Phishing Scam Targets India AI Impact Summit Attendees: Urgent Security Advisory
After the India AI Impact Summit 2026 concluded in New Delhi, a sophisticated phishing campaign surfaced. An urgent warning about fraudulent messages circulating across major mobile platforms has been sent to all participants by the Ministry of Electronics and Information Technology (MeitY) and the official summit organizers.
Nature of the Scam
The criminals are using the event's widespread publicity more than 50,000 people from 118 countries attended to trick people into giving up private financial information.
● The Tool: The main methods used by scammers to communicate directly with potential victims are SMS and WhatsApp communications.
● The Technique (Social Engineering): The emails indicate that the receiver is awaiting a "refund" and pose as event officials. This instills a sense of urgency and financial incentive.
● The Payload: In order to "process" their refund, users are prompted to click a link. This link takes users to a fake website that harvests:
a) Full Credit/ Debit Card Numbers.
b) WhatsApp Numbers and Personal Contact Details.
c) One-Time Passwords (OTPs).
Perpetrators and Methodology
The cybercriminals posing as official conference organizers, although no specific names have been given. Their approach is based on "living off the land" by utilizing popular messaging apps that were probably checked by attendees during or after a significant conference on their mobile devices.
Recommended Security Actions
All guests are given a clear three-step answer in the advice shown in the images:
- Immediate Avoidance: Any links in unsolicited messages about "refunds" or "personal verification" should not be clicked.
- Report and Block: To stop future communication, delete the message right away and block the sender's phone number.
- Emergency Securing: To freeze your accounts and stop illegal transactions, you must get in touch with your bank right away if you have already supplied your details.
Official Channel Verification: The summit organizers stress that only verified official channels and websites will be used to disseminate any valid event-related updates.
Quick Response Guide for Victims
If you have already supplied your information or engaged with a dubious link:
● Freeze Accounts: Call your bank right away or "Block" all of your credit and debit cards using your mobile banking app.
● Change Credentials: Change the passwords for all of the emails connected to your bank accounts and update your WhatsApp two-step verification code.
● Report to Authorities:
a) National Cyber Crime Reporting Portal: Give the national hotline a call at 1930.
b) Sanchar Saathi: To report the bogus mobile number, use the Sanchar Saathi portal's "Chakshu" feature.
● Scan for Malware: If you downloaded any "refund app" or files from the link, use a reliable antivirus program to perform a thorough security check on your mobile device.
|
Note: To get a stress-free working environment, you can go for a specially designed tool, “PhishNext,” which provides specialized simulations of phishing attacks so that users can get used to such attacks and never become victims of such attacks. |
Trending Blogs
- What Is Open-Source Intelligence (OSINT)? | PhishNext
- What Is AI Security Posture Management (AI-SPM)?
- Winner of the AI Arms Race: Threat Actors vs Cybersecurity Defenders
- Phishing Simulation: How It Works to Reduce Risk? | PhishNext
- 50% Rise in Ransomware Attacks Even as Payments Drop
- Top Six Key Benefits & Core Features of Endpoint Security | PhishNext
- Top Tools That Hackers Use to Weaponize Emails | PhishNext
- Stolen Traveler Data Is on Sale at Dark Web, According to Eurail
- Threat Actors Get Real-Time Access to Attacks via Voice Phishing Kits
- Attackers Using LLMs to Create Phishing Pages in Real Time
- Why Phishing Attacks Are Increasing in 2026?
