📱Test our Android app — free beta!Join Beta GroupYou'll receive the install link by email after joining.

Differences

This shows you the differences between two versions of the page.


fake-aadhaar-update-website-fraud [2026/07/10 23:16] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Fake Aadhaar Update Website Fraud — UIDAI Verification & Recovery (2026) ======
  
 +{{htmlmetatags>metatag-description=(Clicked a "Aadhaar update before deadline" link or shared OTP? Verify only on uidai.gov.in, lock biometric, file at 1947 / cybercrime.gov.in — 2026 playbook.)}}
 +{{htmlmetatags>metatag-keywords=(fake Aadhaar update website, UIDAI scam recovery, Aadhaar OTP fraud, biometric lock UIDAI, Aadhaar update deadline scam, AePS fraud)}}
 +
 +"Update your Aadhaar online before 14-Jun deadline or your account will be deactivated" — these phrases, with a near-identical UIDAI logo and a near-real domain (``aadhaar-update.in``, ``uidai-update.online``), are the spine of one of India's largest identity-fraud pipelines. This page tells you exactly how to recognise the fake site, how to lock your biometric the moment you've shared anything, and how to recover under RBI / UIDAI rules.
 +
 +> **Citizen Crisis Response Network — domain rule**\\ The **only** official UIDAI domain is **uidai.gov.in** (and the mAadhaar app). Anything else — ``.in``, ``.online``, ``.co``, ``.help`` — is a fake.
 +
 +===== Direct answer (featured snippet) =====
 +
 +If you suspect a fake Aadhaar-update site or have already shared OTP / biometric / mobile number: (1) immediately **lock your biometrics** at [[https://uidai.gov.in|uidai.gov.in]] → My Aadhaar → Biometric Lock, (2) call **1947** (UIDAI helpline), (3) file at [[https://cybercrime.gov.in|cybercrime.gov.in]] / **1930** if money has moved via AePS, (4) check the **TAFCOP** portal for any SIMs taken in your name, (5) freeze your bank's AePS limit, and (6) raise an Aadhaar-misuse complaint at uidai.gov.in/file-complaint. Recovery probability is highest within the first 24 hours.
 +
 +===== In this guide =====
 +
 +  * [[#How the fake Aadhaar update scam runs|How the fake Aadhaar update scam runs]]
 +  * [[#Six red flags in 30 seconds|Six red flags in 30 seconds]]
 +  * [[#The 30-minute lockdown|The 30-minute lockdown]]
 +  * [[#Biometric lock — the single most important step|Biometric lock — the single most important step]]
 +  * [[#If money was already taken via AePS|If money was already taken via AePS]]
 +  * [[#Sample complaint to UIDAI|Sample complaint to UIDAI]]
 +  * [[#What not to do|What not to do]]
 +  * [[#Can compensation be claimed?|Can compensation be claimed?]]
 +  * [[#FAQ|FAQ]]
 +
 +===== How the fake Aadhaar update scam runs =====
 +
 +  - **Bait** — SMS / WhatsApp / email / Google ad: "Your Aadhaar will be deactivated on [date] unless you update it online. Click here." Look-alike domain. Sometimes a "free document upload" feature.
 +  - **Trap** — Cloned UIDAI page asks for Aadhaar number, registered mobile, OTP, and "selfie + photo of original docs." The OTP is the actual UIDAI OTP triggered against the **real** UIDAI service, captured live.
 +  - **Drain** — Once OTP is in attacker hands, they (a) authenticate AePS withdrawals at "merchant" agents, (b) take SIMs in your name on TAFCOP, (c) seed identity into mule loan applications.
 +
 +The drain often happens **within minutes** of the OTP capture.
