Indian banks like SBI, HDFC, ICICI, and Axis are among the most impersonated brands in SMS phishing ("smishing") attacks. Here's how to identify and avoid them.
How Phishing SMS Works
Scammers send bulk messages that look like official bank communications. These messages typically create urgency — "Your account will be blocked" or "KYC update required immediately" — and include a malicious link.
Red Flags to Watch For
1. Sender ID Mismatch
Genuine bank messages come from a registered sender ID (e.g., "SBI", "HDFCBK"). Phishing SMS often comes from random mobile numbers or slightly misspelled sender IDs.
2. Urgency and Threats
"Act within 24 hours or your account will be frozen." Banks never threaten account closure via SMS. This is a classic fear tactic.
3. Suspicious Links
Legitimate bank links use their official domain (e.g., sbi.co.in, hdfcbank.com). Phishing links use lookalike domains like "sbi-update.in" or "hdfc-kyc.com".
4. Requests for OTP or PIN
No bank will ever ask for your OTP, PIN, CVV, or password via SMS. If a message asks for these, it's 100% a scam.
5. Grammar and Spelling Errors
Official bank communications are professionally written. Poor grammar and spelling mistakes are a giveaway.
What to Do If You Receive a Phishing SMS
1. Do NOT click any links in the message
2. Do NOT reply with any personal information
3. Report the number to your bank and on the TRAI DND app
4. Forward the SMS to 1909 (TRAI complaint number)
5. Use Cyber Rakshak to scan the SMS and verify if it's a scam
Cyber Rakshak SMS Scanner
Cyber Rakshak's AI-powered SMS Scanner automatically analyzes incoming messages for phishing patterns, checks included links against our threat database, and assigns a risk score. Get instant alerts before you fall victim.
Don't let a fake SMS steal your savings. Scan with Cyber Rakshak.