Cyber Fraud Prevention Tips for Indians
India reported ₹22,845 crore in cyber fraud losses in 2024. Almost every case followed a pattern that — with the right knowledge — could have been stopped in under 30 seconds. These are the habits, checks, and responses that keep you safe.
Most Scams Are Preventable.
Here's the Honest Truth.
Cyber fraud doesn't target "unintelligent" people. It targets anyone who's busy, stressed, in a hurry, or simply doesn't know the specific trick being used. A senior doctor fell for a fake CBI call. An IIT engineer lost ₹6 lakh to a fake stock trading group. A homemaker was scammed via a morphed photo from a fake loan app she downloaded from Google Play.
The patterns are learnable. Once you know what a 'collect money request' disguised as a payment looks like, you will never fall for it. Once you understand that no government official calls to arrest you, digital arrest scams lose all power. Knowledge is the only defence that scales.
This guide doesn't patronise you with vague advice like "be careful online." It gives you specific, testable checks for the exact scams that are currently targeting people in India right now.
94%
Scams are preventable with prior knowledge
30 sec
Time needed to verify a suspicious link
78%
Job & investment scams start on WhatsApp
1 report
On RakshaAI can protect 1,000+ people
UPI & Payment Safety
UPI fraud is India's most common cyber crime category. The tricks are not complicated — they rely entirely on the victim not knowing one specific fact about how UPI works. These eight rules eliminate the most common attack vectors.
Always verify the recipient's name on the confirmation screen before entering your UPI PIN. The name shown is what your bank has registered — if it says 'Unknown' or is blank, stop.
Never enter your UPI PIN to receive money. A PIN is only needed to send. Any screen asking for PIN to 'accept' a payment is a scam interface — close it immediately.
Enable transaction limits on your UPI app. Most apps (GPay, PhonePe, Paytm) let you set a per-transaction and daily cap — keep it lower than your total balance.
Never share UPI QR codes via WhatsApp or SMS to 'receive' payment. QR codes send money, they don't receive it. Scammers generate QR codes that deduct money when scanned.
Enable UPI transaction notifications via SMS — not just in-app. If your phone is stolen or your account is compromised, SMS alerts to your registered mobile arrive independently of the app.
Never accept 'screen sharing' requests from anyone claiming to help you with a UPI issue. Remote access apps like AnyDesk and TeamViewer give full control of your payment apps.
If you've sent money to a wrong number or a scammer — call your bank's 24-hour helpline immediately and call 1930. The faster you report, the higher the chance of reversal.
Never re-enter your PIN after getting a 'transaction failed' message before confirming via your bank statement. Duplicate PIN entry is a common technique to trigger double deductions.
The single most important UPI rule: Your PIN is only needed to send money. If any screen asks for your PIN to receive, accept, or claim money — it is a scam, no exceptions.
Phone & Call Scam Prevention
Phone scams succeed because voices feel human and authoritative. A calm, confident caller claiming to be CBI or TRAI creates panic — and panic bypasses rational thinking. Understanding what authorities actually do (and never do) over the phone is the antidote.
Block + Report — don't just disconnect
When you receive a suspicious call, disconnect and immediately block the number. Then report it on Sanchar Saathi (sancharsaathi.gov.in) or directly through RakshaAI. Your report may save someone else.
Verify 'government officials' independently
Police, CBI, ED, TRAI, and courts do not call to arrest you over the phone. If someone claims to be an official, hang up and call that department's official number (found on the government website). Real authorities send physical notices.
Never read out OTPs on a call
No bank, telecom, or government agency will ask you to share an OTP verbally. OTPs sent to your phone are the last line of security — sharing them hands control of your account to whoever you tell.
Be cautious with 'missed call' callbacks
Premium-rate numbers and international numbers beginning with +92 (Pakistan), +1 (US), or unusual country codes can charge ₹100–₹300 per minute when called back. Do not return calls from unknown international numbers.
Ignore 'your SIM will be deactivated' calls
TRAI does not call individuals about SIM deactivation. These calls collect your Aadhaar and account numbers to facilitate SIM swap fraud — where your mobile number is ported to a new SIM under the fraudster's control.
Trust caller ID sparingly
Caller ID can be spoofed — scammers regularly call from numbers that appear to be your bank's real helpline. If a call from 'your bank' asks for your card number or CVV, hang up and call your bank's official number from the back of your card.