 +
 +===== Six red flags in 30 seconds =====
 +
 +| Flag | What you'll see | Why it's fake |
 +| **1. Domain not uidai.gov.in** | aadhaar-update.in, uidai-update.online, my-uidai.help | UIDAI uses one domain only |
 +| **2. "Deadline" language** | "Last 24 hours to update" | UIDAI never imposes 24-hour panic deadlines on individuals |
 +| **3. Asks for biometric / fingerprint scan over web** | "Place finger on screen" | Biometrics aren't captured through a browser |
 +| **4. Asks for upload of physical Aadhaar card image** | "Upload photo of front + back" | Update doesn't require a card scan |
 +| **5. Pay to update** | "Pay ₹50 / ₹250 to expedite" | UIDAI online updates have a fixed ₹50 fee at the //real// portal — but fake sites mimic this. The clue is the domain. |
 +| **6. Asks for net-banking / UPI to "match Aadhaar"** | "Verify Aadhaar-bank link" | UIDAI **never** asks for net-banking |
 +
 +> **Citizen tip** — Type ``uidai.gov.in`` directly into the address bar or open the **mAadhaar app** from the official Play Store / App Store. Never click any link in any message claiming to be from UIDAI.
 +
 +===== The 30-minute lockdown =====
 +
 +  - **Lock biometrics** at uidai.gov.in → My Aadhaar → Biometric Lock (need OTP to your registered mobile)
 +  - **Open TAFCOP** ([[https://tafcop.sancharsaathi.gov.in|tafcop.sancharsaathi.gov.in]]) → flag any unknown SIM in your name
 +  - **Pull a CIBIL report** ([[https://www.cibil.com|cibil.com]]) → check for unknown loans / cards
 +  - **Freeze AePS** — call your bank; ask to disable AePS withdrawal on this Aadhaar
 +  - **Call 1947** — UIDAI 24×7 helpline; note the complaint reference
 +  - **File at cybercrime.gov.in / 1930** if money has moved
 +  - **Email UIDAI** at [email protected] with full details + screenshots of the fake site
 +  - **Change registered mobile** at uidai.gov.in only if your SIM is in your control
 +
 +===== Biometric lock — the single most important step =====
 +
 +UIDAI's **Biometric Lock** is a free service that **disables AePS / fingerprint authentication** entirely against your Aadhaar number. Once locked:
 +  * No agent can debit your bank via fingerprint at any AePS terminal
 +  * No identity verification using fingerprint is possible until you unlock it
 +  * E-KYC for SIMs / new bank accounts also requires unlock
 +
 +How to enable:
 +  - Open uidai.gov.in (clean browser, typed address)
 +  - My Aadhaar → Aadhaar Services → **Lock / Unlock Biometrics**
 +  - Enter Aadhaar + Captcha → Send OTP to registered mobile
 +  - Enter OTP → Lock
 +
 +This is **the single most important defensive measure** for an Aadhaar-misuse-prone scenario. **Lock by default; unlock only when you actively need fingerprint authentication** (e.g., during physical bank account opening).
 +
 +> **Warning** — If your registered mobile is no longer with you, biometric lock requires a visit to an Aadhaar Seva Kendra. Run the [[block-lost-stolen-sim-card-india|stolen-SIM playbook]] in parallel.
 +
 +===== If money was already taken via AePS =====
 +
 +AePS (Aadhaar enabled Payment System) lets bank-correspondent agents withdraw cash from your bank using your fingerprint. Frauds happen when biometric replicas (silicone fingers from leaked databases) are used at unauthorised agent points.
 +
 +If you see unauthorized AePS debits:
 +  - **Within 3 working days** — full refund under RBI's Limiting Liability framework, 2017
 +  - **Within 7 working days** — capped liability (₹5,000–₹25,000)
 +  - **Beyond 7 days** — bank's board-approved policy
 +
 +Steps:
 +  - Call **1930** (cyber helpline)
 +  - File at cybercrime.gov.in
 +  - Email bank's "report unauthorised transaction"; attach UIDAI lock confirmation + 1930 reference
 +  - Demand temporary credit within 10 working days
 +  - Bank must resolve in 90 days; escalate to **Banking Ombudsman** (cms.rbi.org.in) if not
 +
 +===== Sample complaint to UIDAI =====
 +
 +<code>
 +To,
 +The UIDAI Regional Office (Bengaluru / Chandigarh / Delhi / Guwahati /
 +Hyderabad / Lucknow / Mumbai / Ranchi)
 +
 +Subject: Aadhaar misuse via fake update website — request for
 +investigation under Aadhaar Act §29 and §38 — Aadhaar Reference No.
