Indian Bank Warns of Surge in LPG-Themed Phishing Scams Targeting Customers
Indian Bank has issued a cybersecurity advisory alerting customers to a widespread fraud campaign exploiting concerns over LPG cylinder availability. Cybercriminals are sending deceptive messages via SMS, WhatsApp, and social media, impersonating major LPG providers Indane, Bharat Gas, and HP Gas to steal banking credentials and drain accounts.
The scam employs urgent social engineering tactics, falsely warning recipients of pending KYC updates or unpaid bills to trigger panic. Messages like “Your LPG KYC is pending. Limited stock. Click here to update” or “Immediate payment required to avoid disconnection” redirect victims to fake websites designed to harvest UPI PINs, OTPs, and banking details.
More advanced attacks involve malicious APK files sent via WhatsApp, which, once installed, grant attackers access to stored passwords and sensitive data. Some fraudsters also pose as bank officials, directing users to click links during WhatsApp calls.
Authorities, including Delhi Police’s cybercrime units, have received multiple complaints through the national helpline (1930). Scammers are also running fake social media ads using official gas company logos to lure victims to fraudulent payment portals.
Security researchers classify this as an event-driven phishing campaign, leveraging fears of LPG shortages to maximize success rates. Indian Bank’s advisory emphasizes verifying all requests through official LPG apps or helplines and reporting suspicious activity to cybercrime.gov.in. No legitimate provider or bank will request sensitive information via unsolicited links.
Source: https://cybersecuritynews.com/fake-lpg-payment-and-kyc-update/
Indian Bank cybersecurity rating report: https://www.rankiteo.com/company/indianbank
Indane gas cybersecurity rating report: https://www.rankiteo.com/company/indane-gas
"id": "INDIND1775636763",
"linkid": "indianbank, indane-gas",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Banking/Financial Services',
'location': 'India',
'name': 'Indian Bank Customers',
'type': 'Bank Customers'},
{'industry': 'Energy/Oil & Gas',
'location': 'India',
'name': 'Indane',
'type': 'LPG Provider'},
{'industry': 'Energy/Oil & Gas',
'location': 'India',
'name': 'Bharat Gas',
'type': 'LPG Provider'},
{'industry': 'Energy/Oil & Gas',
'location': 'India',
'name': 'HP Gas',
'type': 'LPG Provider'}],
'attack_vector': ['SMS',
'WhatsApp',
'Social Media',
'Malicious APK Files',
'Fake Websites'],
'customer_advisories': 'Indian Bank issued public advisory to customers to '
'verify requests and report suspicious activity',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['UPI PINs',
'OTPs',
'Banking Credentials',
'Personally Identifiable '
'Information']},
'description': 'Indian Bank has issued a cybersecurity advisory alerting '
'customers to a widespread fraud campaign exploiting concerns '
'over LPG cylinder availability. Cybercriminals are sending '
'deceptive messages via SMS, WhatsApp, and social media, '
'impersonating major LPG providers Indane, Bharat Gas, and HP '
'Gas to steal banking credentials and drain accounts. The scam '
'employs urgent social engineering tactics, falsely warning '
'recipients of pending KYC updates or unpaid bills to trigger '
'panic. Messages redirect victims to fake websites designed to '
'harvest UPI PINs, OTPs, and banking details. More advanced '
'attacks involve malicious APK files sent via WhatsApp, which, '
'once installed, grant attackers access to stored passwords '
'and sensitive data. Some fraudsters also pose as bank '
'officials, directing users to click links during WhatsApp '
'calls.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Indian Bank and LPG providers',
'data_compromised': ['UPI PINs',
'OTPs',
'Banking Credentials',
'Stored Passwords',
'Sensitive Data'],
'financial_loss': 'Drained bank accounts',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Event-driven phishing campaigns leverage fears of '
'shortages to maximize success rates. Customers must '
'verify unsolicited requests through official channels.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': 'Enhanced customer awareness '
'and verification protocols',
'root_causes': 'Exploitation of LPG shortage fears '
'via social engineering'},
'recommendations': 'Verify all requests through official LPG apps or '
'helplines. Report suspicious activity to '
'cybercrime.gov.in. Avoid clicking unsolicited links or '
'installing APK files from unknown sources.',
'references': [{'source': 'Indian Bank Cybersecurity Advisory'},
{'source': 'Delhi Police Cybercrime Units'}],
'response': {'communication_strategy': 'Public advisory issued by Indian Bank',
'containment_measures': 'Advisory issued to customers to verify '
'requests through official channels',
'law_enforcement_notified': 'Delhi Police’s cybercrime units',
'remediation_measures': 'Reporting suspicious activity to '
'cybercrime.gov.in'},
'stakeholder_advisories': 'Indian Bank advisory to customers and stakeholders',
'threat_actor': 'Cybercriminals',
'title': 'Indian Bank Warns of Surge in LPG-Themed Phishing Scams Targeting '
'Customers',
'type': 'Phishing Scam',
'vulnerability_exploited': 'Social Engineering (Urgent KYC/Billing Alerts)'}