Scam Awareness

Fake Delivery, Job, and Friend SMS Scams in India 2026

Three SMS scam types are draining Indian bank accounts in 2026. India Post phishing, fake task jobs, and fake friend emergencies. How to spot all three.

SS&AK
Sai Samarth & Ashok Kamat
Cybersecify
14 min read

Three SMS scam types are draining Indian bank accounts in 2026. Fake delivery SMS (India Post phishing, with 470+ lookalike domains documented by Fortinet) cost a Hyderabad senior INR 23.26 lakh. Fake job and task SMS or WhatsApp messages drained an Ahmedabad man of INR 30.5 lakh and a Hyderabad engineer of INR 51 lakh. “Friend in trouble” SMS scams use fake credit-notification SMS to fool people into urgent transfers. The government’s defences are real and growing: Sanchar Saathi (5.19 lakh fraud reports logged in 2025, 16.97 lakh WhatsApp accounts disabled), Chakshu (39.43 lakh connections disconnected), TRAI’s August 2024 directive disconnecting unregistered bulk senders, and 1930 (24x7 I4C helpline). The defence: never click links in SMS, verify any urgent transfer request via a second channel, and report anything suspicious to Chakshu.

Key findings

  • Three SMS scam clusters dominate India in 2026: Type A fake delivery (India Post lookalike, BlueDart, FedEx) with 470+ domains documented by Fortinet, Type B fake job and task (Telegram/WhatsApp lures with prepaid-task fraud), Type C friend-in-trouble with fake credit-notification SMS.
  • Per-victim losses are large: Hyderabad senior INR 23.26 lakh (India Post), Ahmedabad man INR 30.5 lakh (Telegram task), Hyderabad engineer INR 51 lakh (Telegram task), Lucknow woman INR 4.98 lakh (WhatsApp work-from-home), Bengaluru INR 25 crore racket (fake government job).
  • Government infrastructure is real and growing: Sanchar Saathi (5.19 lakh fraud reports logged in 2025, 16.97 lakh WhatsApp accounts disabled), Chakshu (39.43 lakh connections disconnected, 1.31 lakh SMS templates blocked), TRAI’s August 2024 directive disconnecting unregistered bulk senders within 24 hours, I4C 1930 helpline (saved over INR 3,431 crore across 9.94 lakh complaints per PIB).
  • Three defences cut individual exposure to near zero: never click links in SMS regardless of sender, verify by second channel before any urgent transfer, report suspicious sender IDs to Chakshu within 30 days.
  • Five sender-ID red flags: 10-digit personal number instead of branded DLT-registered sender ID, near-look-alike domain (indiaposttrack.in.com vs indiapost.gov.in), unsolicited offer paying absurdly well (INR 2-5K per day for clicks), any payment demanded before you receive money, broken English with no bill or order number context.
  • Speed of reporting drives recovery: RBI’s 2017 customer liability framework gives zero liability for third-party fraud reported within 3 working days, capped liability between 4 to 7 days, full loss beyond 7 days. The first hour after a click is the highest-probability fraud-reversal window.

Cybersecify is a Bengaluru-based cybersecurity firm. We run free verification on suspicious SMS, calls, and WhatsApp messages for individuals and small businesses: send a screenshot to +91 99644 43350 and we tell you whether the pattern matches a known scam, walk you through the Chakshu and cybercrime.gov.in reporting steps, and tell you whether to block, ignore, or escalate. For SaaS startups and small businesses whose customers receive impersonation messages spoofing the brand, the free OpenEASD external attack surface scanner checks for domain squatting, DNS misconfig, and email spoofing exposure that often precedes a customer-targeted SMS campaign.

Who this is for

Anyone in India with a phone. SMS scams hit disproportionately at three audiences: senior citizens (the India Post and friend-emergency lures), young professionals seeking side income (the task-job lures), and busy parents and small business owners (the urgency-pressure lures). This guide covers all three sub-types in one place because the defences overlap: never trust a sender ID, never click an SMS link, verify by second channel before any payment.

Type A: Fake delivery SMS scams

The dominant variant in 2025-2026. Pattern documented across BOOM Live, Business Standard PIB Fact Check coverage, and Fortinet research.