 +[VID 16-digit]
 +
 +Sir / Madam,
 +
 +I, [Full name], holder of Aadhaar [VID 16-digit, masked first 12], wish
 +to report that on [date] I encountered a phishing site purporting to
 +be UIDAI ([URL of fake site]) and shared / had captured my:
 +  [Aadhaar number / registered mobile / OTP / selfie / scan of card]
 +
 +I have:
 +  1. Locked my biometrics on uidai.gov.in (timestamp ___).
 +  2. Filed at cybercrime.gov.in (Reference: ___) and called 1930
 +     (Reference: ___).
 +  3. Reviewed TAFCOP and flagged [N] unknown SIMs in my name.
 +  4. Pulled CIBIL report (Reference: ___) and flagged [N] suspect items.
 +
 +I request UIDAI to:
 +  a) Confirm in writing that my Aadhaar has not been used for any
 +     unauthorised authentication in the [date] window.
 +  b) Take action under Aadhaar Act §38 (penalty for unauthorised access)
 +     against the operators of [URL].
 +  c) Coordinate with MeitY / I4C for takedown of the fake domain.
 +
 +Yours faithfully,
 +[Signature, Name]
 +[VID, Registered Mobile, Email, Date]
 +</code>
 +
 +===== What not to do =====
 +
 +  * Do **not** type your Aadhaar number on **any** website that isn't ``uidai.gov.in`` or your bank's verified portal.
 +  * Do **not** share your **Aadhaar OTP** with anyone — including someone claiming to be from UIDAI / a bank / an Aadhaar Seva Kendra.
 +  * Do **not** upload a scan of your Aadhaar card on random portals; use the **VID (Virtual ID)** wherever a partial Aadhaar reference is needed.
 +  * Do **not** ignore unknown SIMs on TAFCOP — these are the second-stage attack vectors.
 +  * Do **not** keep biometrics unlocked by default — lock them; unlock only when needed.
 +
 +===== Can compensation be claimed? =====
 +
 +  * **AePS / banking refund** — RBI Master Direction 2017 (refund if reported within 3 working days)
 +  * **Aadhaar Act penalty** — UIDAI can fine the perpetrator up to ₹1 crore under §38–§43 for unauthorised access; victim is the **complainant**
 +  * **Consumer court** — for bank's negligence in approving AePS without secondary verification
 +  * **DPDP Act 2023** — Data Protection Board can impose penalties on data-handlers who leaked Aadhaar metadata enabling the fraud
 +  * **Banking Ombudsman** — RB-IOS 2021 covers AePS disputes
 +
 +===== What to do in the next 30 minutes (printable card) =====
 +
 +  - **0–5 min** — Lock biometrics on uidai.gov.in
 +  - **5–15 min** — TAFCOP audit; CIBIL pull
 +  - **15–25 min** — Call 1947 + 1930 if money moved; file at cybercrime.gov.in
 +  - **25–30 min** — Bank's "report unauthorised transaction" form
 +  - **+24 h** — Branch visit; written acknowledgement; UIDAI Regional Office written complaint
 +  - **+72 h** — RBI bank-dispute window for AePS refund
 +
 +===== Long-tail keywords this page targets =====
 +
 +fake Aadhaar update website India 2026, Aadhaar OTP scam recovery, UIDAI biometric lock how to, AePS fraud refund, Aadhaar misuse complaint, fake uidai site list, Aadhaar deadline SMS scam, Aadhaar update fee scam, Aadhaar Seva Kendra fake, mAadhaar fake app
 +
 +===== People also ask =====
 +
 +  * **Q:** Is there ever an "Aadhaar update deadline" by which my Aadhaar will be deactivated?\\ No. UIDAI runs voluntary 10-yearly update drives but does not deactivate individual Aadhaars by SMS deadline.
 +  * **Q:** Can a stranger withdraw money from my account using only my Aadhaar number?\\ With Aadhaar number alone, no. With Aadhaar + a fingerprint replica or OTP, yes — that's why biometric lock matters.
 +  * **Q:** Will UIDAI charge me to lock biometrics?\\ No. Biometric lock / unlock is free, online, and instant.
 +  * **Q:** Should I share my Aadhaar with my employer / new SIM agent / hospital?\\ Use **Masked Aadhaar** or **VID** wherever a copy is requested. Never the full e-Aadhaar with full number visible.
 +  * **Q:** Can I file an FIR for Aadhaar misuse?\\ Yes — under BNS 2024 §319 (cheating), §316 (personation), §336–§338 (forgery), and Aadhaar Act §38.
 +
 +===== Voice-search queries =====
 +
 +"How to lock Aadhaar biometric?" · "Fake Aadhaar update website list." · "Aadhaar OTP scam recovery." · "1947 UIDAI helpline." · "AePS fraud refund."
 +
 +===== SVG / infographic prompts =====
 +
 +<code>
 +[Decision tree] "Got Aadhaar update SMS"
 +Domain is uidai.gov.in? → maybe genuine → verify in mAadhaar app
 +Anything else? → SCAM → lock biometric + report
 +
 +[Anatomy] "Aadhaar fraud chain"
 +1. fake site bait (lookalike domain + deadline)
 +2. OTP capture (live UIDAI OTP forwarded)
 +3. AePS drain (silicone fingerprint at agent point)
 +4. SIM in your name (TAFCOP)
 +5. mule loan in your name (CIBIL)
 +
 +[Lockdown ladder] mAadhaar app → biometric lock → TAFCOP audit → CIBIL → 1930
 +</code>
 +
 +
 +===== If the formal channel fails, escalate via RTI =====
 +
 +<WRAP center round info 100%>
 +If this complaint isn't resolved through the regular complaint route, you can file an **RTI** to force the public authority to either act or explain in writing why they haven't. The fee is ₹10 (free if you're BPL).
 +
 +  * Draft your application: [[https://righttoinformation.wiki/tools/ai-rti-draft-app.html|AI RTI Drafter]]
 +  * Calculate timelines: [[https://righttoinformation.wiki/tools/timeline-calculator-app.html|Timeline Calculator]]
 +  * If PIO doesn't reply in 30 days: [[https://righttoinformation.wiki/appeal-templates/deemed-refusal-first-appeal|Deemed refusal first appeal]]
 +  * If PIO rejects without reason: [[https://righttoinformation.wiki/appeal-templates/wrongful-section-8-rejection|S.8 rejection appeal]]
 +  * Sample applications: [[https://righttoinformation.wiki/guide/applicant/application/sample/start|Sample RTI library]]
 +</WRAP>
 +
 +===== Internal cross-links =====
 +
 +  * [[fake-kyc-update-scam-india|Fake KYC update scam]]
 +  * [[block-lost-stolen-sim-card-india|Block lost / stolen SIM]]
 +  * [[pan-aadhaar-fraud-recovery|PAN-Aadhaar fraud recovery]]
 +  * [[aeps-aadhaar-fraud-recovery|AePS Aadhaar fraud recovery]]
 +  * [[fake-police-notice-pdf-scam-india|Fake police notice PDF scam]]
 +  * [[scammed-on-upi-recovery-steps|UPI fraud recovery]]
 +  * [[banking-ombudsman-complaint-guide-india|Banking Ombudsman complaint guide]]
 +  * [[recover-money-wrong-bank-account-india|Money sent to wrong account]]
 +
 +===== Government & authority references =====
 +
 +  * **UIDAI** — uidai.gov.in · Helpline **1947**
 +  * **MHA — National Cyber Crime Reporting Portal** — cybercrime.gov.in · **1930**
 +  * **RBI** — Master Direction on Limiting Liability of Customers, 2017
 +  * **Banking Ombudsman** — cms.rbi.org.in
 +  * **CIBIL / CRIF Highmark / Equifax / Experian** — credit-bureau dashboards
 +  * **TAFCOP / Sancharsaathi** — tafcop.sancharsaathi.gov.in
 +  * **CERT-In** advisories on phishing
 +  * **MeitY** for fake-domain takedown
 +  * **Aadhaar Act 2016** §29 (restrictions on use), §38 (penalty for unauthorised access)
 +  * **DPDP Act 2023** + Rules 2025
 +  * **BNS 2024** §316, §319, §336–§338
 +  * **IT Act 2000** §66C (identity theft), §66D (impersonation)
 +
 +===== FAQ =====
 +
 +==== Where do I see if my Aadhaar was used for authentication recently? ====
 +
 +uidai.gov.in → My Aadhaar → Aadhaar Services → **Authentication History**. Shows last 50 authentications. Anything you don't recognise → file a complaint.
