By N.Vasudeva Rao

As India’s digital footprint grows, so too does the threat from increasingly sophisticated cyber scams—from WhatsApp OTP fraud to deepfake financial deception. To better understand this evolving landscape, Deccan Vision spoke with U.S.-based cybersecurity expert and patent holder Suryaprakash Nalluri. With over 20 years of experience securing banking and financial applications, Nalluri has helped global organizations build secure systems by embedding protections early in the software development lifecycle.

A frequent keynote speaker at IEEE and Springer conferences, Nalluri is also a published author and U.S. patent holder in DevSecOps. His recent commentary on Protestware—software modified for political purposes—has drawn wide attention in cybersecurity circles for its relevance to open-source security and supply chain risk.

An interview with Suryaprakash Nalluri, Cybersecurity Expert

In India, which kinds of cyber scams do we see most often right now?

UPI-related frauds are currently more widespread than ever. Scammers persuade individuals to utilize QR codes or provide OTPs, claiming this is necessary for refunds or KYC modifications. Phishing SMS messages sometimes pretend to be from banks, telecom companies or government web pages. A lot of these platforms are used for scamming people with fake loan apps and fraudulent investment offers.

How can you recognize if a call or text message might be a scam?

If someone tries to hurry you up, threaten to disable your account or promises unusually large rewards - be careful, it may be fake. Check for misspelled words, dubious numbers or emails sent from unknown email addresses. Mainly, you should not receive phone calls asking for your one-time password (OTP) or UPI PIN.

Deepfake scams have sparked growing concern. Should the public be worried?

Absolutely. In many parts of the world, victims have received phone calls asking for urgent funds using an AI-generated voice message or video that mimics family members or a boss using deep-fake technology. Since these tools are getting cheaper, there will be more personalized scams. Never act until you are certain the request is real.

What methods do scammers use on job websites and dating apps to target people?

They attract people with lucrative jobs overseas, require them to pay “processing” fees and then disappear. Emotional links with victims are formed on dating apps so that scammers can ask for cash. Emotions often lower people's guard, making them more vulnerable to scams.

Who is most susceptible to these scams?

Anyone can fall victim to fraud.  Many young people become victims of scams that promise quick cash or crypto profits. Middle-aged professionals may be misled by fake investment portfolios or fraudulent changes to insurance coverage. Seniors are particularly vulnerable to scams involving tech support or pension-related offers.

What are some easy actions individuals can use to protect themselves online?

Below are a few tips:

1. Never share OTPs (One-Time Password) or UPI PINs (Unified Payments Interface Personal Identification Number).
    
2. Don’t scan random QR codes sent via WhatsApp – they may trigger fraudulent payment requests.
    
3. Install apps only from official app stores.
    
4. Enable two-factor authentication on all important accounts.
    
5. Use strong, unique passwords and change them regularly.
    
6. And most importantly - pause and verify before acting. That 10-second pause can save your savings.
    

Is Wi-Fi at places like cafes or airports secure?

It’s a very good question. Avoid logging into sensitive accounts or banking apps on public Wi-Fi unless using a VPN. Do financial transactions with mobile data on or choose a VPN if no alternative is available.

Are there any official sites provided by the government to report scams?

Yes! You can file a report on cybercrimes at cybercrime.gov.in. You can also dial 1930 if you face UPI frauds. A rapid response helps to freeze the money that has been taken from you.

How can people living in rural areas be taught about using technology?

Increasing cyber awareness in rural communities requires targeted efforts. More awareness campaigns in local languages, public service announcements (PSAs) on radio/media and training sessions at the panchayat level will significantly help. Schools and NGOs play a key role in lessening this divide. Rural communities must also be cyber-aware. People who have knowledge on cybersecurity can help others to spot and avoid dangerous phishing links.

And finally, what is the key takeaway you'd like to leave with our readers?

If a message feels rushed, lacks clear answers, or raises unusual risks, treat it as a potential scam. Pause, verify, and think before you act.

Conclusion

Cyber threats today aren’t just targeting big institutions, they’re reaching into our homes, phones, and everyday apps like WhatsApp and PhonePe. As cybersecurity expert Suryaprakash Nalluri emphasizes, “Cybercriminals now follow the money—and in India, that means targeting UPI apps like PhonePe, Google Pay, and Paytm.”

To stay safe, always secure your financial accounts with multi-factor authentication (MFA), such as one-time passwords (OTPs), and never share them—even with someone claiming to be from your bank or a trusted service.

“If someone calls and asks for your OTP or UPI PIN, it’s not support—it’s a scam,” warns Nalluri. “Legitimate companies will never ask for it.”

Be cautious with unsolicited links, QR codes, or messages that pressure you to act fast. Pause, verify, and think before you click or pay.

Share this knowledge with your family and friends. A few seconds of caution can protect months—or years—of savings. Together, we can build a more cyber-aware and financially secure India.