Phishing & Fake Link Prevention
Phishing is designed to look exactly like the real thing — same logo, same colours, same language. The one thing it can't perfectly replicate is the actual domain name. Learning to check the URL is the single most effective phishing prevention skill.
Pause before you click
Phishing works by creating urgency — 'Your account will be blocked in 2 hours', 'Your KYC expires today', 'Package could not be delivered'. The urgency is manufactured. Take 30 seconds before clicking any link in an SMS, WhatsApp message, or email.
Check the actual URL — not just how it looks
Tap and hold any link on mobile to preview the full URL before opening. Fake URLs use tricks like 'sbi-online-login.com', 'hdfc-bank-update.in', or 'amazon-india.support' — they look plausible but are not the real domain. The real SBI internet banking domain is onlinesbi.sbi.
Look for HTTPS — but don't rely on it alone
HTTPS means the connection is encrypted, not that the site is legitimate. Thousands of phishing sites use HTTPS. Always verify the exact domain name, not just the padlock icon.
Use RakshaAI to check suspicious links
Before entering any credentials on an unfamiliar site, run the URL through RakshaAI's Website Safety Checker. Our AI cross-references domains against known phishing databases and analyses structural red flags in seconds.
Report phishing SMS to 1909
India's National Cyber Crime Reporting Portal accepts reports of phishing SMS and calls at 1909. Reporting doesn't just document your case — DoT uses these reports to block numbers and take down phishing portals faster.
App & Device Safety
Your phone is the most powerful financial instrument you own. Most Indians now manage banking, investments, payments, and identity documents entirely on a single device. Protecting that device protects everything.
Download apps only from official stores
Install apps exclusively from Google Play Store or Apple App Store. Avoid APK files shared via WhatsApp, Telegram, or links in SMS — these bypass security scanning entirely and frequently contain spyware.
Review permissions before granting them
When an app requests access to Contacts, Camera, Microphone, SMS, or Location — ask why. A flashlight app doesn't need your contacts. A calculator doesn't need your location. Deny permissions that don't match the app's stated function.
Keep your OS and apps updated
Most phone exploits target known vulnerabilities in older software versions. Security patches are released specifically to close these gaps. Enable automatic updates for your operating system and critical apps.
Use a screen lock — always
Set a PIN, pattern, fingerprint, or face unlock on your phone. A lost or stolen unlocked phone gives immediate access to your UPI apps, banking apps, email — essentially your entire financial life.
Avoid public Wi-Fi for financial transactions
Open Wi-Fi networks in cafes, airports, and hotels can be monitored or spoofed. Never log into banking or payment apps on public Wi-Fi. If you must, use a trusted VPN. Your mobile data connection is significantly safer.
Enable 'Find My Device' and remote wipe
Both Android and iOS allow you to remotely locate, lock, and wipe your device if lost. Set this up now — it takes 2 minutes. A wiped device loses your data; an unwiped stolen phone loses your money.
Safe Online Shopping
Fake online stores, social media sellers, and counterfeit product sites cost Indians thousands of crores annually. The gap between a real product page and a convincing fake has narrowed significantly — these six rules close it again.
Buy only from established platforms — Amazon, Flipkart, Myntra, Nykaa. If you're trying a new seller, check their rating, number of reviews, and how long they've been active on the platform.
Never complete a purchase via WhatsApp, Instagram DM, or Telegram. Social commerce scams collect payment, send nothing, and block you. Always use platform checkout with buyer protection.
Pay via UPI or card — not bank transfer. UPI and card payments have dispute and chargeback mechanisms. Direct bank transfers to a seller's personal account have no protection.
Avoid websites with prices that seem too good to be true — ₹500 iPhones, branded shoes at 90% off. These are either counterfeit goods or payment-collection fronts that ship nothing.
Check the website's domain age before buying. A site selling 'official government emergency kits' or 'limited release products' registered 2 months ago is a red flag. Use RakshaAI's Website Safety Checker.
Never click 'payment links' sent by sellers outside the official app or website. These redirect to fake payment pages designed to harvest your card details.
Passwords & Account Security
Most people know passwords should be strong and unique but don't implement it because it feels inconvenient. Here's the practical approach that protects you without requiring you to memorise 40 different passwords.
