Instant payment alerts have become a natural part of our everyday life. A ping on our phone tells us that my salary just landed, another buzz confirms my latest online purchase, another ping lets me know my rent payment went through without a hitch. These instant updates keep us informed about our transactions and foster a trustworthy relationship with our bank.

However, these same alerts designed to protect us become a tool for fraud.

147 million phishing SMS were received daily by mobile customers in 2023, marking a staggering 20% increase from the previous year.

But India has emerged as a dramatic epicenter for these scams.

Scammers have weaponized SMS payment alerts, sending fake messages that look just like official bank notifications. The results -

-135,000 cases of SMS phishing reported in the first half of 2024– a 175% increase from previous years.²

-Indian banks reported US $240 million (INR 2,000 crore) in losses from SMS phishing scams in 2023.³

-17,10,505 cybercrime complaints registered in 2024, signalling an urgent crisis.

3 most popular SMS phishing scams

• Fake payment alerts – “Suspicious activity detected on your account. Call customer support immediately!” (The number belongs to the scammer.)

• KYC update scams – “Your KYC is about to expire. Click here to update now.” (The link steals your credentials.)

• Prize and reward scams – “Congratulations! You have won US $575.91(₹50,000). Claim now.” (As of 2023, 72% of Indians reported receiving such scam messages.)

How fake payment alert scam take place?

Customers receive a payment alert stating that a certain amount has been credited to their bank account. Out of curiosity, they check their payment or banking app. Meanwhile, the scammer sends a "Request Money" notification.  

When the customers enter their PIN to verify the transaction, they unknowingly approve the request instead of checking the actual source of the credited amount. As a result, the money is deducted from their account and sent to the scammer.

Impact of payment alert scam on CX

Loss of Trust: Scams can make customers doubt real messages from banks and financial institutes, making them less likely to engage or stay loyal because they worry about their money being at risk.

More work for customer support: When scams happen, more people call or message for help, which can slow down response times and make customers unhappy.

Bad Reputation: People who get scammed might blame the banks and financial institutes, spreading negative opinions that can scare away new customers.

6 Key practices to prevent SMS phishing scams

Implementation of SMS sender ID registries

The Telecom Regulatory Authority of India (TRAI) mandates that all entities sending bulk SMS register their headers (Sender IDs) with telecom service providers. This ensures that only authorized senders can transmit messages, reducing the risk of fraudulent communications.  

For instance, businesses must register their SMS headers in a specific format, such as XY-ZZZZZZ, where 'X' denotes the access provider's code, and 'Y' represents the service area code.

Suspension of fraudulent telemarketers

The Department of Telecommunications (DoT) has suspended operations of telemarketing companies found guilty of sending massive volumes of fraudulent SMSes.  

For example, V-con Intelligent Security and Onextel Media were suspended for disseminating 55.5 million deceptive messages.

Real-time monitoring and blocking

Telecom service providers have implemented “A2P SMS filtering system” to trace commercial SMS messages, aiming to reduce spam and fraudulent communications. As of December 2024, over 90% of organizations or companies involved in sending commercial SMS have registered⁴, ensuring minimal disruption to legitimate messages such as One-Time Passwords (OTPs). Full blocking of non-compliant messages slated began on December 11, 2024.

Blacklisting fraudulent entities

The Department of Telecommunications (DoT), in collaboration with the Ministry of Home Affairs (MHA), has blacklisted principal entities (organizations or companies involved in sending commercial SMS) responsible for sending fraudulent messages. For instance, over 10,000 deceptive messages were traced to eight SMS headers, leading to the blacklisting of the associated entities.

Collaboration with financial institutions and government agencies  

The Reserve Bank of India (RBI) has issued guidelines to financial institutions, advising them to utilize the Mobile Number Revocation List (MNRL) available on the Digital Intelligence Platform (DIP) developed by the Department of Telecommunications (DoT). This collaboration aims to monitor and clean customer data, preventing the misuse of mobile numbers in fraudulent activities.

Public awareness campaigns

Government launched the "Scam Se Bacho" Campaign in collaboration with Meta, to educate customers on recognizing and reporting online scams, aiming to foster a culture of digital safety. These campaigns are delivered via emails, SMS, and social media, and are made available in regional languages for broader reach.  

Conclusion

Payment alerts are indispensable in modern banking. But as cybercriminals become more sophisticated, customers, banks, and telecom providers must work together to strike the right balance between security and convenience.

By adopting stricter verification measures, real-time monitoring, and staying vigilant, we can ensure that payment alerts remain a tool of protection—not deception.

Sources-  

Cybersecurity statistics for 2025 | NordVPN.

Cyber frauds jump 900% in 4 years: Small cities like Deoghar, Nuh, Mathura emerge as new scam Capitals | India News - The Indian Express

How RBI Plans to Curb Online Frauds

ofcom.org.uk/siteassets/resources/documents/consultations/category-1-10-weeks/review-of-the-a2p-sms-termination-market/main-and-supporting-documents/a2p-sms-termination-consultation.pdf?v=390118