CyberDudeBivash — Daily Threat Intel & Research

cyberdudebivash.com | cyberdudebivash-news.blogspot.com | cyberbivash.blogspot.com | cryptobivash.code.blog

That “Court Summons” in Your Inbox is a Scam to Steal Your UPI and Banking Passwords

A surge of emails pretend to be court summons / legal notices with urgent deadlines. The intent is simple: panic you into opening a malicious link or attachment that harvests your UPI PIN/OTP, netbanking credentials, and card data. This advisory explains exactly how the scam works and how to stop it — for individuals, teams, and SOCs.Author: CyberDudeBivash•Date: October 15, 2025•Category: Consumer Protection

Disclosure: This article may contain affiliate links. If you purchase through them, we may earn a commission. We only recommend tools we would use in a professional security workflow.Kaspersky — Endpoint & Password ProtectionPhishing protection & password manager baseline.Edureka — Cybersecurity UpskillingAwareness, incident response, and cloud security courses.Alibaba — Verified ProcurementHardware tokens, secure peripherals for teams.AliExpress — Budget PeripheralsUSB data blockers, privacy accessories.

TL;DR

Scam emails spoof courts/police/government and demand immediate action.
Links open fake portals or malware that attempt to steal UPI PIN/OTP, netbanking passwords, card numbers, or trigger UPI collect requests.
Never enter UPI PIN/OTP on links from email/SMS/WhatsApp. Courts do not take UPI PIN/OTP to deliver notices.
How to be safe: verify case numbers on the official website/app only, use browser/site allowlists, enable 2FA, and freeze payments on suspicion.

How the “Court Summons” Scam Works

Bait: Threatening subject lines — “Non-Appearance Summons”, “Final Notice Under IPC”, “E-Court Hearing Today”.
Panic: Countdown timers, fines, or arrest warnings to force immediate click.
Phishing page/malware: Fake “e-Court” pages ask for phone, email, bank, card, UPI details; some attachments try to install remote access or info-stealer apps.
Credential capture & drain: Attackers request OTPs, push UPI collect requests, or replay netbanking credentials.

UPI-Specific Traps (India)

Collect Request Scam: Scammers send a pay request claiming “verification fee/refund”. Reject unknown requests — UPI verification never needs you to approve money to strangers.
App Overlay / Screen Share: Callers push you to install “support” apps and watch you type your UPI PIN.
WhatsApp/Telegram Links: Moving you off email reduces traceability — treat it as a red flag.

Golden rule: Your UPI PIN is only for sending money you initiate to a known contact/merchant inside your banking app. It is never needed to “receive” refunds or court documents.

Red Flags to Spot Instantly

Sender address/domain mismatch; public mail senders for “government” notices.
Links go to unfamiliar domains or shortened URLs.
Attachments ask you to “Enable Macros” or install viewer apps.
Grammatical errors, fake seals, generic case IDs.
Demands for UPI PIN/OTP/card CVV or screen sharing.

What You Should Do — Right Now

Do not click links in unsolicited “court” emails. Verify case numbers on the official court portal or by calling the official helpline from the government website.
Open banking/UPI apps directly, not via links.
Enable 2FA on email and banking; use a password manager.
Set transaction limits & alerts for UPI and netbanking.
Report & block the email address and phone numbers used.

For Teams & SOC: Controls that Work

Mail security: DKIM/DMARC enforcement, banner external mail, detonate attachments in sandbox.
URL controls: Browser isolation or rewrite with time-of-click analysis; block lookalike domains.
User protections: Password manager rollout, phishing simulations focused on “legal” themes, screen-share policy blocks.
Banking hygiene: Per-user UPI/netbanking limits, mandatory alerts, just-in-time approvals for high-value payments.

If You Already Clicked / Paid

Call your bank immediately and request transaction reversal/hold; disable UPI temporarily.
Change passwords for email and banking; revoke active sessions.
Scan your device with reputable security software; remove remote-access apps.
Report to your bank, local cyber cell, and national cybercrime portal.
Preserve evidence (emails, headers, SMS, payment IDs) for investigation.

Mid-Article Toolbox

CyberDudeBivash Apps & Products — security utilities & guides
Kaspersky Security Suite — phishing & password protection
Edureka — cybersecurity awareness & IR courses
Alibaba — hardware tokens & peripherals
AliExpress — budget security accessories

FAQs

Do courts send summons by email with payment links?

No. Courts do not ask for UPI PIN/OTP or card details via email/SMS/WhatsApp. Always verify case numbers on the official portal.

Is a UPI collect request required to “verify” identity?

No. Identity verification never requires approving a payment to strangers. Reject unknown collect requests.

I opened the link but didn’t enter details. Am I safe?

Mostly yes, but scan your device and monitor accounts. If you downloaded any app/attachment, uninstall and run a full scan.

Next Reads

TurboVPNSecure remote access RewardfulAffiliate & referral tracking HSBC Premier [IN]Banking for professionals Tata Neu Super AppRewards & payments YES Education GroupUpskill & overseas study Asus [IN]Laptops for secure work

Need Help Training Your Team?

We deliver phishing simulations, consumer-grade awareness kits, and rapid incident response playbooks for Indian UPI users and global banking flows.

Phishing Awareness & Simulations
UPI & Banking Safety Workshops
Incident Response Runbooks

Contact CyberDudeBivash →

Subscribe to CyberDudeBivash ThreatWire

Get real-time scam alerts, CVEs, and hardening checklists — no spam.

CyberDudeBivash

cyberdudebivash.com | cyberdudebivash-news.blogspot.com | cyberbivash.blogspot.com | cryptobivash.code.blog

#CyberDudeBivash #UPI #Phishing #CourtSummonsScam #BankingSafety #ConsumerProtection #FraudAlert #India #CyberAwareness

Cyberdudebivash