Three SMS scam types are draining Indian bank accounts in 2026. Fake delivery SMS (India Post phishing, with 470+ lookalike domains documented by Fortinet) cost a Hyderabad senior INR 23.26 lakh. Fake job and task SMS or WhatsApp messages drained an Ahmedabad man of INR 30.5 lakh and a Hyderabad engineer of INR 51 lakh. “Friend in trouble” SMS scams use fake credit-notification SMS to fool people into urgent transfers. The government’s defences are real and growing: Sanchar Saathi (5.19 lakh fraud reports logged in 2025, 16.97 lakh WhatsApp accounts disabled), Chakshu (39.43 lakh connections disconnected), TRAI’s August 2024 directive disconnecting unregistered bulk senders, and 1930 (24x7 I4C helpline). The defence: never click links in SMS, verify any urgent transfer request via a second channel, and report anything suspicious to Chakshu.
Who this is for
Anyone in India with a phone. SMS scams hit disproportionately at three audiences: senior citizens (the India Post and friend-emergency lures), young professionals seeking side income (the task-job lures), and busy parents and small business owners (the urgency-pressure lures). This guide covers all three sub-types in one place because the defences overlap: never trust a sender ID, never click an SMS link, verify by second channel before any payment.
Type A: Fake delivery SMS scams
The dominant variant in 2025-2026. Pattern documented across BOOM Live, Business Standard PIB Fact Check coverage, and Fortinet research.
How it works
- SMS claims a parcel is held at a warehouse, address is incomplete, or delivery failed. Sender ID looks like INDPOST, IPOSTIN, BlueDart, FedEx, or similar.
- Recipient clicks the embedded link (lookalike domain like indiaposttrack.in.com, india-post-courier.live).
- Page asks for “address update” form: full name, phone, address, payment for INR 80 to 200 redelivery fee.
- The card or UPI details entered are harvested. The redelivery fee is the smallest extraction; full account drain follows.
- Sometimes a follow-up call from a “courier supervisor” or “customs officer” extends the script.
Documented Indian cases
Hyderabad (West Marredpally), 2025. 75-year-old retired government employee. INR 23.26 lakh lost. SMS claimed an India Post parcel was awaiting redelivery. After clicking the link and entering details, the victim’s accounts were drained over multiple transactions (Business Standard / PIB Fact Check).
Goa, December 27, 2025. INR 85,238.47 lost. FIR registered after fake parcel reattempt SMS led to bulk-SMS phishing. Police arrested suspects in connected investigation (The420.in).
Domain infrastructure
Fortinet’s FortiGuard Labs documented 470+ India Post lookalike domains registered between January and July 2024. Of these, 296 were registered via Beijing Lanhai Jiye and 152 via Namesilo. The infrastructure is industrial, suggesting a single or small-cluster threat actor running mass campaigns (Fortinet research).
PIB Fact Check has issued repeated public advisories flagging India Post SMS lures as fake (September 2025, October 2025).
Type B: Fake job and task SMS / WhatsApp scams
The second-largest category by both case count and per-victim loss in 2024-2026.
How it works
- Unsolicited WhatsApp message or SMS offers part-time work-from-home: “Earn INR 2,000 to 5,000 per day. Just like videos / write reviews / rate hotels. No experience needed.” Sometimes carries IIM, IIT, or Tata logos.
- Victim is asked to join a Telegram channel or WhatsApp group for “tasks.”
- First few tasks pay small amounts (INR 100 to 500) which actually credit to the victim’s account, building trust.
- The “supervisor” then promotes the victim to “VIP tier” requiring a “task deposit” of INR 5,000 to 50,000 to unlock higher-paying tasks.
- Higher tiers demand progressively larger deposits. The deposits are never returned.
- When the victim refuses to deposit further, accounts are closed.
Documented Indian cases
Ahmedabad (Vastral). 38-year-old man. INR 30.5 lakh lost. Part-time job lure via WhatsApp, escalated to Telegram task scam (The420.in).
