Your power will not be cut tonight because of a text message. That is the single most important fact if you have just received an SMS saying your electricity connection will be disconnected in a few hours over an unpaid bill. Do not call the number in the message. Do not install any app it tells you to install. Real electricity boards (discoms) do not threaten same-day disconnection by SMS with a personal phone number to call — they send bills through their own official app or website, and disconnection follows a written notice and a real process, not a text from an unknown number.
If you have already called the number and someone asked you to install an app to "verify" or "pay" — stop before you open it. That app is the actual scam. The unpaid bill is just the bait.
How the scam actually works
The message usually looks something like this: "Dear Customer, your electricity service will be disconnected tonight at 9:30 PM because your last month bill was not updated. Please contact your electricity officer immediately. Contact Number: [a mobile number]." It may carry a logo, a fake complaint or consumer number, and urgent, slightly broken English or Hindi. It is built to trigger panic — nobody wants the power to go out at night, especially with children, elderly parents, medical equipment, or work-from-home deadlines at stake.
A worried reader calls the number. The person who answers claims to be a "electricity department officer" or "technical support executive." They say the disconnection notice was raised due to a "billing software error" or a "pending amount" and that it can be fixed instantly — but only if the customer installs a small app to let the officer "verify the meter reading remotely" or "process a token payment of just a few rupees to cancel the disconnection."
The link they send installs a screen-sharing or remote-access tool. These are real, legitimate apps built for tech support and IT teams — the scam is in who is asking you to install one, and why. Once it is installed and the victim shares the on-screen code, the caller can see everything on the phone: which apps are open, what is typed, and often the phone's screen in real time, sometimes even while the screen appears to show something else. The caller then talks the victim through opening their banking or UPI app "to verify" or "to pay the token amount" — and it is the attacker's fingers on the controls the whole time, not the victim's. A "few-rupee verification charge" can become a full account drain in minutes because the attacker now sees the OTP arrive on the same screen, and can act on it before the victim even registers what has happened.
The red flags
- The SMS comes from a personal-looking mobile number, not an official short code or discom sender ID.
- It demands action today, often within hours ("tonight at 9:30 PM").
- It gives you a phone number to call rather than directing you to the discom's official app, website, or 1912/1800 helpline.
- The person on the phone asks you to install an app you have never heard of, often by sending an APK file or a link outside the Play Store.
- They ask you to read out a code shown on your screen so they can "connect" — this is the screen-share pairing code, and reading it out hands them control.
- They ask you to open your UPI or banking app "just to check" or "to pay a token amount," while they are already connected.
- Real bills show your actual consumer number, meter reading history, and exact due amount — this message usually does not, or gets small details wrong.
| Genuine discom behaviour | Scam SMS behaviour |
|---|---|
| Bills raised via official app/website/SMS from a registered sender ID | Text from an unlisted personal mobile number |
| Disconnection follows a written notice period, not same-day | Threatens disconnection within hours |
| Payment through the discom's own app, website, or authorised counters | Pushes you to call a number and pay via a link/app they control |
| No employee ever asks to remotely control your phone | Insists you install a screen-share app to "fix" it |
| Consumer number, connection ID, and exact dues match your real account | Vague or slightly wrong account details |
If it is happening right now
- Do not call the number in the SMS. If you are worried the bill might genuinely be due, open your discom's own official app or website yourself, or use the helpline number printed on a past paper bill — never the number from this text.
- If you already called and someone is on the line asking you to install an app — hang up now. You can always call your discom back later through a number you find independently.
- If you have already installed the app and it is still open, turn off mobile data and Wi-Fi immediately, then close the app and uninstall it. Cutting the connection stops the attacker from seeing or controlling anything further.
- Do not open your banking or UPI app while the remote-access app is still installed or connected, even "just to check the balance." The attacker may be watching.
- Restart the phone after uninstalling the app, and change your net-banking and UPI PIN from a different, trusted device if possible.
Know your vulnerabilities before attackers do
Run a free VAPT scan — takes 5 minutes, no signup required.
Book Your Free ScanIf you have already paid or shared access
Speed decides whether the money can be recovered. Every minute matters.
- Call 1930 — the National Cyber Crime Helpline — immediately. This is the fastest route to get a bank transaction flagged and potentially frozen before the money moves further.
- File a complaint at cybercrime.gov.in, the Government of India's official portal for reporting cybercrime, even after calling 1930.
- Call your bank's official helpline (the number on your card or passbook, not one from any message) and ask them to freeze the affected account, block the card, and raise a dispute or chargeback for the transaction.
- Uninstall the remote-access app if it is still on the phone, and change every password and PIN linked to banking, email, and UPI, from a separate device if you can.
- Preserve evidence: screenshot the original SMS, note the phone number that called you, and save the transaction ID or UTR (Unique Transaction Reference) from your bank statement or UPI app. You will need these for both the 1930 report and the bank dispute.
How to protect family, especially elderly parents
Elderly parents living alone are frequent targets for exactly this scam — an urgent-sounding threat about a basic utility, combined with a stranger's calm, authoritative voice on the phone, can override caution fast. Sit down with them once and agree on a simple rule: no app gets installed because someone on a phone call asked for it, ever — not for electricity, not for a bank "verification," not for a courier delivery fee. If a bill or disconnection notice worries them, the only safe move is to open the discom's own app themselves, or to call a number written on an old paper bill, not any number a message or caller provides. It also helps to save the real, verified customer-care number for your family's electricity board directly into their phone's contacts, labelled clearly, so they never have to search for it under pressure.
disconnection tonight] --> B[Victim calls
the number given] B --> C[Told to install
a helper app] C --> D[Remote access
granted] D --> E[Attacker operates
banking app
on victim device] A --> F[Check official
discom app instead] B --> G[Never install an app
a caller asks for] style A fill:#5f1e1e,stroke:#EF4444,color:#e2e8f0 style B fill:#5f1e1e,stroke:#EF4444,color:#e2e8f0 style C fill:#5f1e1e,stroke:#EF4444,color:#e2e8f0 style D fill:#5f1e1e,stroke:#EF4444,color:#e2e8f0 style E fill:#5f1e1e,stroke:#EF4444,color:#e2e8f0 style F fill:#1e3d2f,stroke:#10B981,color:#e2e8f0 style G fill:#1e3d2f,stroke:#10B981,color:#e2e8f0
Why this family of scams keeps working
The fake electricity bill is one costume among many. The same script — an urgent SMS, a callback number, and a remote-access app — shows up dressed as a courier delivery fee, a KYC update, a SIM card block warning, a bank card expiry, or a tax refund. The pretext changes; the goal never does — get you to call, get you scared enough to act fast, and get that app installed. Recognising the pattern matters more than memorising any one version of it.
If something feels off about a message like this, it usually is. Bachao.AI, a scam-awareness initiative from Dhisattva AI Pvt Ltd, researches scam patterns like this one so that ordinary readers can recognise them before they cost money — trust that instinct, verify independently, and don't let urgency make the decision for you.
For more on recognising and reporting scams, see the official resources at RBI, CERT-In, and for anything related to a suspicious SIM or mobile connection, Sanchar Saathi run by the Department of Telecommunications. You can also read more scam-awareness guides on the blog.