regularly audit who follows you and remove accounts you don't recognise

This is one of the fastest-growing scams in India. Callers impersonate police officers, CBI agents, TRAI officials, or even judges — threatening "digital arrest" for crimes you didn't commit.

How the scam works:

• You receive a video call or phone call from someone claiming to be from CBI, Customs, TRAI, or a police department
• They say a parcel in your name contained drugs, or your Aadhaar was used for fraud, or your phone number was used in a crime
• They threaten "digital arrest" — you must stay on the call and not tell anyone, while they "verify" your case
• They demand money to "settle the case" or for "bail"

What to do:

• Hang up immediately — don't try to reason or negotiate
• Call a real police station (100) to verify if there's any actual case against you
• Report the call to 1930 (Cyber Crime Helpline) and cybercrime.gov.in
• Tell family members — scammers count on keeping victims isolated and silent

India has a massive matrimonial platform industry — and fraudsters exploit it. Romance and matrimony scams often end in financial fraud, sextortion, or emotional abuse.

Warning signs on matrimonial/dating platforms:

• Profile seems too perfect — high salary, good-looking, "settled abroad", asks to move off the platform quickly
• Conversation escalates unusually fast — "I've never felt this way about anyone before" within days
• Cannot video call — always has an excuse (camera broken, not private, work travel)
• Gradually asks for money — medical emergency, visa fee, flight ticket to come meet you, customs clearance for a "gift" with gold/cash inside
• Encourages you to share intimate photos or messages early in the relationship

Red flags specific to Indian context:

• Claims to be an NRI (based in US/UK/Gulf) but is vague about details when asked
• Sends you "gifts" that require customs duty payment — this is always a scam
• Proposes marriage quickly and asks for money "to sort out visa/travel"

Truecaller shows a person's name even when they call from an unknown number. This is useful — but it also works in reverse: someone can look up your phone number and find out your name, and even approximate location.

What Truecaller exposes:

• Your name (as entered by contacts who have your number, or by yourself if you registered)
• Whether you use Truecaller (your activity status)
• Your "spam" or "fraudster" tag if incorrectly flagged by strangers

How to remove yourself from Truecaller:

1. Go to truecaller.com/unlisting on your phone browser.
2. Enter your phone number with country code (+91).
3. Select the reason and click "Unlist".
4. Verify with OTP sent to your number.

Delivery platforms (Swiggy, Zomato, Amazon, Blinkit) store your home address and phone number — and delivery personnel can see both. While most delivery workers are professional, there have been reported cases of stalking and harassment using this information.

Steps to reduce exposure:

• Use a virtual/alternate number: Apps like JioSaavn, Google Voice (or a secondary SIM) can provide a number specifically for delivery services.
• Use a nearby landmark as your address instead of your exact apartment number when possible.
• Opt for "Leave at door" or "Contactless delivery" so the delivery person doesn't need to interact with you directly.
• Report immediately: If a delivery worker contacts you outside the platform, report them through the app's safety reporting feature and call the platform's helpline.

If you've received unwanted contact from a delivery person:

• Screenshot any messages or calls and report to the platform
• File a police complaint — delivery services maintain records of which delivery person handled your order
• Call 181 (Women's Helpline) for support

Scammers use the same scripts over and over. If you can recognise the pattern, you can disengage immediately.

Sextortion script (example):

Fake copyright notice (example):

Telegram "paid group" scam:

Crypto blackmail: