SBI warns customers about fake YONO deactivation messages asking for Aadhaar updates
8 min. read 
Published on
State Bank of India customers are being targeted by fake messages claiming that the YONO app will be blocked or deactivated unless they update their Aadhaar details. The warning is important because the messages try to push users into clicking unsafe links or installing malicious APK files.
The claim has been flagged as fake by PIB Fact Check, which warned users not to download APK files or share personal information through such messages. SBI’s own online safety guidance also says customers should avoid unknown links and report suspicious messages through official channels.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The scam is spreading through SMS, WhatsApp, and email. It uses urgency to make users believe that their banking access will stop unless they act immediately. That pressure is the main trick behind the fraud.
How the fake YONO message works
The fraudulent message usually says the user’s YONO app or SBI account will be blocked because Aadhaar details have not been updated. It then provides a link or asks the user to install an APK file that pretends to help complete the update.
Once installed, a fake banking app can ask for login details, OTPs, card information, or other sensitive data. In some cases, malicious apps can also abuse permissions to read messages, monitor activity, or help attackers take control of the device.
SBI’s phishing safety guide says legitimate SBI communication uses official channels and that the bank never asks for passwords, PINs, CVV numbers, or OTPs through calls, SMS, or email.
| Scam element | What the message claims | What customers should do |
|---|---|---|
| YONO deactivation warning | The app will be blocked unless Aadhaar is updated | Do not click the link or install any APK |
| APK download | The file is needed for KYC or Aadhaar update | Use only official app stores and SBI channels |
| Urgent deadline | The account or app will stop working soon | Verify through official SBI support before taking action |
| OTP or banking request | Details are needed to complete verification | Never share OTP, PIN, CVV, or password |
Why the Aadhaar lure is effective
The attackers use Aadhaar because it sounds official and familiar. Many customers associate Aadhaar with banking, KYC, and identity checks, so a warning about an Aadhaar update can appear believable at first glance.
The scam also copies the tone of official banking alerts. It may use bank logos, threatening language, short deadlines, and links that look similar to real SBI pages. These small details can mislead users who are in a hurry.
SBI’s cyber security guidance advises customers not to download unknown apps suggested by strangers and to install applications only from official stores. This is especially important for Android users because APK files can be installed outside the Play Store if the user allows it.
What SBI says customers should never share
Customers should treat any message asking for banking credentials as suspicious. A real bank alert will not ask users to send secret account details through WhatsApp, SMS, email, or an unofficial web page.
The same rule applies to app updates. SBI does not ask customers to update YONO through random APK files sent in private messages. Users should update banking apps only through the Google Play Store, Apple App Store, or official SBI channels.
Users should also remember the advice shared by PIB Fact Check: suspicious messages linked to this YONO blocking claim should be reported instead of acted upon.
- Do not download APK files from SMS, WhatsApp, or email links.
- Do not share OTPs, passwords, PINs, CVV numbers, or card details.
- Do not click shortened or unusual links claiming to be from SBI.
- Do not allow unknown apps to read SMS messages or access the phone.
- Do not panic when a message threatens account blocking.
- Verify account issues through the official YONO app, SBI website, or customer care numbers.
How customers can report the fake message
SBI asks customers to forward phishing messages with screenshots and details to its official reporting email. The bank’s phishing guidance lists [email protected] as the email address for such complaints.
Customers who have already clicked a link, installed a suspicious app, or shared banking information should act immediately. They should change passwords from a trusted device, block cards if needed, monitor transactions, and contact the bank through official support channels.
For financial cyber fraud, the Indian Cybercrime Coordination Centre says complaints can be reported through the National Cybercrime Reporting Portal or the 1930 helpline. Fast reporting can help authorities and financial institutions act sooner.
| Situation | Recommended action |
|---|---|
| You only received the message | Delete it, do not click links, and report it to SBI |
| You clicked the link | Close the page, do not enter details, and scan the device |
| You installed an APK | Disconnect from the internet, uninstall the app, and scan the phone |
| You shared OTP or banking details | Contact SBI immediately, change passwords, and report cyber fraud |
| Money was debited | Call 1930 and file a complaint on the cybercrime portal |
Use Chakshu for suspicious calls, SMS, and WhatsApp messages
Customers can also report suspected fraud communications through Sanchar Saathi’s Chakshu service. The portal allows users to report suspicious calls, SMS, and WhatsApp messages that appear to involve impersonation, KYC fraud, banking fraud, or other cybercrime attempts.
Chakshu is useful when the user has received a suspicious message but has not lost money. If money has already been lost, the same portal directs users to report the incident through the cybercrime helpline 1930 or the national cybercrime portal.
This distinction matters. A suspicious message should be reported as attempted fraud, while a financial loss should be treated as an urgent cybercrime complaint.
How to spot a fake YONO APK scam
Most fake banking messages follow a pattern. They create fear, give a short deadline, and offer a quick link to solve the problem. The link then leads to a fake website or a download that is not from an official app store.
SBI’s cyber security page warns users not to click unknown links, not to share sensitive information, and not to install unknown apps suggested by strangers. Those rules apply directly to this YONO Aadhaar scam.
Customers should also check whether the message came from a strange number, contains spelling errors, asks for private information, or uses language designed to scare them. Any one of these signs should be enough to stop and verify.
- Open YONO only from the installed official app.
- Do not use links in unsolicited messages to access SBI services.
- Update the app only through Google Play or the Apple App Store.
- Call SBI only through numbers listed on official SBI websites or inside the app.
- Report suspicious messages before deleting them.
What to do if a device may be compromised
If a customer installed a fake APK, they should stop using that phone for banking until it has been checked. Attackers may try to capture OTPs, read notifications, or observe app activity.
The safer move is to use another trusted device to change SBI login credentials and other important passwords. Customers should also remove the suspicious app, run a security scan, review app permissions, and check recent transactions.
If money was transferred without permission, users should contact the bank and report the incident through the Indian Cybercrime Coordination Centre system as quickly as possible. Users can also submit attempted fraud communications through Sanchar Saathi’s Chakshu service when no financial loss has occurred.
Bottom line
The fake YONO deactivation message is a phishing and APK fraud attempt. SBI customers should not click the link, install the file, or share any Aadhaar, OTP, PIN, password, CVV, or card details through the message.
The safest response is simple: ignore the message, report it, and use only official SBI apps and websites for any account update. Customers who already interacted with the message should act quickly, secure their account, and report the incident through official cybercrime channels.
FAQ
No. The circulating message claiming that YONO will be blocked unless Aadhaar details are updated through an APK or link is fake. Customers should not click the link or install any attached file.
No. SBI customers should never install APK files received through SMS, WhatsApp, email, or unknown links. Banking apps should be installed or updated only through official app stores and official SBI channels.
Customers should never share OTPs, passwords, PINs, CVV numbers, debit card details, internet banking credentials, or personal banking information through calls, SMS, WhatsApp, email, or unofficial websites.
SBI customers can forward phishing messages with screenshots and details to [email protected]. If money has been lost, they should call 1930 and file a complaint on the National Cybercrime Reporting Portal.
Stop using that device for banking, disconnect it from the internet, remove the suspicious app, scan the phone, change passwords from another trusted device, contact SBI, and report any financial loss through 1930 or the cybercrime portal.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages