Differences
This shows you the differences between two versions of the page.
| — | fake-aadhaar-update-website-fraud [2026/07/10 23:16] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Fake Aadhaar Update Website Fraud — UIDAI Verification & Recovery (2026) ====== | ||
| + | {{htmlmetatags> | ||
| + | {{htmlmetatags> | ||
| + | |||
| + | " | ||
| + | |||
| + | > **Citizen Crisis Response Network — domain rule**\\ The **only** official UIDAI domain is **uidai.gov.in** (and the mAadhaar app). Anything else — ``.in``, ``.online``, | ||
| + | |||
| + | ===== Direct answer (featured snippet) ===== | ||
| + | |||
| + | If you suspect a fake Aadhaar-update site or have already shared OTP / biometric / mobile number: (1) immediately **lock your biometrics** at [[https:// | ||
| + | |||
| + | ===== In this guide ===== | ||
| + | |||
| + | * [[#How the fake Aadhaar update scam runs|How the fake Aadhaar update scam runs]] | ||
| + | * [[#Six red flags in 30 seconds|Six red flags in 30 seconds]] | ||
| + | * [[#The 30-minute lockdown|The 30-minute lockdown]] | ||
| + | * [[# | ||
| + | * [[#If money was already taken via AePS|If money was already taken via AePS]] | ||
| + | * [[#Sample complaint to UIDAI|Sample complaint to UIDAI]] | ||
| + | * [[#What not to do|What not to do]] | ||
| + | * [[#Can compensation be claimed? | ||
| + | * [[# | ||
| + | |||
| + | ===== How the fake Aadhaar update scam runs ===== | ||
| + | |||
| + | - **Bait** — SMS / WhatsApp / email / Google ad: "Your Aadhaar will be deactivated on [date] unless you update it online. Click here." Look-alike domain. Sometimes a "free document upload" | ||
| + | - **Trap** — Cloned UIDAI page asks for Aadhaar number, registered mobile, OTP, and " | ||
| + | - **Drain** — Once OTP is in attacker hands, they (a) authenticate AePS withdrawals at " | ||
| + | |||
| + | The drain often happens **within minutes** of the OTP capture. | ||
| + | |||
| + | ===== Six red flags in 30 seconds ===== | ||
| + | |||
| + | | Flag | What you'll see | Why it's fake | | ||
| + | | **1. Domain not uidai.gov.in** | aadhaar-update.in, | ||
| + | | **2. " | ||
| + | | **3. Asks for biometric / fingerprint scan over web** | "Place finger on screen" | ||
| + | | **4. Asks for upload of physical Aadhaar card image** | " | ||
| + | | **5. Pay to update** | "Pay ₹50 / ₹250 to expedite" | ||
| + | | **6. Asks for net-banking / UPI to "match Aadhaar" | ||
| + | |||
| + | > **Citizen tip** — Type ``uidai.gov.in`` directly into the address bar or open the **mAadhaar app** from the official Play Store / App Store. Never click any link in any message claiming to be from UIDAI. | ||
| + | |||
| + | ===== The 30-minute lockdown ===== | ||
| + | |||
| + | - **Lock biometrics** at uidai.gov.in → My Aadhaar → Biometric Lock (need OTP to your registered mobile) | ||
| + | - **Open TAFCOP** ([[https:// | ||
| + | - **Pull a CIBIL report** ([[https:// | ||
| + | - **Freeze AePS** — call your bank; ask to disable AePS withdrawal on this Aadhaar | ||
| + | - **Call 1947** — UIDAI 24×7 helpline; note the complaint reference | ||
| + | - **File at cybercrime.gov.in / 1930** if money has moved | ||
| + | - **Email UIDAI** at [email protected] with full details + screenshots of the fake site | ||
| + | - **Change registered mobile** at uidai.gov.in only if your SIM is in your control | ||
| + | |||
| + | ===== Biometric lock — the single most important step ===== | ||
| + | |||
| + | UIDAI' | ||
| + | * No agent can debit your bank via fingerprint at any AePS terminal | ||
| + | * No identity verification using fingerprint is possible until you unlock it | ||
| + | * E-KYC for SIMs / new bank accounts also requires unlock | ||
| + | |||
| + | How to enable: | ||
| + | - Open uidai.gov.in (clean browser, typed address) | ||
| + | - My Aadhaar → Aadhaar Services → **Lock / Unlock Biometrics** | ||
| + | - Enter Aadhaar + Captcha → Send OTP to registered mobile | ||
| + | - Enter OTP → Lock | ||
| + | |||
| + | This is **the single most important defensive measure** for an Aadhaar-misuse-prone scenario. **Lock by default; unlock only when you actively need fingerprint authentication** (e.g., during physical bank account opening). | ||
| + | |||
| + | > **Warning** — If your registered mobile is no longer with you, biometric lock requires a visit to an Aadhaar Seva Kendra. Run the [[block-lost-stolen-sim-card-india|stolen-SIM playbook]] in parallel. | ||
| + | |||
| + | ===== If money was already taken via AePS ===== | ||
| + | |||
| + | AePS (Aadhaar enabled Payment System) lets bank-correspondent agents withdraw cash from your bank using your fingerprint. Frauds happen when biometric replicas (silicone fingers from leaked databases) are used at unauthorised agent points. | ||
| + | |||
| + | If you see unauthorized AePS debits: | ||
| + | - **Within 3 working days** — full refund under RBI's Limiting Liability framework, 2017 | ||
| + | - **Within 7 working days** — capped liability (₹5, | ||
| + | - **Beyond 7 days** — bank's board-approved policy | ||
| + | |||
| + | Steps: | ||
| + | - Call **1930** (cyber helpline) | ||
| + | - File at cybercrime.gov.in | ||
| + | - Email bank's " | ||
| + | - Demand temporary credit within 10 working days | ||
| + | - Bank must resolve in 90 days; escalate to **Banking Ombudsman** (cms.rbi.org.in) if not | ||
| + | |||
| + | ===== Sample complaint to UIDAI ===== | ||
| + | |||
| + | < | ||
| + | To, | ||
| + | The UIDAI Regional Office (Bengaluru / Chandigarh / Delhi / Guwahati / | ||
| + | Hyderabad / Lucknow / Mumbai / Ranchi) | ||
| + | |||
| + | Subject: Aadhaar misuse via fake update website — request for | ||
| + | investigation under Aadhaar Act §29 and §38 — Aadhaar Reference No. | ||
| + | [VID 16-digit] | ||
| + | |||
| + | Sir / Madam, | ||
| + | |||
| + | I, [Full name], holder of Aadhaar [VID 16-digit, masked first 12], wish | ||
| + | to report that on [date] I encountered a phishing site purporting to | ||
| + | be UIDAI ([URL of fake site]) and shared / had captured my: | ||
| + | [Aadhaar number / registered mobile / OTP / selfie / scan of card] | ||
| + | |||
| + | I have: | ||
| + | 1. Locked my biometrics on uidai.gov.in (timestamp ___). | ||
| + | 2. Filed at cybercrime.gov.in (Reference: ___) and called 1930 | ||
| + | | ||
| + | 3. Reviewed TAFCOP and flagged [N] unknown SIMs in my name. | ||
| + | 4. Pulled CIBIL report (Reference: ___) and flagged [N] suspect items. | ||
| + | |||
| + | I request UIDAI to: | ||
| + | a) Confirm in writing that my Aadhaar has not been used for any | ||
| + | | ||
| + | b) Take action under Aadhaar Act §38 (penalty for unauthorised access) | ||
| + | | ||
| + | c) Coordinate with MeitY / I4C for takedown of the fake domain. | ||
| + | |||
| + | Yours faithfully, | ||
| + | [Signature, Name] | ||
| + | [VID, Registered Mobile, Email, Date] | ||
| + | </ | ||
| + | |||
| + | ===== What not to do ===== | ||
| + | |||
| + | * Do **not** type your Aadhaar number on **any** website that isn't ``uidai.gov.in`` or your bank's verified portal. | ||
| + | * Do **not** share your **Aadhaar OTP** with anyone — including someone claiming to be from UIDAI / a bank / an Aadhaar Seva Kendra. | ||
| + | * Do **not** upload a scan of your Aadhaar card on random portals; use the **VID (Virtual ID)** wherever a partial Aadhaar reference is needed. | ||
| + | * Do **not** ignore unknown SIMs on TAFCOP — these are the second-stage attack vectors. | ||
| + | * Do **not** keep biometrics unlocked by default — lock them; unlock only when needed. | ||
| + | |||
| + | ===== Can compensation be claimed? ===== | ||
| + | |||
| + | * **AePS / banking refund** — RBI Master Direction 2017 (refund if reported within 3 working days) | ||
| + | * **Aadhaar Act penalty** — UIDAI can fine the perpetrator up to ₹1 crore under §38–§43 for unauthorised access; victim is the **complainant** | ||
| + | * **Consumer court** — for bank's negligence in approving AePS without secondary verification | ||
| + | * **DPDP Act 2023** — Data Protection Board can impose penalties on data-handlers who leaked Aadhaar metadata enabling the fraud | ||
| + | * **Banking Ombudsman** — RB-IOS 2021 covers AePS disputes | ||
| + | |||
| + | ===== What to do in the next 30 minutes (printable card) ===== | ||
| + | |||
| + | - **0–5 min** — Lock biometrics on uidai.gov.in | ||
| + | - **5–15 min** — TAFCOP audit; CIBIL pull | ||
| + | - **15–25 min** — Call 1947 + 1930 if money moved; file at cybercrime.gov.in | ||
| + | - **25–30 min** — Bank's " | ||
| + | - **+24 h** — Branch visit; written acknowledgement; | ||
| + | - **+72 h** — RBI bank-dispute window for AePS refund | ||
| + | |||
| + | ===== Long-tail keywords this page targets ===== | ||
| + | |||
| + | fake Aadhaar update website India 2026, Aadhaar OTP scam recovery, UIDAI biometric lock how to, AePS fraud refund, Aadhaar misuse complaint, fake uidai site list, Aadhaar deadline SMS scam, Aadhaar update fee scam, Aadhaar Seva Kendra fake, mAadhaar fake app | ||
| + | |||
| + | ===== People also ask ===== | ||
| + | |||
| + | * **Q:** Is there ever an " | ||
| + | * **Q:** Can a stranger withdraw money from my account using only my Aadhaar number?\\ With Aadhaar number alone, no. With Aadhaar + a fingerprint replica or OTP, yes — that's why biometric lock matters. | ||
| + | * **Q:** Will UIDAI charge me to lock biometrics? | ||
| + | * **Q:** Should I share my Aadhaar with my employer / new SIM agent / hospital?\\ Use **Masked Aadhaar** or **VID** wherever a copy is requested. Never the full e-Aadhaar with full number visible. | ||
| + | * **Q:** Can I file an FIR for Aadhaar misuse?\\ Yes — under BNS 2024 §319 (cheating), §316 (personation), | ||
| + | |||
| + | ===== Voice-search queries ===== | ||
| + | |||
| + | "How to lock Aadhaar biometric?" | ||
| + | |||
| + | ===== SVG / infographic prompts ===== | ||
| + | |||
| + | < | ||
| + | [Decision tree] "Got Aadhaar update SMS" | ||
| + | Domain is uidai.gov.in? | ||
| + | Anything else? → SCAM → lock biometric + report | ||
| + | |||
| + | [Anatomy] " | ||
| + | 1. fake site bait (lookalike domain + deadline) | ||
| + | 2. OTP capture (live UIDAI OTP forwarded) | ||
| + | 3. AePS drain (silicone fingerprint at agent point) | ||
| + | 4. SIM in your name (TAFCOP) | ||
| + | 5. mule loan in your name (CIBIL) | ||
| + | |||
| + | [Lockdown ladder] mAadhaar app → biometric lock → TAFCOP audit → CIBIL → 1930 | ||
| + | </ | ||
| + | |||
| + | |||
| + | ===== If the formal channel fails, escalate via RTI ===== | ||
| + | |||
| + | <WRAP center round info 100%> | ||
| + | If this complaint isn't resolved through the regular complaint route, you can file an **RTI** to force the public authority to either act or explain in writing why they haven' | ||
| + | |||
| + | * Draft your application: | ||
| + | * Calculate timelines: [[https:// | ||
| + | * If PIO doesn' | ||
| + | * If PIO rejects without reason: [[https:// | ||
| + | * Sample applications: | ||
| + | </ | ||
| + | |||
| + | ===== Internal cross-links ===== | ||
| + | |||
| + | * [[fake-kyc-update-scam-india|Fake KYC update scam]] | ||
| + | * [[block-lost-stolen-sim-card-india|Block lost / stolen SIM]] | ||
| + | * [[pan-aadhaar-fraud-recovery|PAN-Aadhaar fraud recovery]] | ||
| + | * [[aeps-aadhaar-fraud-recovery|AePS Aadhaar fraud recovery]] | ||
| + | * [[fake-police-notice-pdf-scam-india|Fake police notice PDF scam]] | ||
| + | * [[scammed-on-upi-recovery-steps|UPI fraud recovery]] | ||
| + | * [[banking-ombudsman-complaint-guide-india|Banking Ombudsman complaint guide]] | ||
| + | * [[recover-money-wrong-bank-account-india|Money sent to wrong account]] | ||
| + | |||
| + | ===== Government & authority references ===== | ||
| + | |||
| + | * **UIDAI** — uidai.gov.in · Helpline **1947** | ||
| + | * **MHA — National Cyber Crime Reporting Portal** — cybercrime.gov.in · **1930** | ||
| + | * **RBI** — Master Direction on Limiting Liability of Customers, 2017 | ||
| + | * **Banking Ombudsman** — cms.rbi.org.in | ||
| + | * **CIBIL / CRIF Highmark / Equifax / Experian** — credit-bureau dashboards | ||
| + | * **TAFCOP / Sancharsaathi** — tafcop.sancharsaathi.gov.in | ||
| + | * **CERT-In** advisories on phishing | ||
| + | * **MeitY** for fake-domain takedown | ||
| + | * **Aadhaar Act 2016** §29 (restrictions on use), §38 (penalty for unauthorised access) | ||
| + | * **DPDP Act 2023** + Rules 2025 | ||
| + | * **BNS 2024** §316, §319, §336–§338 | ||
| + | * **IT Act 2000** §66C (identity theft), §66D (impersonation) | ||
| + | |||
| + | ===== FAQ ===== | ||
| + | |||
| + | ==== Where do I see if my Aadhaar was used for authentication recently? ==== | ||
| + | |||
| + | uidai.gov.in → My Aadhaar → Aadhaar Services → **Authentication History**. Shows last 50 authentications. Anything you don't recognise → file a complaint. | ||
| + | |||
| + | ==== Is e-Aadhaar download safe? ==== | ||
| + | |||
| + | Yes — only from uidai.gov.in. Never from third-party " | ||
| + | |||
| + | ==== Can I use VID for everything? ==== | ||
| + | |||
| + | Yes — for SIM, gas, e-KYC, EPF, ITR. VID is regenerated on demand and limits exposure of the actual Aadhaar number. | ||
| + | |||
| + | ==== My Aadhaar mobile is wrong — am I in danger? ==== | ||
| + | |||
| + | Yes — anyone who knows your Aadhaar can intercept OTP. Update mobile at the nearest **Aadhaar Seva Kendra** with biometric authentication. | ||
| + | |||
| + | ==== How long does Aadhaar biometric lock take to activate? ==== | ||
| + | |||
| + | Instant. Same for unlock — but unlock auto-relocks within a window. Set lock as default. | ||
| + | |||
| + | ===== Myth vs reality ===== | ||
| + | |||
| + | ^ Myth ^ Reality ^ | ||
| + | | "UIDAI sends update reminders by SMS link." | UIDAI never sends individual update links via SMS. | | ||
| + | | " | ||
| + | | "Once my Aadhaar leaks, nothing can be done." | Biometric lock + TAFCOP + CIBIL audit + 1930 give a working defence. | | ||
| + | | " | ||
| + | | " | ||
| + | |||
| + | ===== Last word ===== | ||
| + | |||
| + | The fake-Aadhaar-update site succeeds because it preys on the genuine fear of identity invalidation. The whole trap collapses if you (a) only ever type ``uidai.gov.in`` directly, (b) keep biometrics **locked by default**, and (c) audit TAFCOP + CIBIL once a quarter. Save your Aadhaar enrolment number on a paper note, never in your phone, and never share OTP with anyone — UIDAI included. | ||
| + | |||
| + | This page is part of RTI Wiki's **Citizen Crisis Response Network**. Updates tracked through UIDAI press releases, MeitY domain takedowns, and judgments under the Aadhaar Act and DPDP Act 2023. | ||
| + | ===== Fake Aadhaar update website fraud: How to identify, report, and protect yourself (2026) ===== | ||
| + | |||
| + | Fake Aadhaar update website fraud — complete guide on identifying, | ||
| + | |||
| + | - **Step 1: What is the fake Aadhaar update website fraud?** (a) the fraud — involves the fake websites — that mimic — the UIDAI — official website — (uidai.gov.in — or myaadhaar.uidai.gov.in) — and offer — the Aadhaar update — or the correction — or the enrollment — at the lower fee — or the faster — service, (b) the fraudster — collects: (i) the Aadhaar number, (ii) the biometric — data, (iii) the mobile number, (iv) the OTP, (v) the payment — (the fee — for the update), (c) the misuse: (i) the identity theft — (the Aadhaar — is used — for the bank account — or the SIM — or the loan), (ii) the financial fraud — (the bank account — is opened — or the loan — is taken), (iii) the data sale — (the Aadhaar data — is sold — to the third parties), (d) the scale: (i) the UIDAI — has reported — over 100 fake websites — in 2025, (ii) the average loss — is Rs 500-5,000 — per victim — but the identity theft — can cause — the larger — loss. | ||
| + | - **Step 2: How to identify a fake Aadhaar website.** (a) the red flags: (i) the URL — is not uidai.gov.in — or myaadhaar.uidai.gov.in — (the fake — uses — the uidai-update.in — or aadhaar-update.co.in — or the similar — domain), (ii) the fee — is different — from the official — (the UIDAI — charges Rs 50 — for the update — and Rs 100 — for the biometric — update), (iii) the website — asks for the OTP — before the process — (the UIDAI — sends the OTP — during the process), (iv) the website — asks for the biometric — upload — (the UIDAI — does not ask — for the biometric — upload — online), (v) the website — does not have — the UIDAI — logo — or the SSL — certificate, | ||
| + | - **Step 3: How to report the fake Aadhaar website.** (a) the UIDAI: (i) email — at [email protected] — with the URL — and the screenshots, | ||
| + | - **Step 4: Fraud comparison — fake Aadhaar website vs other Aadhaar frauds.** (a) the fake website: (i) the method: the fake website — collects the data, (ii) the data: the Aadhaar — and the OTP — and the biometric, (iii) the loss: Rs 500-5,000 + identity theft, (b) the OTP fraud: (i) the method: the fraudster — calls — and asks for the OTP, (ii) the data: the OTP — only, (iii) the loss: the bank account — or the SIM — is hijacked, (c) the biometric fraud: (i) the method: the fraudster — clones — the biometric — and uses — for the authentication, | ||
| + | - **Step 5: How to protect yourself.** (a) use only the official website: (i) uidai.gov.in — or myaadhaar.uidai.gov.in, | ||
| + | - **Step 6: File RTI on UIDAI.** (a) the UIDAI — is a public authority — under the RTI Act — and the RTI — can be filed — for: (i) the fake websites — identified — and the action taken, (ii) the complaints — filed — and the status, (iii) the enrollment — and the update — statistics, (b) the RTI application — can ask: (i) " | ||
| + | - **Step 7: Practical tips.** (a) use only the official — uidai.gov.in — or myaadhaar.uidai.gov.in, | ||
| + | |||
| + | See [[https:// | ||
| + | |||
| + | {{tag> | ||