RBI Digital Awareness Week: Here’s what you need to know about Social Engineering Scams

Content updated on March 12, 2026

Social engineering scams are complex deception techniques that fraudsters take on to manipulate innocents into divulging sensitive financial information. They do this, not by using force or malware, but by tricking individuals into willingly sharing their information.

Fraudsters create an urgency so that the victim does not have the liberty of time to evaluate the situation. They create fake emergencies by sending SMSs or emails saying, “Your account is blocked” or “Your subscription is expiring”. They want you to act fast without thinking.

This blog elaborates on everything you need to know about social engineering scams and how you can stay safe.

What is Social Engineering?

Social engineering is when fraudsters manipulate you into revealing your personal sensitive information or performing actions that compromise security. Fraudsters use psychological urgency such as fear, greed, empathy or fake customer support to force you into making a mistake. They impersonate trusted entities such as banks, government agencies, or even your own contacts to win your trust so that they can exploit you.

The most common types of social engineering scam tools include phishing where fraudsters use emails or text messages as a medium to extract information, vishing or voice phishing which involves phone calls to lure victims, and digital arrest where fraudsters impersonate law enforcement and place individuals under “digital arrest” until their demands are met.

How does Social Engineering work?

Here’s how a typical social engineering scam would pan out:

1. The fraudster calls you claiming to be a customer support representative from your bank looking to verify your account. They claim this is a mandatory step that needs to be completed on the call immediately, failing which you will not be able to access the savings in your account.
2. Once you are convinced, they ask you to share your debit card details including the card number, PIN and CVV.
3. The caller then asks you to provide the OTP to complete the supposed verification.
4. In actuality, as soon as you provide the OTP, the fraudster completes the last step of the fraud and empties your account.

Please remember: An actual customer care representative will never ask you to share your full Credit/Debit Card details or OTP. They will only contact you from authorized landline numbers and not from a mobile number. Emails that are not sent from the same official domain as your bank should be ignored.

How to stay safe from Social Engineering

• Never share OTPs, PINs or any other codes that you receive via SMS or other channels.  Also, it is critical to note that you enter your PIN only to send money, never to receive. If someone asks you to enter a PIN to receive a refund or cashback, it is a scam.
• Never share your Account Number or Credit and Debit Card details on a public platform. If you are posting a complaint on social media, don’t post your phone number or personal details as these are monitored by scammers.
• If you receive a call from an unknown number claiming to be from a bank and asking for your personal details, do not entertain the call, and disconnect it.
• In case of emails, check the domain of the sender. If it is [XYZ]@gmail.com or any generic domain, ignore the mail. All official bank communications come from secure domains.
• NEVER share your screen. No bank or service provider will ever ask you to install an app to share your screen or grant remote access.
• Before clicking “Approve” on any subscription mandate or auto-pay request, check the merchant name and the amount. If you didn’t initiate a subscription, reject it immediately.

Watch a video on transacting safely: https://youtu.be/rHZ57O9X8kk

Reporting on PhonePe:

• PhonePe App: Go to the Help section and raise a complaint.
• PhonePe Customer Care: Call 80-68727374 / 022-68727374.
• Social Media Reporting:
  • Twitter: PhonePe Support
  • Facebook: PhonePe Official
• Grievance Redressal: File a complaint at PhonePe Grievance Portal.

Reporting to Authorities:

• Cyber Crime Cell: File a complaint online at Cyber Crime Portal or call 1930.
• Department of Telecommunications (DOT): Report suspicious messages, calls, or WhatsApp /Telegram fraud via the Chakshu facility on Sanchar Saathi Portal.

Important reminder — PhonePe never asks for confidential or personal details. Ignore all mails claiming to be from PhonePe if they are not from the phonepe.com domain. If you suspect fraud, please contact the authorities immediately.