WhatsApp Scams in India 2026: 14 Patterns From FedEx Parcel to Trading Groups

Every Indian household with a smartphone is now in the crosshairs. Fraudsters have moved off SMS onto WhatsApp because it is encrypted, profile pictures are cheap to fake, and the average user trusts a green tick. Once you have seen each pattern named, you stop falling for it.

Why WhatsApp is the dominant fraud channel in India

WhatsApp crossed 535 million Indian users in 2025. The end-to-end encryption that protects private chats also blocks telcos and CERT-In from filtering fraud at the network layer the way they can with SMS. A fraudster in Cambodia can rotate through virtual SIMs, paste a stolen CBI officer DP, and reach a hundred targets an hour. Most victims do not know the long-press “Report” option exists.

The 14 active patterns

1. FedEx / DHL parcel-with-drugs scam

A call claims a parcel in your name was intercepted at Mumbai or Delhi customs containing MDMA, fake passports or laundered cash. It is then “transferred” to a fake Crime Branch or Narcotics officer who threatens arrest unless you cooperate with a “verification” transfer.

Tell: real customs and police never video-call on WhatsApp or ask you to transfer money to verify a bank account.

Action: cut the call, do not call back, report on 1930.

2. Digital arrest scam (CBI / ED video call)

Fraudsters in fake uniforms keep the victim on a WhatsApp video call for hours, insisting they cannot leave the camera or contact family. Money is extracted in stages as “refundable security deposits”.

Tell: there is no such thing as digital arrest under Indian law. “Police hai” over WhatsApp video is a dead giveaway.

Action: hang up, walk into the nearest police station if scared, call 1930.

3. Stock trading WhatsApp / Telegram group

You get added to a group named after a real brokerage or fund manager — Zerodha VIP, Motilal Oswal Circle, Rakesh Jhunjhunwala Memorial. “Assistants” post screenshots of daily profits and push you to a trading app where deposits grow on screen but withdrawals never settle.

Tell: SEBI-registered advisors do not run unsolicited WhatsApp groups, install APKs or use non-Indian bank accounts.

Action: exit the group, report it inside WhatsApp, verify any advisor on the SEBI Intermediaries portal.

4. Fake job offer with registration fee

A recruiter from “Amazon HR” or a Gulf placement agency offers a remote or overseas job and asks for a refundable registration or background-verification fee through UPI.

Tell: no legitimate employer in India charges the candidate. Offer letters from a gmail.com address are fake.

Action: do not pay; verify the recruiter on the company’s official careers page.

5. Power / electricity disconnection scam

A message claims your electricity will be disconnected tonight because last month’s bill was not updated, and asks you to call a number or install a “bill update” app — actually a screen-sharing remote access tool.

Tell: BSES, Tata Power, MSEDCL and Adani Electricity never send disconnection notices over WhatsApp.

Action: delete the message; check your bill only on the official discom app.

6. Wedding invite APK malware

A file named Wedding_Invite.apk or Invitation.pdf.apk arrives from an unknown number. Opening it installs a banking trojan that reads SMS OTPs and drains UPI-linked accounts.

Tell: no real wedding invite is an Android installer. The .pdf.apk extension is the entire scam.

Action: delete; never enable “Install from unknown sources”; scan if you tapped.

7. WhatsApp account hijack via OTP

A “friend” says they accidentally sent an OTP to your number and asks you to forward it. The OTP is actually WhatsApp’s re-registration code — sharing it hands over your account.

Tell: any six-digit code arriving unrequested is never to be forwarded.

Action: enable Two-Step Verification with a six-digit PIN under Settings, Account.

8. Crypto / forex investment via shared app

A stranger posing as a young woman on a dating app or a senior trader on LinkedIn slowly builds trust and then introduces a “family” crypto or forex platform. Small withdrawals work; large ones never do.

Tell: anyone showing portfolio screenshots unprompted is selling you something.

Action: invest only via Indian exchanges with FIU-IND registration; never through a chat link.

9. Fake KYC update impersonating bank

A message warns that your SBI, HDFC or PayTM KYC will expire today and links to a clone of the bank login page. Credentials and OTP are forwarded to the fraudster in real time.

Tell: real banks address you by name, not “Dear Customer”, and KYC is never updated through a WhatsApp link.

Action: open the bank app yourself; do not tap any KYC link.

10. Romance scam and sextortion

A stranger moves quickly to video calls, then either asks for emergency money or records the call and threatens to send it to your family unless you pay.

Tell: someone you have never met asking for money — or a video call within the first hour — is a script, not a person.

Action: do not pay; the threats rarely materialise. Report on cybercrime.gov.in.

11. Fake Aadhaar update message

A forward claims your Aadhaar will be suspended unless you click a link and update it. The link harvests Aadhaar, OTP and PAN, sold for SIM-swap and loan fraud.

Tell: UIDAI does not suspend Aadhaar numbers and does not communicate over WhatsApp.

