SMS says your Aadhaar will be deactivated unless you click a link
An SMS or WhatsApp message claims your Aadhaar will be deactivated, suspended, or unlinked from your bank unless you update KYC by clicking a link or installing an APK. The link harvests personal data and the APK is malware that reads OTPs.
Also known as: Aadhaar KYC phishing, PAN-Aadhaar link scam, bank KYC suspension SMS
Already happened to you? Do this in the next few minutes
Call 1930 now- 1 Call 1930 — the national cyber-crime helpline — right now. The sooner you report, the better the chance of freezing the money before it moves.
- 2 Call your bank to freeze the account and block the card immediately. Use the number printed on your card, never a number from the message or caller.
- 3 File a report at cybercrime.gov.in and keep every message, screenshot, and transaction ID.
- ! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
What to do right now
- 1 Do not click. Do not install any APK from an SMS or WhatsApp
- 2 If you want to verify KYC status, log in directly at uidai.gov.in or use your bank's official app
- 3 Aadhaar updates are free on the official UIDAI portal and cost a small fee at a Seva Kendra
- 4 If you installed a fake KYC app, uninstall it, then change your bank password and freeze your debit card
- 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
- 6 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).
Was remote-access software installed?
If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.
Run SeraphSecure to detect and remove it →Red flags
- ⚠ UIDAI never sends SMS or WhatsApp messages with links to update Aadhaar. Updates happen at uidai.gov.in or at an Aadhaar Seva Kendra
- ⚠ Banks never ask you to install an APK file to complete KYC
- ⚠ The link domain is not uidai.gov.in or your bank's official domain
- ⚠ Urgent language: 'within 24 hours' or 'account will be frozen'
Aadhaar phishing texts are sent in massive volume, often timed to coincide with real UIDAI announcements about KYC deadlines — which makes them feel plausible. UIDAI publishes the same advice on every alert: they will never SMS you a link to update Aadhaar.
If you installed a fake “bank KYC” or “Aadhaar update” APK: uninstall it immediately, then change your bank passwords (UPI PIN, mobile banking, debit card PIN) from a different device, and call your bank’s fraud line to flag your account.
Then report at cybercrime.gov.in and call 1930.
Known variants
-
Lookalike apps for SBI YONO, BHIM, mAadhaar, IRCTC, or EPFO uploaded to the Play Store under near-identical names harvest net-banking credentials and OTPs after installation. Google removes them within 24-72 hours; victims are reached during that window.
Last seen: 5/30/2026
-
AI 'blink video' deepfake bypasses Aadhaar liveness: gang changes victim's linked mobile using stolen data, uses Google Gemini to fake blink videos from photos, passes video-KYC, opens a bank account and takes loans without victim knowing. Interstate gang busted in Ahmedabad, May 2026.
Last seen: 5/30/2026
Sources
- UIDAI — Beware of fake Aadhaar update messages
- PIB Fact Check — Fake Aadhaar SMS
- RBI Sachet — KYC update fraud
- Business Standard — SBI YONO Aadhaar update scare: Govt flags fake APK scam
- The420.in — Aadhaar Under AI Attack: Deepfake-Video Loan Fraud Network Exposed in Gujarat
- Convergence Now — Ahmedabad AI Deepfake Aadhaar Fraud: Biometric Bypass Loan Scam