Use a unique password for every financial account
If you use the same password everywhere and one site is breached, every account is compromised. At minimum, use unique passwords for your banking, UPI, and email accounts. A password manager (Google Password Manager, Bitwarden) makes this manageable.
Enable two-factor authentication (2FA) everywhere possible
2FA means even if someone gets your password, they can't log in without a second verification — an OTP to your registered mobile or an authenticator app code. Enable this for email, banking, and all social media accounts.
Check if your email has been compromised
Visit haveibeenpwned.com and enter your email address. This free service tells you if your email appeared in any known data breach. If it has, change your password for that email and any account using the same password immediately.
Never save passwords in browsers on shared devices
Family computers, cyber cafes, or a colleague's laptop are not safe places to save passwords. Always log out completely and decline 'remember password' prompts on any device that isn't yours alone.
Change critical passwords every 6 months
Set a calendar reminder to change your banking, email, and UPI PINs twice a year. This limits the window of exposure if a breach you're not aware of has already occurred.
If You've Been Scammed — Do This Right Now
The first 30–60 minutes after discovering a scam are the difference between partial recovery and total loss. Shame or embarrassment slows people down at exactly the moment speed matters most. Act first — process later.
Call 1930 immediately
DO FIRSTIndia's Cyber Crime Financial Helpline (1930) can attempt to freeze the destination account if you report within 30–60 minutes of a fraudulent transfer. Have your UPI transaction ID or bank reference number ready. This is the single most time-sensitive action.
Block your card / freeze your account
DO FIRSTCall your bank's 24-hour helpline (number on the back of your debit card or on their official website) and ask them to flag or temporarily block your account. This prevents further unauthorised transactions while you report.
File a complaint at cybercrime.gov.in
Submit a detailed complaint with all evidence: transaction IDs, contact details of the scammer, screenshots of all conversations, website URLs, and any offer letter or document received. A complaint number is issued immediately for police follow-up.
Secure all your accounts
Change passwords for email, banking, and UPI apps immediately — especially if you shared any credentials or OTPs. Revoke app permissions for any suspicious app you installed. Check your email account's 'connected apps' and remove anything unrecognised.
File an FIR at your nearest police station
Beyond the online complaint, file an FIR at your local police station — especially for significant amounts. Bring your complaint number from cybercrime.gov.in, printed screenshots, and bank statements. The FIR creates an official record needed for insurance claims and bank dispute processes.
Report to RakshaAI to warn others
Share the scammer's phone number, website, or UPI ID on RakshaAI. Your report becomes part of our database — the next person who checks that number or link will see your warning before they lose money. One report can protect thousands.
The 10-Second Safety Checklist
Run this before any payment, download, or credential entry
If any answer is "yes" — pause. Do not proceed until you've verified independently.
Feeling rushed = a deliberate psychological technique. The pressure is artificial. Slow down.
Got a Suspicious Message or Number?
Check It for Free.
Use RakshaAI to check a phone number, website, or UPI ID before you interact with it. Our AI is trained on India-specific fraud patterns and checks in seconds. Completely free, no sign-up needed.
🇮🇳 Protecting 2M+ Indians from cyber fraud · 100% Free · No registration required
Social Media Safety
Social media is where most romance scams, investment scams, and fake job offers begin. The information you share publicly also reduces friction for identity theft. Four questions to ask yourself about your current social media presence:
How much personal information is visible on your profile?
Check your Facebook, Instagram, and LinkedIn privacy settings right now. Your phone number, date of birth, home city, workplace, and relationship status give scammers enough to craft a convincing, personalised fraud attempt. Make personal details visible only to friends or connections.
Is your profile photo being used without your knowledge?
Periodically do a reverse image search of your profile photo (Google Lens or TinEye). Romance scammers and identity fraudsters regularly steal profile photos from Indian social media users to create fake profiles. If your photo appears on unknown accounts, report it immediately to the platform.
Are you receiving unsolicited investment advice on social media?
Any 'exclusive investment group', WhatsApp or Telegram channel promising high guaranteed returns, or unknown person offering investment tips on Instagram or Facebook is almost certainly a scam. SEBI-registered advisors do not solicit clients via social media DMs.
Is someone you met online asking for money or gift cards?
Once an online relationship — romantic or otherwise — reaches the point of a money request, it's a near-certain scam. Genuine people you've never met don't have financial emergencies that only you can solve. The money will not be returned.