Indian Bank Warns Users of Fake LPG Payment and KYC Update Scams

Indian Bank has issued an urgent cybersecurity advisory, warning its customers of a surge in fraudulent messages. Disguised as legitimate LPG payment and KYC update notifications, these scams aim to steal banking credentials and drain accounts.

Cybercriminals are exploiting growing public concern over LPG cylinder availability to circulate deceptive messages across SMS, WhatsApp, and other messaging platforms.

These messages impersonate official communications from major LPG providers such as Indane, Bharat Gas, and HP Gas, falsely warning recipients that their gas connection will be suspended unless they immediately update their KYC details or clear a pending payment.

The fraud follows a well-crafted social engineering playbook. Victims receive urgent-sounding alerts such as “Your LPG KYC is pending. Limited stock.

Click here to update and order, or “Immediate payment required to continue connection. Avoid LPG disconnection. Click on link” is designed to trigger panic and override rational judgment.

When users tap on the embedded link, they are redirected to convincing but fake websites that harvest their banking credentials, UPI PINs, and OTPs.

In more sophisticated variants of this attack, fraudsters send malicious APK files through WhatsApp, which, once installed, grant attackers covert access to the victim’s device, exposing stored banking applications, saved passwords, and sensitive personal data.

Some threat actors have also been reported to pose as bank officials via WhatsApp calls, directing users to click specific links under the guise of urgent account verification.

Indian authorities, including Delhi Police’s cybercrime units, have already received multiple complaints through the national cybercrime helpline 1930 related to these fraudulent LPG messages.

Scammers are running fake social media ads using the logos of reputable gas companies to funnel anxious consumers to bogus payment portals, where financial data is silently siphoned.

Security researchers have identified this as a classic event-driven phishing campaign leveraging fears of LPG scarcity to maximize victim conversion rates.

How to Stay Protected

Indian Bank’s advisory, amplified under its IndSmart and “Khabar Nahi, Khabardar Bano” awareness initiatives, urges customers to follow these essential safety practices:

• Never click on links received via SMS, WhatsApp, or social media claiming to be from LPG providers
• Never share OTPs, UPI PINs, Aadhaar numbers, or banking credentials with anyone
• Always verify delivery status or KYC requirements exclusively through official LPG provider apps or authorized helplines
• Do not install APK files received through messaging apps from unknown numbers
• Report suspicious messages immediately to the national cybercrime helpline 1930 or visit www.cybercrime.gov.in

No legitimate LPG provider or bank will ever request payment or personal verification through unsolicited links. When in doubt, call your gas agency directly using the official number printed on your last delivery receipt.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.