How it works

  1. SMS claims a parcel is held at a warehouse, address is incomplete, or delivery failed. Sender ID looks like INDPOST, IPOSTIN, BlueDart, FedEx, or similar.
  2. Recipient clicks the embedded link (lookalike domain like indiaposttrack.in.com, india-post-courier.live).
  3. Page asks for “address update” form: full name, phone, address, payment for INR 80 to 200 redelivery fee.
  4. The card or UPI details entered are harvested. The redelivery fee is the smallest extraction; full account drain follows.
  5. Sometimes a follow-up call from a “courier supervisor” or “customs officer” extends the script.

Documented Indian cases

Hyderabad (West Marredpally), 2025. 75-year-old retired government employee. INR 23.26 lakh lost. SMS claimed an India Post parcel was awaiting redelivery. After clicking the link and entering details, the victim’s accounts were drained over multiple transactions (Business Standard / PIB Fact Check).

Goa, December 27, 2025. INR 85,238.47 lost. FIR registered after fake parcel reattempt SMS led to bulk-SMS phishing. Police arrested suspects in a connected investigation across Goa and Odisha.

Domain infrastructure

Fortinet’s FortiGuard Labs documented 470+ India Post lookalike domains registered between January and July 2024. Of these, 296 were registered via Beijing Lanhai Jiye and 152 via Namesilo. The infrastructure is industrial, suggesting a single or small-cluster threat actor running mass campaigns (Fortinet research).

PIB Fact Check has issued repeated public advisories flagging India Post SMS lures as fake (September 2025, October 2025).

Type B: Fake job and task SMS / WhatsApp scams

The second-largest category by both case count and per-victim loss in 2024-2026.

How it works

  1. Unsolicited WhatsApp message or SMS offers part-time work-from-home: “Earn INR 2,000 to 5,000 per day. Just like videos / write reviews / rate hotels. No experience needed.” Sometimes carries IIM, IIT, or Tata logos.
  2. Victim is asked to join a Telegram channel or WhatsApp group for “tasks.”
  3. First few tasks pay small amounts (INR 100 to 500) which actually credit to the victim’s account, building trust.
  4. The “supervisor” then promotes the victim to “VIP tier” requiring a “task deposit” of INR 5,000 to 50,000 to unlock higher-paying tasks.
  5. Higher tiers demand progressively larger deposits. The deposits are never returned.
  6. When the victim refuses to deposit further, accounts are closed.

Documented Indian cases

Ahmedabad (Vastral). 38-year-old man. INR 30.5 lakh lost. Part-time job lure via WhatsApp, escalated to Telegram task scam (The420.in).

Hyderabad. Engineer. INR 51 lakh lost. High-profile Telegram task scam targeting professional (Hans India).

Lucknow. Woman, March 2025. INR 4.98 lakh lost. WhatsApp work-from-home advert (The420.in).

Bengaluru, March 2026. INR 25 crore racket. Jason D’Souza and Lavina arrested for running a fake government-job racket. Victims paid INR 10 to 25 lakh each for “guaranteed government postings” that did not exist (India TV).

Why this script keeps working

The first small payouts are real, which validates the operation in the victim’s mind. By the time the deposit ask arrives, the victim has been conditioned to expect returns. Telegram’s anonymity and end-to-end encryption shield the operators. Most accept UPI to mule accounts in mid-tier banks.

Type C: Friend in trouble and family-emergency SMS scams

The lowest per-incident loss but the highest emotional pressure script.

How it works

  1. Caller, often with an unfamiliar number, claims to be a family member or close friend whose money transfer is failing and needs to be routed through your account.
  2. Sometimes the call comes alongside fake SMS notifications appearing to confirm a credit (from a 10-digit number, not a registered branded sender ID).
  3. Pressure script: medical emergency, traffic accident, court bail, immediate need.
  4. Victim is asked to transfer the “incoming” money to another UPI or bank account.

Documented near-miss

Bengaluru, May 2024. Entrepreneur “Aditi”. Caller posed as a relative whose transfer was failing. Fake credit-notification SMS appeared during the call. Demand: INR 27,000 for a medical emergency. Aditi spotted the 10-digit sender ID (not a bank’s registered branded ID) and refused to transfer. No money lost (Business Today).

The “fake friend” pattern often combines with the AI voice cloning script (covered separately) to add audio realism.

The government infrastructure fighting these scams

India has built a meaningful response stack since 2023.