Action: update only on myaadhaar.uidai.gov.in or at a Seva Kendra.

12. UPI “by mistake, please refund”

A small amount arrives followed by a frantic message: “Sir, sent by mistake, please refund”. Tapping the refund link signs a collect request for a much larger amount.

Tell: real UPI refunds happen through the original transaction, never through a new “Approve” prompt.

Action: ignore; tell the sender to raise a reversal through their bank.

13. Charity and disaster relief forwards

After every flood or terror incident, forwards circulate with a PM CARES-lookalike QR or a private bank account asking for donations.

Tell: government relief funds publish accounts only on gov.in domains, never as a forward.

Action: donate only through pmcares.gov.in or via an NGO verified on Darpan.

14. AI voice-cloning scam

A call from an unknown number sounds exactly like your son or nephew, sobbing they have been arrested or hospitalised and need money. Thirty seconds of any public Instagram reel is enough audio to clone a voice.

Tell: a real emergency call would come from the family member’s saved number and survive a pre-agreed code-word.

Action: hang up and call them directly on their normal number first.

The structural giveaways across all WhatsApp scams

• Manufactured urgency — “within thirty minutes” or “account blocked tonight”.
• The number is +91 (or +92, +84, +254) but not in your contacts, and the profile photo was set within the last few days.
• You were added to a group without being asked, especially one with hundreds of muted members.
• Any request to install an APK, tap a shortened link, or scan a QR to “receive” money.
• Any six-digit code, OTP, CVV or UPI PIN asked verbally or in chat.
• Emotional escalation — fear, then authority, then a way out that involves paying.
• Grammar that is mostly fine but with one or two stiff phrases (“kindly do the needful”).
• Payment routed to a personal UPI handle, a non-Indian bank, or a crypto wallet.
• Use of “CBI”, “ED”, “customs” or “narcotics” within the first two minutes of contact.

WhatsApp’s own safety features (use these)

• Two-Step Verification: Settings, Account — set a six-digit PIN and a recovery email. Without this anyone who steals your OTP takes your account.
• Block and Report: open the chat, tap the name, scroll down and tap Report — blocks and reports the last five messages in one step.
• Group Privacy: Settings, Privacy, Groups — change “Who can add me” to “My contacts except”.
• Treat shortened links as hostile: bit.ly, tinyurl, cutt.ly should never be tapped from an unknown sender.
• Last seen and profile photo: restrict to “My contacts” so scrapers cannot harvest your photo for impersonation.
• End-to-end encrypted backup: set a backup PIN under Settings, Chats, Chat backup.
• Protect IP in calls: Settings, Privacy, Advanced — masks your IP from strangers calling you.
• Silence unknown callers: Settings, Privacy, Calls — auto-silences calls from numbers not in contacts.

If you have already paid or shared OTP

1. Call your bank’s 24×7 fraud helpline immediately — dispute the transaction and freeze the account. The first sixty minutes are critical.
2. Dial 1930, the national cybercrime helpline, which can initiate a hold on the receiving account through I4C if the money is still there.
3. File a formal complaint on cybercrime.gov.in within twenty-four hours; keep the acknowledgement number.
4. Preserve every chat, screenshot, transaction reference, UPI ID and phone number — do not delete anything.
5. Reset passwords on every account that shares your phone number (email, banking, UPI, gov portals) and revoke active sessions.
6. If WhatsApp itself was hijacked, email [email protected] with subject “Lost / Stolen: Please deactivate my account” and your number in international format.

For parents and elders (the most-targeted group)

Indians above 55 lose the highest average amounts per WhatsApp scam because the patterns above are unfamiliar and the threats feel real. Spending an evening with a parent walking through these screens is the highest-ROI security activity you can do this year.

• Agree on a family code-word — one ordinary word — that any real emergency call must contain. AI voice clones do not know it.
• Lower the daily UPI limit to ₹10,000 or ₹25,000 in the app settings.
• Enable biometric or PIN lock on the banking app, separate from the phone unlock.
• Disable “Install from unknown sources” in Android settings.
• Save 1930 and a trusted family member as favourites in the dialer.
• Stick the line “No real officer arrests anyone over WhatsApp” next to the phone charging point.

Help your community

Every scam message you receive is intelligence. Forward the screenshot and number to the DoT Chakshu portal at sancharsaathi.gov.in/sfc — the data feeds into the disconnection pipeline for fraudulent SIMs. File on cybercrime.gov.in even for attempts that failed. And resist the urge to forward warning messages in the original scam format into family or society groups — those forwards themselves get weaponised. Send the link to a trusted source instead.

Related reading

• How to report cybercrime in India: 1930, NCRP and what actually happens next
• DPDP Act 2023: what it means for individuals and organisations
• India cybersecurity compliance landscape — SEBI, RBI, CERT-In and DPDP
• CERT-In incident reporting directions: the six-hour rule explained