Hyderabad. Engineer. INR 51 lakh lost. High-profile Telegram task scam targeting professional (Hans India).
Lucknow. Woman, March 2025. INR 4.98 lakh lost. WhatsApp work-from-home advert (The420.in).
Bengaluru, March 2026. INR 25 crore racket. Jason D’Souza and Lavina arrested for running a fake government-job racket. Victims paid INR 10 to 25 lakh each for “guaranteed government postings” that did not exist (India TV).
Why this script keeps working
The first small payouts are real, which validates the operation in the victim’s mind. By the time the deposit ask arrives, the victim has been conditioned to expect returns. Telegram’s anonymity and end-to-end encryption shield the operators. Most accept UPI to mule accounts in mid-tier banks.
Type C: Friend in trouble and family-emergency SMS scams
The lowest per-incident loss but the highest emotional pressure script.
How it works
- Caller, often with an unfamiliar number, claims to be a family member or close friend whose money transfer is failing and needs to be routed through your account.
- Sometimes the call comes alongside fake SMS notifications appearing to confirm a credit (from a 10-digit number, not a registered branded sender ID).
- Pressure script: medical emergency, traffic accident, court bail, immediate need.
- Victim is asked to transfer the “incoming” money to another UPI or bank account.
Documented near-miss
Bengaluru, May 2024. Entrepreneur “Aditi”. Caller posed as a relative whose transfer was failing. Fake credit-notification SMS appeared during the call. Demand: INR 27,000 for a medical emergency. Aditi spotted the 10-digit sender ID (not a bank’s registered branded ID) and refused to transfer. No money lost (Business Today).
The “fake friend” pattern often combines with the AI voice cloning script (covered separately) to add audio realism.
The government infrastructure fighting these scams
India has built a meaningful response stack since 2023.
Sanchar Saathi (sancharsaathi.gov.in)
The Department of Telecom citizen portal. Functions:
- Report fraud calls, SMS, WhatsApp via Chakshu form
- Block lost/stolen phones (CEIR)
- Check mobile connections in your name (TAFCOP)
- Report incoming international spoofed calls
February 2026 statistics (Business Standard):
| Metric | 2025 |
|---|---|
| Fraud reports logged | 5.19 lakh |
| Fraud connections terminated | 3+ crore |
| Devices blocked (CEIR) | 3.19 lakh |
| WhatsApp accounts disabled (in coordination) | 16.97 lakh |
| Bulk SMS senders blacklisted | 20,000+ |
Chakshu (sancharsaathi.gov.in/sfc)
Dedicated reporting form for suspected fraud calls, SMS, and WhatsApp messages. OTP-verified submissions are investigated within 30 days. Cumulative impact:
| Metric | Cumulative |
|---|---|
| Connections disconnected on citizen inputs | 39.43 lakh |
| SMS templates blocked | 1.31 lakh |
TRAI regulations (TCCCPR 2018 + 2024-2025 amendments)
- All telemarketers must register on the DLT (Distributed Ledger Technology) blockchain
- Consent, headers, and content templates must be ledgered
- August 13, 2024 directive: unregistered bulk senders disconnected within 24 hours, blacklisted for 2 years, ledgered via DLT
- 2025 amendments (TRAI document): complaint window extended from 3 to 7 days; action threshold lowered to 5 complaints in 10 days for sender takedown
- Complaint shortcode: 1909
1930 + cybercrime.gov.in
24x7 helpline and complaint portal operated by I4C under MHA. Citizen Financial Cyber Fraud Reporting and Management System has saved INR 3,431+ crore across 9.94 lakh complaints per PIB release.
The legal framework
| Section | Law | What it covers |
|---|---|---|
| BNS 318 | BNS 2023 | Cheating (covers phishing) |
| BNS 319 | BNS 2023 | Cheating by personation (covers fake India Post / police impersonation) |
| BNS 308 | BNS 2023 | Extortion |
| BNS 351 | BNS 2023 | Criminal intimidation |
| BNS 336 | BNS 2023 | Forgery (covers morphed sender IDs and fake credit notifications) |
| IT Act 66C | IT Act 2000 | Identity theft |
| IT Act 66D | IT Act 2000 | Cheating by personation via computer (the cornerstone phishing section) |
5 red flags across all three SMS scam types
1. The SMS or WhatsApp comes with a link demanding urgent action
Real institutions (India Post, your bank, your courier) communicate via app notifications, registered branded sender IDs, and never demand urgent action via SMS link. Tap and hold to preview the URL before clicking.
2. The link domain is a near-lookalike of a real brand
indiaposttrack.in.com is not indiapost.gov.in. india-post-courier.live is not the real one. Verify the official domain via a separate browser search before clicking.
3. The job offer is unsolicited and pays absurdly well
INR 2,000 to 5,000 per day for clicking videos has no real economics. If you did not apply for the job, it is not real.
4. Any payment is demanded before you receive money
Every legitimate freelance or job platform pays the worker. Never the other way around. “Prepaid task” or “deposit to unlock” requests are the universal task-scam tell.
5. The sender ID is a 10-digit phone number, not a registered branded ID
Banks, India Post, and government departments use registered short branded IDs (VM-INDIAP, VM-HDFCBK, etc.). A 10-digit number sending you a “credit confirmation” is fake.
Three defences that work
Never click links in SMS
Banks, government, couriers, and your phone company communicate via app notifications. If they do send an SMS, it is informational. Any SMS that requires you to click a link to “fix” something is suspect.
Verify by second channel before any urgent transfer
Friend asks for money via WhatsApp or SMS? Call the friend on their saved number. Bank “fraud alert”? Call the number on your bank card, not the one in the SMS. Take 60 seconds to verify before transferring INR 30,000.
Report to Chakshu within 30 days
Every fraud SMS or call you ignore can be reported at sancharsaathi.gov.in/sfc. The 5-complaints-in-10-days threshold means your single report contributes directly to taking down a fraud sender ID for everyone.
What to do if you fell for it
- Stop entering data immediately. Close the page or hang up.
- Do not pay any “tax”, “redelivery fee”, or “deposit.”
- Call your bank’s fraud helpline if you entered card or UPI details. Block the card. Request reversal of any pending transactions.
- File at cybercrime.gov.in or call 1930. Provide all SMS screenshots, URL clicked, payment details, recipient account if visible.
- Report the sender ID and URL to Chakshu at sancharsaathi.gov.in/sfc.
- Tell your contacts if your account or phone may be used for follow-on attacks.
Got an SMS you do not trust? Send it to us, we verify free
If you got an SMS or WhatsApp asking for action and you are not sure, send it to us before clicking.
WhatsApp / Call: +91 99644 43350
Send a screenshot of the SMS, the sender ID, the URL if any, and the message asked of you. We help you verify whether it is genuine or part of a known scam pattern.
What we do (free):
- Decode the URL and check it against known scam-domain lists
- Cross-check the sender ID against TRAI’s DLT registry
- Walk you through the Chakshu reporting steps
- Tell you whether to engage further or block
What we do not do:
- Charge for the verification
- Ask for your card details, UPI PIN, or OTP
We also publish related guides: WhatsApp GhostPairing, AI voice cloning scams, sextortion first-hour playbook, fake loan apps.
Need help beyond verification?
If you need hands-on help with execution — beyond the free verification and knowledge sharing — that can be scoped as a paid engagement. Each situation is different, so we don’t pre-package what’s in scope: we’ll talk through what you’re dealing with (bank account drained, business hit by task-scam losses, contact list compromised) and tell you honestly whether we can help and what it would look like.
We also run related paid offerings:
- Corporate awareness for finance/HR teams on task-scam and CFO-impersonation defence
- Family awareness sessions for senior parents and college-age children
- Ongoing security consulting for AI-first and API-first SaaS startups
- Founder-led Security on Demand for INR 9,999, 4 hours, fully refundable if we cannot help
WhatsApp +91 99644 43350 or contact Cybersecify.
Save this number now
If a suspicious SMS arrives and you are about to click: WhatsApp +91 99644 43350. Save it now. During an active scam attempt, you will not have time to search.
For police: 1930 (24x7). To report sender IDs: Chakshu at sancharsaathi.gov.in/sfc.
Frequently asked questions
What are the three main SMS scam types in India in 2026?
Type A: Fake delivery SMS (India Post, BlueDart, FedEx-styled lures). The SMS claims a parcel is held and prompts you to click a phishing link, enter address, pay a small redelivery fee. Hyderabad senior lost INR 23.26 lakh to this in 2025. Fortinet documented 470+ India Post lookalike domains in early 2024. Type B: Fake job/task SMS or WhatsApp. Unsolicited offers of INR 2,000 to 5,000 per day for likes, reviews, or hotel ratings. Victim is moved to a Telegram task group, makes small refundable payouts, then is asked for larger ‘prepaid task’ deposits that are never returned. Ahmedabad man lost INR 30.5 lakh, Hyderabad engineer lost INR 51 lakh. Type C: ‘Friend in trouble’ or family-emergency SMS. Caller poses as a relative whose money transfer is being routed via you, sometimes with fake credit notification SMS as backup.
How is the government fighting SMS scams?
Three official tools. Sanchar Saathi (sancharsaathi.gov.in): citizens can report fraud calls and SMS, block lost or stolen phones (CEIR), check connections in their name (TAFCOP), and flag international spoofed calls. As of February 2026 the portal has logged 5.19 lakh fraud reports in 2025, terminated 3+ crore fraud connections, blocked 3.19 lakh devices, and disabled 16.97 lakh WhatsApp accounts. Chakshu (sancharsaathi.gov.in/sfc): the dedicated reporting form for suspected fraud calls, SMS, and WhatsApp messages. 39.43 lakh connections disconnected, 1.31 lakh SMS templates blocked. TRAI’s August 2024 directive disconnects unregistered bulk SMS senders within 24 hours. 1930 cybercrime helpline (24x7, I4C) and cybercrime.gov.in remain the post-fraud reporting channels.
Why does the SMS look like it is from a trusted sender?
Two reasons. First, sender ID spoofing is technically possible despite TRAI’s DLT (Distributed Ledger Technology) registration requirement (TCCCPR 2018, with August 2024 strengthening). Spoofers route through unregistered international gateways or use SMS gateway hacks. Second, scammers register near-look-alike sender IDs that pass quick eye-test (e.g. INDPOST instead of INDIAPOST). The genuine fix: never trust a sender ID. Always verify the underlying URL (tap and hold to preview before clicking) and never enter payment or personal data on a link from an SMS. If you suspect fraud, report to Chakshu within 30 days; TRAI’s 2025 amendment lowered the action threshold to 5 complaints in 10 days for sender takedown.
What should I do if I clicked the link before realising?
Five steps. One: do not enter any further data. Close the page immediately. Two: do not pay any ‘redelivery fee’ or ‘tax’ shown on the page. Three: if you entered card or UPI details, call your bank’s fraud helpline immediately to block the card and reverse any pending transactions. Four: file at cybercrime.gov.in or call 1930. Five: report the URL to Chakshu (sancharsaathi.gov.in/sfc) so the sender ID gets blocked. The first hour after the click is the highest-probability window for fraud reversal. The Citizen Financial Cyber Fraud Reporting and Management System has saved INR 3,431+ crore across 9.94 lakh complaints per PIB.
Are SMS task jobs real or always a scam?
Unsolicited offers of INR 2,000 to 5,000 per day for liking videos, writing reviews, or rating hotels are essentially always scams in 2026. The pattern: small initial payouts build trust, then ‘prepaid task’ deposits are demanded to unlock larger tiers. The deposits are never returned. Ahmedabad lost INR 30.5 lakh, Hyderabad INR 51 lakh, Lucknow INR 4.98 lakh, all reported in 2024-2025 (The420.in, Hans India). Real freelance work in India is paid through the contracting platform, never via Telegram task channels. If anyone asks you to make a payment to receive a higher-paying task, it is a scam.