Sanchar Saathi (sancharsaathi.gov.in)

The Department of Telecom citizen portal. Functions:

  • Report fraud calls, SMS, WhatsApp via Chakshu form
  • Block lost/stolen phones (CEIR)
  • Check mobile connections in your name (TAFCOP)
  • Report incoming international spoofed calls

February 2026 statistics (Business Standard):

Metric2025
Fraud reports logged5.19 lakh
Fraud connections terminated3+ crore
Devices blocked (CEIR)3.19 lakh
WhatsApp accounts disabled (in coordination)16.97 lakh
Bulk SMS senders blacklisted20,000+

Chakshu (sancharsaathi.gov.in/sfc)

Dedicated reporting form for suspected fraud calls, SMS, and WhatsApp messages. OTP-verified submissions are investigated within 30 days. Cumulative impact:

MetricCumulative
Connections disconnected on citizen inputs39.43 lakh
SMS templates blocked1.31 lakh

TRAI regulations (TCCCPR 2018 + 2024-2025 amendments)

  • All telemarketers must register on the DLT (Distributed Ledger Technology) blockchain
  • Consent, headers, and content templates must be ledgered
  • August 13, 2024 directive: unregistered bulk senders disconnected within 24 hours, blacklisted for 2 years, ledgered via DLT
  • 2025 amendments (TRAI document): complaint window extended from 3 to 7 days; action threshold lowered to 5 complaints in 10 days for sender takedown
  • Complaint shortcode: 1909

1930 + cybercrime.gov.in

24x7 helpline and complaint portal operated by I4C under MHA. Citizen Financial Cyber Fraud Reporting and Management System has saved INR 3,431+ crore across 9.94 lakh complaints per PIB release.

SectionLawWhat it covers
BNS 318BNS 2023Cheating (covers phishing)
BNS 319BNS 2023Cheating by personation (covers fake India Post / police impersonation)
BNS 308BNS 2023Extortion
BNS 351BNS 2023Criminal intimidation
BNS 336BNS 2023Forgery (covers morphed sender IDs and fake credit notifications)
IT Act 66CIT Act 2000Identity theft
IT Act 66DIT Act 2000Cheating by personation via computer (the cornerstone phishing section)

5 red flags across all three SMS scam types

Real institutions (India Post, your bank, your courier) communicate via app notifications, registered branded sender IDs, and never demand urgent action via SMS link. Tap and hold to preview the URL before clicking.

indiaposttrack.in.com is not indiapost.gov.in. india-post-courier.live is not the real one. Verify the official domain via a separate browser search before clicking.

3. The job offer is unsolicited and pays absurdly well

INR 2,000 to 5,000 per day for clicking videos has no real economics. If you did not apply for the job, it is not real.

4. Any payment is demanded before you receive money

Every legitimate freelance or job platform pays the worker. Never the other way around. “Prepaid task” or “deposit to unlock” requests are the universal task-scam tell.

5. The sender ID is a 10-digit phone number, not a registered branded ID

Banks, India Post, and government departments use registered short branded IDs (VM-INDIAP, VM-HDFCBK, etc.). A 10-digit number sending you a “credit confirmation” is fake.

Three defences that work

Banks, government, couriers, and your phone company communicate via app notifications. If they do send an SMS, it is informational. Any SMS that requires you to click a link to “fix” something is suspect.

Verify by second channel before any urgent transfer

Friend asks for money via WhatsApp or SMS? Call the friend on their saved number. Bank “fraud alert”? Call the number on your bank card, not the one in the SMS. Take 60 seconds to verify before transferring INR 30,000.

Report to Chakshu within 30 days

Every fraud SMS or call you ignore can be reported at sancharsaathi.gov.in/sfc. The 5-complaints-in-10-days threshold means your single report contributes directly to taking down a fraud sender ID for everyone.

What to do if you fell for it

  1. Stop entering data immediately. Close the page or hang up.
  2. Do not pay any “tax”, “redelivery fee”, or “deposit.”
  3. Call your bank’s fraud helpline if you entered card or UPI details. Block the card. Request reversal of any pending transactions.
  4. File at cybercrime.gov.in or call 1930. Provide all SMS screenshots, URL clicked, payment details, recipient account if visible.
  5. Report the sender ID and URL to Chakshu at sancharsaathi.gov.in/sfc.
  6. Tell your contacts if your account or phone may be used for follow-on attacks.

Got an SMS you do not trust? Send it to us, we verify free

If you got an SMS or WhatsApp asking for action and you are not sure, send it to us before clicking.

WhatsApp / Call: +91 99644 43350

Send a screenshot of the SMS, the sender ID, the URL if any, and the message asked of you. We help you verify whether it is genuine or part of a known scam pattern.

