Want To Stay Away From Cyber Fraud & Scams? Here's A Fullproof Cybersecurity Checklist Every Indian Must Follow Right Now

Most Indians know they should not share their OTP with strangers. But according to Anirban Mukherji, Founder and CEO of Pune-based cybersecurity firm miniOrange, the attacks that are actually draining bank accounts today are far more sophisticated , and the defences that matter most are the ones nobody talks about.

In an exclusive interview with the Free Press Journal, Mukherji laid out a comprehensive set of practices for ordinary users navigating India's increasingly dangerous digital landscape.

1. Never install APK files from WhatsApp or SMS

This is, in Mukherji's view, one of the single most dangerous habits of Indian smartphone users. "Do not install APK files sent on WhatsApp or SMS," he said, pointing to the case of a Mumbai police constable who lost Rs. 12.5 lakh after clicking a malicious APK link that gave attackers full control of her phone.

2. QR codes are for paying, not receiving

One of the most persistent misconceptions fuelling UPI fraud is the belief that a QR code can be used to receive money. "QR codes are usually for paying, not receiving. Do not scan QR codes to receive money," Mukherji said flatly. This single misunderstanding has cost thousands of Indians their savings.

3. Always verify the UPI ID name before transferring

"Check the UPI ID name before paying. Fraudsters use similar-looking names," he cautioned. A fraction of a second spent verifying the payee can prevent irreversible losses.

4. Do not trust Instagram ads alone when shopping online

"For online shopping, search the brand independently. Do not trust only Instagram ads," he said. Fraudsters exploit the trust that users extend to influencer promotions, familiar-looking logos and fake reviews to run sophisticated e-commerce scams.

5. Keep a dedicated UPI bank account with a limited balance

Rather than linking a primary salary account to UPI apps, Mukherjee recommends maintaining a separate bank account with a capped balance specifically for digital transactions. This limits the maximum possible loss in the event of fraud.

6. Use Multi-Factor Authentication, but not SMS OTP

"Use MFA everywhere, preferably Google Authenticator apps or Passkeys over traditional SMS OTP wherever possible, as they are less prone to phishing attacks," he advised. SMS-based OTPs, while better than nothing, can be intercepted through SIM-swapping attacks.

7. Keep your OS and apps updated, and delete what you don't use

Outdated software is one of the easiest entry points for attackers. Mukherjee recommends keeping phone operating systems and apps consistently updated, and deleting applications that are no longer in active use.

8. Never give remote access to 'support agents'

"Never give remote access through screen-sharing apps to support agents," he warned. This is a growing attack vector where fraudsters impersonate bank or company support staff and convince users to install apps such as AnyDesk or TeamViewer, handing over complete device control.

9. Do not store Aadhaar, PAN or passwords in your gallery or WhatsApp chats

"Do not keep Aadhaar, PAN, cancelled cheque and passwords in your gallery or WhatsApp," Mukherjee said, noting that this is a shockingly common practice - and one that can be exploited instantly if a device is compromised.

10. Review app permissions every month

Many apps silently retain permissions to access contacts, location and camera long after users have forgotten they installed them. A monthly audit of app permissions, Mukherjee suggests, goes a long way toward limiting exposure.

11. For senior citizens: a hard rule on pressure-based transfers

"For families, especially senior citizens, do not use any UPI app in mobile phones or create a rule: no money transfer under pressure," he said. Urgency is one of the most reliable tools in a fraudster's arsenal, and having a standing household rule removes the option of acting impulsively.

12. Call 1930 immediately if money is lost

Every minute counts. "Report immediately on 1930 if money is lost. Speed matters because funds can sometimes be frozen before they move further," he said. The government's Citizen Financial Cyber Fraud Reporting and Management System has helped save more than ₹7,130 crore by facilitating rapid freezing of accounts across over 23 lakh complaints.

Published on: Monday, April 27, 2026, 02:38 PM IST