Share
SMISHING / INDIA

Electricity disconnection text scam in India: the fake bill APK, explained

A text lands in the evening: your electricity will be cut tonight because of an unpaid bill, pay now or update your KYC, here is the number to call or the app to install. It feels urgent and official. It is a scam. The message comes from a plain 10-digit mobile number, not your discom, and the link installs an app that reads your SMS, steals your OTPs and empties your bank account. Here is how to recognize it in the few seconds you have before you panic.

SafeBrowz Threat Research

Verdict: phishing scam

An SMS or WhatsApp message that says your electricity will be disconnected tonight over an unpaid bill, and asks you to call a number or install an app to pay, is a scam, not a notice from your power company. Your discom (BSES, Adani Electricity, Tata Power, TNEB, MSEDCL and the rest) sends genuine messages from a registered DLT alphanumeric sender header such as VM-BSESRJ, never from a personal 10-digit mobile number. The scam link sideloads a malicious app (an APK outside the Play Store) that asks for SMS and accessibility permissions, then quietly reads the one-time passwords your bank sends and drains your account. Real bills are never "pay within the hour or you are cut off tonight," and no real discom asks you to install an app over SMS. If you get one, do not call, do not click, do not install. Pay only through the official app, official website or BBPS. Report it at cybercrime.gov.in or call 1930, and flag the sender on the Chakshu service of the Sanchar Saathi portal.

What the message actually says

The wording barely changes from one campaign to the next, because it works. A typical version reads something like: "Dear Customer, your electricity will be disconnected tonight at 9:30 PM as your previous month bill was not updated. Please immediately contact our electricity officer" followed by a 10-digit phone number. Other variants tell you your "KYC is pending," your "meter needs verification," or there is a "pending payment of Rs 47" and attach a short link to "pay now" or "download the bill app."

That tiny pending amount is deliberate. Rs 47 or Rs 99 is small enough that paying it feels easier than arguing, and the scam only needs you to start the flow. Once you are on the call or on the page, the real target is not the 47 rupees. It is your phone and your bank.

The two traps

Almost every version of this scam ends in one of two places.

The malicious app (APK)

The link does not open a payment page. It downloads an Android app file, an APK, from outside the Google Play Store. When you open it, your phone warns that installing from "unknown sources" is risky, and the scam page coaches you to ignore that warning. Once installed, the app asks for SMS permission and accessibility permission. With SMS access it can read every text that arrives, including the one-time passwords your bank sends to authorize a transfer. With accessibility access it can see what is on your screen and tap buttons on your behalf. From there the operator can initiate transfers, read the OTP the bank sends, approve it, and empty the account, all without you seeing a thing. This is the same malicious-APK playbook we break down in our fake bank app APK guide.

The "officer" call

If you call the number instead, a confident "electricity department officer" answers. He tells you the disconnection is already scheduled and the only way to stop it is to "verify" your account right now. That verification turns into one of two things: he walks you through installing a screen-sharing app like AnyDesk or TeamViewer so he can "fix it from his end," which hands him a live view of your phone while you log into your bank; or he asks you to make a tiny "verification payment" of a few rupees, during which you expose your UPI PIN or card details. Either way the small step is the hook, and the account is drained behind it. This is a close cousin of the digital arrest scam wave, which uses the same manufactured panic.

The one signal that exposes it: the sender

Here is the test that beats the panic every time. In India, any company that sends you transactional or service SMS, including every electricity board and every bank, must send it through a registered DLT (Distributed Ledger Technology) alphanumeric sender header. That is why a real message shows up from something like VM-BSESRJ, AD-TATAPW or JM-MSEDCL, a short code with letters, not a phone number you could dial back.

A genuine discom or bank message never arrives from a personal 10-digit mobile number. So the moment a "bill" or "disconnection" warning comes from a plain 10-digit number, you already have your answer: it is a scam. You do not need to read another word of it. This single rule, taught by the TRAI DLT framework that governs commercial SMS in India, is the cleanest tell in the whole scam.

The second tell is the demand itself. A real electricity bill gives you a due date that is days or weeks away, and disconnection follows a documented notice process, not a one-hour countdown by text at night. "Pay immediately or you are disconnected tonight" is pressure, and pressure is the scammer's main tool.

๐Ÿ›ก LIVE CHECK

Check that "pay your bill" link before you tap it

Got a link in a disconnection text or an electricity-bill message and not sure where it leads? Paste it below before you open it, before you install anything, and before you enter a single detail. Our 3-layer engine (Local + APIs + AI) returns a verdict in about 3 seconds. Free, no signup.

Full scan with deep AI analysis โ†’ ยท No URL is logged to your identity.

How big is this

This is not a handful of stray texts. It is an organized operation. India's Department of Telecommunications (DoT) has blocked 392 mobile handsets that were linked to roughly 31,740 phone numbers used in exactly this kind of fraud, and ordered the numbers re-verified (reported by Moneylife, citing DoT action). The scale tells you these messages are sent by the lakh, rotating through numbers faster than any single block can keep up, which is why recognizing the pattern matters more than blocking any one sender.

It sits inside the broader 2026 India smishing wave that includes fake KYC texts, fake delivery notices, the digital arrest calls, and UPI collect-request fraud. CERT-In, India's national computer emergency response team, has issued advisories on malicious-app and OTP-theft fraud of this type.

Red flags of the electricity disconnection scam

  • It comes from a 10-digit mobile number. A real discom or bank message arrives from a registered DLT alphanumeric header (letters, like VM-BSESRJ), never a personal phone number. A 10-digit-number "bill" demand is a scam, full stop.
  • It threatens disconnection tonight or within the hour. Real bills have a due date days away and a documented notice process. A one-hour night-time deadline exists to make you panic and skip the checks.
  • It tells you to install an app or download a "bill" APK. No real electricity board sends you an app to install over SMS. Their official apps live on the Play Store, found by you, not pushed to you by a link.
  • It pushes you to call one specific number. The "officer" on the other end is the next stage of the scam, not customer support.
  • It quotes a tiny pending amount. Rs 47, Rs 99, a few hundred. Small enough to pay without thinking, which is the whole point.
  • The link is a shortened or odd-looking URL. Not your discom's official domain. If a domain is involved at all, it is a lookalike, not the real one.
  • It asks you to enable "unknown sources," screen sharing, or grant SMS and accessibility permissions. Those three requests are how the malicious app reads your OTPs and controls your phone.

What to do

  1. Do not call, do not click, do not install. The message has no power until you act on it. Looking at it costs you nothing. Calling the number or installing the app is where the loss begins.
  2. Check the real bill yourself. Open your discom's official app or website that you typed yourself, or use BBPS through your own banking app, and look up your account. If there is a real due amount, you will see it there. If there is not, the text was a lie.
  3. Never install an APK from a text link. Get apps only from the Google Play Store, and never enable "install from unknown sources" because a caller told you to.
  4. Never share an OTP or install screen-sharing software for an "officer." No real utility or bank needs AnyDesk, TeamViewer, your UPI PIN, or an OTP to keep your power on.
  5. If you already installed the app, act now. Put the phone in airplane mode, uninstall the app, and from a different trusted device change your banking and UPI passwords and freeze or alert your bank. Then run a security scan or factory-reset the phone. Our what to do after a scam guide has the full sequence.
  6. If money already moved, call your bank's fraud line immediately and report within the golden hour, the sooner the better for any chance of a reversal.

How to report it in India

  • Report financial fraud to the national cybercrime helpline. Call 1930 or file at cybercrime.gov.in. Reporting fast gives the best chance of freezing the money before it is withdrawn.
  • Report the sender on Chakshu. Use the Chakshu service on the sancharsaathi.gov.in (Sanchar Saathi) portal to report the suspicious SMS, call or WhatsApp message so the number can be acted on.
  • Forward spam to your operator. Report unsolicited commercial messages to your mobile operator so the sender is flagged in the DLT system.
  • Tell your discom. BSES, Adani Electricity, Tata Power and others want to know their name is being used, so they can warn other customers. Use the contact details on their official site, not the number in the text.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

  • Layer 1 - Local detection: 60+ URL pattern signatures plus a 550+ brand database (Indian discoms, banks and payment apps included) plus homograph and Punycode checks, all running inside the extension before the page renders. It catches lookalike "pay your bill" domains and flags the kind of link that fronts a malicious APK download.
  • Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus and ScamAdviser feeds plus 30+ scam TLD lists to flag domains already reported as malicious, which covers fake bill-payment and APK-hosting pages as they get reported.
  • Layer 3 - AI deep scan (Premium): 100+ language content analysis catches a brand-new fake discom page in seconds, including a fresh lookalike that copies a power company's branding and pushes an app download or a "pay immediately" flow.