What we do (free):

  • Decode the URL and check it against known scam-domain lists
  • Cross-check the sender ID against TRAI’s DLT registry
  • Walk you through the Chakshu reporting steps
  • Tell you whether to engage further or block

What we do not do:

  • Charge for the verification
  • Ask for your card details, UPI PIN, or OTP

We also publish related guides: WhatsApp GhostPairing, AI voice cloning scams, sextortion first-hour playbook, fake loan apps.

Need help beyond verification?

If you need hands-on help with execution (beyond the free verification and knowledge sharing), that can be scoped as a paid engagement. Each situation is different, so we don’t pre-package what’s in scope: we’ll talk through what you’re dealing with (bank account drained, business hit by task-scam losses, contact list compromised) and tell you honestly whether we can help and what it would look like.

We also run related paid offerings:

  • Corporate awareness for finance/HR teams on task-scam and CFO-impersonation defence
  • Family awareness sessions for senior parents and college-age children
  • Ongoing security consulting for AI-first and API-first SaaS startups
  • Free 30-min discovery call with the founders, we will tell you honestly whether we can help and what to do next

WhatsApp +91 99644 43350 or contact Cybersecify.

Save this number now

If a suspicious SMS arrives and you are about to click: WhatsApp +91 99644 43350. Save it now. During an active scam attempt, you will not have time to search.

For police: 1930 (24x7). To report sender IDs: Chakshu at sancharsaathi.gov.in/sfc.

Frequently asked questions

What are the three main SMS scam types in India in 2026?

Type A: Fake delivery SMS (India Post, BlueDart, FedEx-styled lures). The SMS claims a parcel is held and prompts you to click a phishing link, enter address, pay a small redelivery fee. Hyderabad senior lost INR 23.26 lakh to this in 2025. Fortinet documented 470+ India Post lookalike domains in early 2024. Type B: Fake job/task SMS or WhatsApp. Unsolicited offers of INR 2,000 to 5,000 per day for likes, reviews, or hotel ratings. Victim is moved to a Telegram task group, makes small refundable payouts, then is asked for larger ‘prepaid task’ deposits that are never returned. Ahmedabad man lost INR 30.5 lakh, Hyderabad engineer lost INR 51 lakh. Type C: ‘Friend in trouble’ or family-emergency SMS. Caller poses as a relative whose money transfer is being routed via you, sometimes with fake credit notification SMS as backup.

How is the government fighting SMS scams?

Three official tools. Sanchar Saathi (sancharsaathi.gov.in): citizens can report fraud calls and SMS, block lost or stolen phones (CEIR), check connections in their name (TAFCOP), and flag international spoofed calls. As of February 2026 the portal has logged 5.19 lakh fraud reports in 2025, terminated 3+ crore fraud connections, blocked 3.19 lakh devices, and disabled 16.97 lakh WhatsApp accounts. Chakshu (sancharsaathi.gov.in/sfc): the dedicated reporting form for suspected fraud calls, SMS, and WhatsApp messages. 39.43 lakh connections disconnected, 1.31 lakh SMS templates blocked. TRAI’s August 2024 directive disconnects unregistered bulk SMS senders within 24 hours. 1930 cybercrime helpline (24x7, I4C) and cybercrime.gov.in remain the post-fraud reporting channels.

Why does the SMS look like it is from a trusted sender?

Two reasons. First, sender ID spoofing is technically possible despite TRAI’s DLT (Distributed Ledger Technology) registration requirement (TCCCPR 2018, with August 2024 strengthening). Spoofers route through unregistered international gateways or use SMS gateway hacks. Second, scammers register near-look-alike sender IDs that pass quick eye-test (e.g. INDPOST instead of INDIAPOST). The genuine fix: never trust a sender ID. Always verify the underlying URL (tap and hold to preview before clicking) and never enter payment or personal data on a link from an SMS. If you suspect fraud, report to Chakshu within 30 days; TRAI’s 2025 amendment lowered the action threshold to 5 complaints in 10 days for sender takedown.

Five steps. One: do not enter any further data. Close the page immediately. Two: do not pay any ‘redelivery fee’ or ‘tax’ shown on the page. Three: if you entered card or UPI details, call your bank’s fraud helpline immediately to block the card and reverse any pending transactions. Four: file at cybercrime.gov.in or call 1930. Five: report the URL to Chakshu (sancharsaathi.gov.in/sfc) so the sender ID gets blocked. The first hour after the click is the highest-probability window for fraud reversal. The Citizen Financial Cyber Fraud Reporting and Management System has saved INR 3,431+ crore across 9.94 lakh complaints per PIB.

