Indian Bank Warns Users of Fake LPG Payment and KYC Update Scams to Steal Banking Info

Indian Bank has issued an urgent cybersecurity advisory warning its customers about a rapidly spreading wave of fraudulent LPG payment and KYC update messages that are being used to steal banking credentials and drain accounts.

Cybercriminals are exploiting growing public concern over LPG cylinder availability to circulate deceptive messages across SMS, WhatsApp, and other messaging platforms.

These messages impersonate official communications from major LPG providers such as Indane, Bharat Gas, and HP Gas, falsely warning recipients that their gas connection will be suspended unless they immediately update their KYC details or clear a pending payment.

The fraud follows a well-crafted social engineering playbook. Victims receive urgent-sounding alerts such as “Your LPG KYC is pending. Limited stock.

Click here to update and order, or “Immediate payment required to continue connection. Avoid LPG disconnection. Click on link” is designed to trigger panic and override rational judgment.

When users tap on the embedded link, they are redirected to convincing but fake websites that harvest their banking credentials, UPI PINs, and OTPs.

In more sophisticated variants of this attack, fraudsters send malicious APK files through WhatsApp, which, once installed, grant attackers covert access to the victim’s device, exposing stored banking applications, saved passwords, and sensitive personal data.

Some threat actors have also been reported to pose as bank officials via WhatsApp calls, directing users to click specific links under the guise of urgent account verification.

Indian authorities, including Delhi Police’s cybercrime units, have already received multiple complaints through the national cybercrime helpline 1930 related to these fraudulent LPG messages.

Scammers are running fake social media ads using the logos of reputable gas companies to funnel anxious consumers to bogus payment portals, where financial data is silently siphoned.

Security researchers have identified this as a classic event-driven phishing campaign leveraging fears of LPG scarcity to maximize victim conversion rates.

How to Stay Protected

Indian Bank’s advisory, amplified under its IndSmart and “Khabar Nahi, Khabardar Bano” awareness initiatives, urges customers to follow these essential safety practices:

• Never click on links received via SMS, WhatsApp, or social media claiming to be from LPG providers
• Never share OTPs, UPI PINs, Aadhaar numbers, or banking credentials with anyone
• Always verify delivery status or KYC requirements exclusively through official LPG provider apps or authorized helplines
• Do not install APK files received through messaging apps from unknown numbers
• Report suspicious messages immediately to the national cybercrime helpline 1930 or visit www.cybercrime.gov.in

No legitimate LPG provider or bank will ever request payment or personal verification through unsolicited links. When in doubt, call your gas agency directly using the official number printed on your last delivery receipt.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.