Honest scope: SafeBrowz checks the link in the message, so a fake bill-payment page or an APK-hosting page is flagged before it loads on your screen. What it cannot do is read your SMS inbox or block a phone call, so the human rules still matter most: a 10-digit-number "disconnection" text is a scam, and no real discom sends an app over SMS. SafeBrowz catches the link, you catch the message.

Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

Where browser and link-layer defense fits

The dangerous moment in this scam is the tap on the link, the second before an APK starts downloading or a fake payment page asks for your card. Link-layer scanning catches that step. When a "pay your electricity bill" link points to a lookalike domain or an APK file instead of your real discom, a brand-aware scanner flags it before it opens. SafeBrowz is a free extension for Chrome, Firefox and Edge, with a SafeBrowz Android app and Safari coming soon, that checks every URL before it renders against a 550+ brand database, with 60+ URL pattern signatures and optional AI deep scan. Learn how to tell if a website is a scam, see how phone and text scams work, install SafeBrowz, and pair it with the one rule that beats this whole category: a disconnection demand from a 10-digit number is a scam, and you pay only through your discom's own app, website or BBPS.

Install SafeBrowz free

Add the browser extension, or the SafeBrowz Android app, that runs every check in this article automatically, on every page, before it renders. Free forever, with optional Premium AI deep scan at $14.99 per year.

Chrome Add to Chrome Firefox Add to Firefox Edge Add to Edge Google Play Get it on Google Play

See pricing and Premium features

Frequently asked questions

I got a text saying my electricity will be cut tonight. Is it real?

Almost certainly not. Check the sender. A genuine message from your discom (BSES, Adani Electricity, Tata Power, TNEB, MSEDCL and others) comes from a registered DLT alphanumeric header such as VM-BSESRJ, never from a personal 10-digit mobile number. If the message comes from a 10-digit number, threatens disconnection tonight, asks you to call a number, click a link or install an app, it is a scam. Do not call or click. Check your real bill in your discom's official app or website, or via BBPS.

How do I tell a real discom SMS from a scam one?

The sender is the giveaway. Real transactional and service SMS in India must be sent through a registered DLT alphanumeric sender header, so it shows letters like VM-BSESRJ or AD-TATAPW, not a number you could dial. A real bill also gives a due date days away and never demands payment within the hour or threatens disconnection the same night. A 10-digit-number message with a one-hour deadline and a link to "pay" or "install an app" is a scam.

What happens if I install the electricity bill APK?

The app file installs from outside the Play Store and asks for SMS and accessibility permissions. With SMS access it reads every text, including the one-time passwords your bank sends to authorize transfers. With accessibility access it can see your screen and tap buttons for you. Together that lets the operator initiate a transfer, read the OTP, approve it and empty your account without you seeing anything. If you installed it, put the phone in airplane mode, uninstall it, change your banking and UPI passwords from another device, alert your bank, and factory-reset the phone.

The "officer" on the call asked me to install AnyDesk. Should I?

No. AnyDesk and TeamViewer are screen-sharing apps. An "electricity officer" who asks you to install one is trying to watch your screen while you log into your bank, or to control your phone. No real utility or bank ever needs screen sharing, your UPI PIN, or an OTP to keep your power connected. Hang up. If you already installed it, uninstall it, disconnect the internet, and change your bank credentials from a different device.

Where do I report an electricity disconnection scam in India?

Report financial fraud to the national cybercrime helpline by calling 1930 or filing at cybercrime.gov.in, and do it fast for the best chance of freezing the money. Report the suspicious sender through the Chakshu service on the Sanchar Saathi portal (sancharsaathi.gov.in), and forward the spam message to your mobile operator. Tell your discom too, using the contact details on their official website, so they can warn other customers.

Related reading

Bottom line: A text that says your electricity will be cut tonight and tells you to call a number, click a link or install an app is a scam, not a notice from your power company. It comes from a 10-digit number, not your discom's registered DLT header, and the app it pushes reads your OTPs and drains your bank. Never call, click or install. Check your real bill in the official app or BBPS, report it at cybercrime.gov.in or 1930, and keep SafeBrowz on your browser so a fake bill-payment or APK link is flagged before it ever opens.