Are SMS task jobs real or always a scam?

Unsolicited offers of INR 2,000 to 5,000 per day for liking videos, writing reviews, or rating hotels are essentially always scams in 2026. The pattern: small initial payouts build trust, then ‘prepaid task’ deposits are demanded to unlock larger tiers. The deposits are never returned. Ahmedabad lost INR 30.5 lakh, Hyderabad INR 51 lakh, Lucknow INR 4.98 lakh, all reported in 2024-2025 (The420.in, Hans India). Real freelance work in India is paid through the contracting platform, never via Telegram task channels. If anyone asks you to make a payment to receive a higher-paying task, it is a scam.

Frequently Asked Questions

What are the three main SMS scam types in India in 2026?

Type A: Fake delivery SMS (India Post, BlueDart, FedEx-styled lures). The SMS claims a parcel is held and prompts you to click a phishing link, enter address, pay a small redelivery fee. Hyderabad senior lost INR 23.26 lakh to this in 2025. Fortinet documented 470+ India Post lookalike domains in early 2024. Type B: Fake job/task SMS or WhatsApp. Unsolicited offers of INR 2,000 to 5,000 per day for likes, reviews, or hotel ratings. Victim is moved to a Telegram task group, makes small refundable payouts, then is asked for larger 'prepaid task' deposits that are never returned. Ahmedabad man lost INR 30.5 lakh, Hyderabad engineer lost INR 51 lakh. Type C: 'Friend in trouble' or family-emergency SMS. Caller poses as a relative whose money transfer is being routed via you, sometimes with fake credit notification SMS as backup.

How is the government fighting SMS scams?

Three official tools. Sanchar Saathi (sancharsaathi.gov.in): citizens can report fraud calls and SMS, block lost or stolen phones (CEIR), check connections in their name (TAFCOP), and flag international spoofed calls. As of February 2026 the portal has logged 5.19 lakh fraud reports in 2025, terminated 3+ crore fraud connections, blocked 3.19 lakh devices, and disabled 16.97 lakh WhatsApp accounts. Chakshu (sancharsaathi.gov.in/sfc): the dedicated reporting form for suspected fraud calls, SMS, and WhatsApp messages. 39.43 lakh connections disconnected, 1.31 lakh SMS templates blocked. TRAI's August 2024 directive disconnects unregistered bulk SMS senders within 24 hours. 1930 cybercrime helpline (24x7, I4C) and cybercrime.gov.in remain the post-fraud reporting channels.

Why does the SMS look like it is from a trusted sender?

Two reasons. First, sender ID spoofing is technically possible despite TRAI's DLT (Distributed Ledger Technology) registration requirement (TCCCPR 2018, with August 2024 strengthening). Spoofers route through unregistered international gateways or use SMS gateway hacks. Second, scammers register near-look-alike sender IDs that pass quick eye-test (e.g. INDPOST instead of INDIAPOST). The genuine fix: never trust a sender ID. Always verify the underlying URL (tap and hold to preview before clicking) and never enter payment or personal data on a link from an SMS. If you suspect fraud, report to Chakshu within 30 days; TRAI's 2025 amendment lowered the action threshold to 5 complaints in 10 days for sender takedown.

What should I do if I clicked the link before realising?

Five steps. One: do not enter any further data. Close the page immediately. Two: do not pay any 'redelivery fee' or 'tax' shown on the page. Three: if you entered card or UPI details, call your bank's fraud helpline immediately to block the card and reverse any pending transactions. Four: file at cybercrime.gov.in or call 1930. Five: report the URL to Chakshu (sancharsaathi.gov.in/sfc) so the sender ID gets blocked. The first hour after the click is the highest-probability window for fraud reversal. The Citizen Financial Cyber Fraud Reporting and Management System has saved INR 3,431+ crore across 9.94 lakh complaints per PIB.

Are SMS task jobs real or always a scam?

Unsolicited offers of INR 2,000 to 5,000 per day for liking videos, writing reviews, or rating hotels are essentially always scams in 2026. The pattern: small initial payouts build trust, then 'prepaid task' deposits are demanded to unlock larger tiers. The deposits are never returned. Ahmedabad lost INR 30.5 lakh, Hyderabad INR 51 lakh, Lucknow INR 4.98 lakh, all reported in 2024-2025 (The420.in, Hans India). Real freelance work in India is paid through the contracting platform, never via Telegram task channels. If anyone asks you to make a payment to receive a higher-paying task, it is a scam.

