EPFO PF Withdrawal Scam in India 2026: Fake "Your Pension Is Pending" Calls
Mrs Sharma, 62, retired from a bank in Pune three months ago. Her phone rings on a Tuesday afternoon. The caller, friendly and unhurried, says he’s from EPFO regional office. He reads back her UAN, her former employer’s name, her last drawn basic pay. He says her pension claim has been stuck due to an “Aadhaar mismatch” and will lapse in 48 hours unless she completes a small verification step. Could she please install a screen-sharing app called AnyDesk so he can help her fix it from the EPFO side?
Mrs Sharma installs AnyDesk. The “EPFO officer” walks her through opening her UAN portal, she logs in, he can see her balance: ₹31,80,000. He asks her to make a small ₹1 test payment from her banking app to “verify her account is active”. She opens HDFC NetBanking. While she does the ₹1 transfer, he silently initiates a withdrawal claim against her UAN, captures the OTP from her phone, and transfers ₹7,50,000 from her bank account simultaneously. By the time she hangs up the call she has lost almost ₹8 lakh.
This is the EPFO PF-withdrawal scam, and in 2026 it is one of the highest-loss-per-incident scam categories in India. The targets are mid-50s to 70s workers approaching or in retirement. The losses regularly reach ₹5-50 lakh in a single session. This guide walks through how the scam actually works, how real EPFO PF claims process, the four signals that catch every variant, and what to do if you’ve already engaged.
What the scam looks like
The script varies by which call centre is running the campaign that week, but the structure is universal. Three redacted variants reported by victims to ScanTotal’s SMS Scam Analyzer and a partner cyber-crime cell over the past 90 days:
The amount changes. The brand cited changes (EPFO directly, UMANG app, regional commissioner’s office, your former employer’s “HR liaison”). The pretext changes (Aadhaar mismatch, e-nomination pending, employer attestation pending, KYC outdated). The trick, transfer of trust to a scammer with screen-sharing access, does not.
How real EPFO PF withdrawals actually work
The most important fact: EPFO never makes outbound calls to members about pending claims. All claim processing happens through the member-side workflow that you initiate, with status visible in your UAN dashboard. If anyone is calling claiming to be from EPFO offering to help you process or release a stuck claim, it is fraud, full stop.
The actual claim flow for a real PF withdrawal:
- You initiate the claim by logging into
unifiedportal-mem.epfindia.gov.inwith your UAN and password. Or you use the UMANG app, downloaded from the verified Play Store / App Store publisher. - You confirm KYC is in order, Aadhaar, PAN, and bank account must be linked and verified by your employer (this happens once at registration; you don’t need to re-verify per claim).
- You submit Form-31 (partial), Form-19 (final), or Form-10C (pension) online with your bank account details where the funds should land. The bank account must be the one already linked to your UAN.
- Your employer attests electronically within 1-3 working days for most claims (no attestation needed for some final-settlement claims if KYC is fully verified).
- EPFO processes the claim within 7-10 working days (most are quicker; complex cases longer).
- Funds are credited directly to your bank account via NEFT or RTGS. You receive an SMS confirmation from the EPFO DLT-registered sender header.
The entire process is online, free, and initiated by you. EPFO does not call. EPFO does not ask for OTPs. EPFO does not require screen sharing. EPFO does not need you to pay any “processing fee”, “Aadhaar verification charge”, “release fee”, or “tax pre-payment” before a claim is released.
Real EPFO communication channels
Genuine EPFO communications come through limited, well-defined channels:
- The UAN portal at
unifiedportal-mem.epfindia.gov.in, the only legitimate web URL for member services. Anything containing “epfo” outside this exact subdomain is impersonation. - The UMANG app on Play Store / App Store, publisher “Ministry of Electronics & Information Technology (MeitY)”. Any other app using EPFO or UMANG branding is fake.
- DLT-registered SMS from sender headers like
VK-EPFOHOorJM-EPFOHO(varies by aggregator). Real EPFO SMS contain your UAN and claim reference number, never a vague “your pension is pending” without specifics. - EPFO regional office visits in person at your jurisdictional office (the address is on your UAN profile). Walk-in service for legitimate KYC corrections.
- EPFiGMS, the EPFO grievance portal at
epfigms.gov.infor raising and tracking case-specific grievances. Initiated by you, not EPFO.
EPFO does not contact members through WhatsApp, Telegram, personal mobile-number calls, or any unsolicited inbound channel. If your “EPFO officer” is messaging you on WhatsApp, you are not talking to EPFO.
The four signals that catch every variant
1Inbound call or message claiming to be from EPFO
This is the strongest single signal because EPFO simply doesn’t do this. Any phone call, WhatsApp message, Telegram message, or SMS-from-a-mobile-number claiming to be from EPFO offering to help with a stuck claim, missing pension, KYC update, or any similar pretext is fraudulent. EPFO communicates through the portal, the UMANG app, and DLT SMS, never an outbound personal call.