 +
 +==== Is e-Aadhaar download safe? ====
 +
 +Yes — only from uidai.gov.in. Never from third-party "Aadhaar download" sites.
 +
 +==== Can I use VID for everything? ====
 +
 +Yes — for SIM, gas, e-KYC, EPF, ITR. VID is regenerated on demand and limits exposure of the actual Aadhaar number.
 +
 +==== My Aadhaar mobile is wrong — am I in danger? ====
 +
 +Yes — anyone who knows your Aadhaar can intercept OTP. Update mobile at the nearest **Aadhaar Seva Kendra** with biometric authentication.
 +
 +==== How long does Aadhaar biometric lock take to activate? ====
 +
 +Instant. Same for unlock — but unlock auto-relocks within a window. Set lock as default.
 +
 +===== Myth vs reality =====
 +
 +^ Myth ^ Reality ^
 +| "UIDAI sends update reminders by SMS link." | UIDAI never sends individual update links via SMS. |
 +| "Aadhaar can't be misused without my consent." | Leaked databases + silicone fingerprint replicas enable AePS misuse. |
 +| "Once my Aadhaar leaks, nothing can be done." | Biometric lock + TAFCOP + CIBIL audit + 1930 give a working defence. |
 +| "Police won't take Aadhaar fraud seriously." | BNS 2024 §316/§319 + Aadhaar Act §38 + IT Act §66D are cognisable. |
 +| "Updating online is the same as updating at a Seva Kendra." | Demographic updates are online; **biometric updates need a Kendra visit**. |
 +
 +===== Last word =====
 +
 +The fake-Aadhaar-update site succeeds because it preys on the genuine fear of identity invalidation. The whole trap collapses if you (a) only ever type ``uidai.gov.in`` directly, (b) keep biometrics **locked by default**, and (c) audit TAFCOP + CIBIL once a quarter. Save your Aadhaar enrolment number on a paper note, never in your phone, and never share OTP with anyone — UIDAI included.
 +
 +This page is part of RTI Wiki's **Citizen Crisis Response Network**. Updates tracked through UIDAI press releases, MeitY domain takedowns, and judgments under the Aadhaar Act and DPDP Act 2023.
 +===== Fake Aadhaar update website fraud: How to identify, report, and protect yourself (2026) =====
 +
 +Fake Aadhaar update website fraud — complete guide on identifying, reporting, and protecting yourself:
 +
 +  - **Step 1: What is the fake Aadhaar update website fraud?** (a) the fraud — involves the fake websites — that mimic — the UIDAI — official website — (uidai.gov.in — or myaadhaar.uidai.gov.in) — and offer — the Aadhaar update — or the correction — or the enrollment — at the lower fee — or the faster — service, (b) the fraudster — collects: (i) the Aadhaar number, (ii) the biometric — data, (iii) the mobile number, (iv) the OTP, (v) the payment — (the fee — for the update), (c) the misuse: (i) the identity theft — (the Aadhaar — is used — for the bank account — or the SIM — or the loan), (ii) the financial fraud — (the bank account — is opened — or the loan — is taken), (iii) the data sale — (the Aadhaar data — is sold — to the third parties), (d) the scale: (i) the UIDAI — has reported — over 100 fake websites — in 2025, (ii) the average loss — is Rs 500-5,000 — per victim — but the identity theft — can cause — the larger — loss.
 +  - **Step 2: How to identify a fake Aadhaar website.** (a) the red flags: (i) the URL — is not uidai.gov.in — or myaadhaar.uidai.gov.in — (the fake — uses — the uidai-update.in — or aadhaar-update.co.in — or the similar — domain), (ii) the fee — is different — from the official — (the UIDAI — charges Rs 50 — for the update — and Rs 100 — for the biometric — update), (iii) the website — asks for the OTP — before the process — (the UIDAI — sends the OTP — during the process), (iv) the website — asks for the biometric — upload — (the UIDAI — does not ask — for the biometric — upload — online), (v) the website — does not have — the UIDAI — logo — or the SSL — certificate, (b) the verification: (i) check the URL — on the UIDAI — official website — (uidai.gov.in), (ii) check the website — on the SCRS — (Suspicious Creek — Reporting System) — or the Cyber Crime — portal, (iii) call 1947 — the UIDAI toll-free — to verify.