What is the Chakshu reporting flow and how do I use it?

Chakshu (sancharsaathi.gov.in/sfc) is the citizen-facing reporting form for suspected fraud calls, SMS, and WhatsApp messages, hosted on the Department of Telecom Sanchar Saathi portal. Open the form, verify your number via OTP, upload a screenshot of the SMS or call log, enter the sender number or sender ID, the timestamp, the URL if present, and what the message asked of you. Submissions are investigated within 30 days; TRAI's 2025 amendment lowered the action threshold to 5 complaints in 10 days for sender takedown, so even a single citizen report contributes directly to blocking the number for everyone. Cumulative impact as of February 2026: 39.43 lakh connections disconnected on citizen inputs, 1.31 lakh SMS templates blocked. Chakshu is the right channel for pre-fraud reporting; 1930 plus cybercrime.gov.in is the right channel for post-fraud (money already moved) reporting.

How does TRAI's DLT registry actually work?

DLT stands for Distributed Ledger Technology. Under the Telecom Commercial Communications Customer Preference Regulations 2018 (TCCCPR), every telemarketer sending commercial SMS in India must register on the DLT blockchain, with consent records, sender ID headers (the alphabetic code like VM-HDFCBK that appears on your phone), and content templates all ledgered. Real banks, government departments, India Post, and registered businesses use these branded short IDs. A 10-digit personal mobile number sending you a 'bank credit confirmation' or 'India Post parcel notice' bypasses DLT entirely; it is by definition not from a registered sender. TRAI's August 2024 directive tightened enforcement: unregistered bulk senders are disconnected within 24 hours and blacklisted for 2 years. The framework is the reason scammers have shifted toward personal-number SMS and WhatsApp, both of which fall outside DLT registration.

How does sender ID spoofing technically work despite DLT?

Three routes. One, international SMS gateway routing: scammers send through unregistered gateways outside India that pass the message through to Indian operators without DLT validation, sometimes injecting a forged sender ID at the gateway layer. Two, look-alike branded sender IDs: scammers register near-look-alike DLT sender IDs (INDPOST instead of INDIAPOST, BSNLPAY instead of BSNL) that pass quick eye-test even though they are technically registered to a different entity. Three, infrastructure compromise: occasionally an SMS gateway provider has its credentials stolen, and the attacker sends through a legitimate registered route with a forged sender ID, harder to detect at the operator layer. The genuine consumer fix is the same regardless of route: never trust a sender ID. Always verify the underlying URL (tap and hold to preview before clicking) and never enter payment or personal data on a link from an SMS.

What RBI rules cover liability for SMS-phishing-driven fraud?

RBI's 2017 circular on customer protection in unauthorised electronic banking transactions sets graduated liability based on speed of reporting. Zero liability if the fraud is third-party-driven (covers most SMS phishing including India Post lures and bank impersonation) and reported within 3 working days. Capped liability between 4 and 7 working days, with caps varying by account type (typically INR 5,000 to INR 25,000 for savings, higher for current). Full liability beyond 7 working days. If the fraud is due to customer negligence (sharing OTP, PIN, password willingly), customer bears the loss until reported. The framework rewards fast reporting heavily: the 1930 call, the cybercrime.gov.in complaint, and a written complaint to the bank within 24 hours create the timestamped paper trail that supports eligibility for compensation.

How do I train senior parents to spot SMS scams?

Five conversation points work for most senior citizen households. One, the universal rule: never click links in unsolicited SMS, regardless of how official the sender looks. Two, the India Post specific tell: real India Post does not send same-day delivery threats with redelivery fee asks. Three, the bank credit tell: real bank credit alerts come from registered branded sender IDs (VM-HDFCBK, VM-ICICIB) not from 10-digit numbers. Four, the friend-emergency tell: any urgent money request should trigger a callback on the family member's known saved number, never the incoming number. Five, save 1930 and the Cybersecify verification WhatsApp +91 99644 43350 in their phone now so they have a number to call when they are unsure. Print these five points on a card and stick it near the landline or on the fridge.

Need help verifying a scam?

Free verification and knowledge sharing. WhatsApp +91 99644 43350 or email help@cybersecify.com. For active fraud in the last 24 hours, call the National Cybercrime Helpline 1930 first.

Share this article
SMS scamIndia Post scamtask scamSanchar SaathiChakshuscam awareness