2Request for screen sharing or remote-access software
Any caller asking you to install AnyDesk, TeamViewer, Quick Support, or any other screen-sharing tool, for any reason whatsoever, is running the AnyDesk scam. There is no legitimate EPFO process that requires this. None. The moment screen sharing is requested, the call is fraudulent regardless of how friendly or convincing the caller sounds. Hang up.
3Any payment requested from you
EPFO never charges you any fee. Not for KYC update, not for “Aadhaar release”, not for “tax pre-payment”, not for a “processing fee”, not for “account verification”. The entire EPFO service is free. The moment any payment from you to anyone is required to “release” a claim, the conversation is fraudulent regardless of who the caller claims to be.
4OTP requested over phone or shared screen
EPFO sends OTPs to you for actions you have initiated yourself in the UAN portal, never as a verification step in a phone call. The OTP that arrives on your phone is for whatever the caller is doing on your account from their end. Reading it aloud, typing it into a screen-shared field, or sending it via WhatsApp completes the fraud. Never share an OTP with anyone, regardless of why they say they need it.
The AnyDesk variant, how the ₹5+ lakh losses happen
The AnyDesk-based variant deserves a separate section because it is structurally different from the link-only scams and significantly more damaging.
The fraudster builds rapport over a 30-60 minute call. They know your UAN. They know your former employer. They quote approximately-correct PF balances (often available through past data leaks). They sound friendly and knowledgeable. By the time they ask you to install AnyDesk, you are already half-persuaded they are who they claim to be.
Once AnyDesk is installed and you grant them access, they have full visual and input control of your phone or computer. They walk you through opening your banking app for a “small ₹1 verification transaction”. While your attention is on the ₹1 transfer, they:
- Read your saved card details visible on the banking app screen.
- Initiate a much larger transfer in the background using the same authenticated session.
- Capture any OTP that arrives, they see it on the screen-share before you do.
- If your UPI PIN is required, prompt you to enter it on what looks like an EPFO verification screen but is actually a transfer authorisation.
- If your UAN portal is also open, initiate a withdrawal claim against your PF balance in parallel.
Total losses in single AnyDesk sessions regularly exceed ₹5 lakh and have been documented above ₹50 lakh in cases where the victim was tricked into opening multiple financial accounts in sequence.
If you’ve already engaged
The first 60-90 minutes are critical because the scammer typically remains active on the device during this window, executing the larger transfers after the initial verification.
- Disconnect the compromised phone from the internet immediately (aeroplane mode). This breaks the AnyDesk session and stops further transfers.
- From a different device, log in to your banking apps and block cards, freeze accounts, or initiate transaction holds wherever supported.
- Uninstall AnyDesk / TeamViewer / Quick Support and reboot the phone.
- Call your bank’s anti-fraud line (number on the back of your card, or in the banking app under “Help”) and report unauthorised access. Dispute all pending transactions.
- Call 1930, the national cyber-financial-fraud helpline. Specifically mention that AnyDesk or another remote-access tool was installed; this affects how the case is classified and routed.
- Log in to
unifiedportal-mem.epfindia.gov.infrom a clean device and check whether any withdrawal claim has been initiated against your UAN. If so, contact your EPFO regional office (find the number on the portal, not from any other source) immediately to flag it. - File at cybercrime.gov.in with all evidence, call recording if available, screenshots of fake pages, transaction references, the caller’s number.
- Change every password from a different device. Banking, UAN portal, email, password manager, never from the compromised phone, which may still have malware-grade access through any remote tool that wasn’t fully removed.
- File an FIR at your local cyber-crime cell within 24 hours. Required for formal recovery and any insurance claim you may have.
- Do not engage any “recovery agent” who contacts you offering to recover the lost funds for an advance fee. That is the secondary scam, specifically targeting people who lost to the first.
How to lock down your UAN ahead of any potential attack
Three steps that meaningfully reduce your exposure:
1. Verify your registered mobile number is current. Log in to the UAN portal → Manage → Contact Details. If your registered phone is an old one you no longer carry, update it before someone else does.
2. Set a strong UAN portal password. Use a password manager, not your DOB or simple pattern. The UAN password controls access to your entire PF balance and pension claim flow.
3. Enable two-step verification through your registered mobile. Every UAN portal login already sends an OTP; this is your primary defence. Verify the registered mobile number is correct and the SIM is in your possession.
The respectful reality about EPFO
EPFO administers retirement savings for over 6 crore (60 million) Indian workers and pays out monthly pensions to over 75 lakh (7.5 million) pensioners. The organisation has progressively digitised its services over the past five years, the UAN portal works, the UMANG app works, claim processing has compressed from months to days for most cases. EPFO is being impersonated, not failing its members.
The defence is the same regardless of who calls. EPFO never makes outbound calls offering to help with pending claims. EPFO never requests screen sharing. EPFO never asks for OTPs. EPFO never charges a fee. Four rules, every variant covered. If you have a real claim issue, the answer is always the same: log in to unifiedportal-mem.epfindia.gov.in yourself, raise a grievance through EPFiGMS, or visit your regional office in person. Never accept help from someone who called you.
Got an "EPFO claim pending" call or SMS?
Paste the link or describe the call to ScanTotal, we’ll tell you whether the domain is the real EPFO or impersonation.
Open Scanner