 +  - **Step 3: How to report the fake Aadhaar website.** (a) the UIDAI: (i) email — at [email protected] — with the URL — and the screenshots, (ii) call 1947 — the toll-free — to report, (b) the Cyber Crime: (i) visit cybercrime.gov.in — and file the complaint — under "Online Financial Fraud" — or "Other Cyber Crime", (ii) call 1930 — for the immediate — reporting, (c) the police: (i) file the FIR — at the local police station — under Section 419 — and Section 420 — of the IPC — and Section 66D — of the IT Act, (d) the bank: (i) if the payment — is made — contact the bank — and request the chargeback — or the freeze.
 +  - **Step 4: Fraud comparison — fake Aadhaar website vs other Aadhaar frauds.** (a) the fake website: (i) the method: the fake website — collects the data, (ii) the data: the Aadhaar — and the OTP — and the biometric, (iii) the loss: Rs 500-5,000 + identity theft, (b) the OTP fraud: (i) the method: the fraudster — calls — and asks for the OTP, (ii) the data: the OTP — only, (iii) the loss: the bank account — or the SIM — is hijacked, (c) the biometric fraud: (i) the method: the fraudster — clones — the biometric — and uses — for the authentication, (ii) the data: the biometric, (iii) the loss: the bank account — or the e-KYC — is hijacked, (d) the enrollment fraud: (i) the method: the fake enrollment center — collects the data, (ii) the data: the Aadhaar — and the biometric — and the demographic, (iii) the loss: the identity theft.
 +  - **Step 5: How to protect yourself.** (a) use only the official website: (i) uidai.gov.in — or myaadhaar.uidai.gov.in, (ii) the mAadhaar app — from the official — app store, (b) verify the URL: (i) check — the URL — before entering — the data, (ii) look for — the HTTPS — and the UIDAI — logo, (c) do not share the OTP: (i) the UIDAI — sends the OTP — for the authentication — and the OTP — is not shared — with anyone, (d) lock the biometric: (i) lock the biometric — on the UIDAI — website — to prevent — the unauthorized — authentication, (ii) unlock — only when — the authentication — is needed, (e) check the Aadhaar — history: (i) check the authentication — history — on the UIDAI — website — to detect — the unauthorized — authentication.
 +  - **Step 6: File RTI on UIDAI.** (a) the UIDAI — is a public authority — under the RTI Act — and the RTI — can be filed — for: (i) the fake websites — identified — and the action taken, (ii) the complaints — filed — and the status, (iii) the enrollment — and the update — statistics, (b) the RTI application — can ask: (i) "Provide the list — of the fake websites — identified — by the UIDAI — in the period [date] to [date] — and the action taken — against each", (ii) "Provide the status — of the complaint — filed on [date] — reference [number] — including: (a) the action taken, (b) the investigation — status, (c) the recovery — if any", (iii) "Provide the statistics — of the Aadhaar — authentication — for the Aadhaar number [number] — in the period [date] to [date] — including: (a) the date, (b) the entity, (c) the type — of the authentication", (c) the application fee — is Rs 10 — by the IPO — or the online payment — on the rtionline.gov.in.
 +  - **Step 7: Practical tips.** (a) use only the official — uidai.gov.in — or myaadhaar.uidai.gov.in, (b) never share the OTP — with anyone, (c) lock the biometric — when not in use, (d) check the authentication — history — periodically, (e) report the fake website — to the UIDAI — and the Cyber Crime — immediately, (f) Example: A victim — used a fake website — for the Aadhaar update — and paid Rs 200 — and entered the OTP — and the Aadhaar — was used — for the bank account — he detected — the unauthorized — authentication — from the history — and locked — the biometric — and filed — the complaint — on the Cyber Crime — and the UIDAI — and the bank account — was traced — and the fraudster — was arrested.
 +
 +See [[https://righttoinformation.wiki/fake-aadhaar-update-website-fraud|Fake Aadhaar Website]] and [[https://righttoinformation.wiki/aadhaar-correction-rti|Aadhaar Correction RTI]].
 +
 +{{tag>fake aadhaar website fraud india 2026 uidai otp biometric lock cyber crime identity theft rti 2026}}