top of page
Search

Episode 9 : The Clock is Lying : The Urgency Phishing Scam

Updated: Jun 20, 2025

How artificial deadlines make us bypass logic and fall into deception.


🧾 REAL STORY: A Missed Package, A Costly Click

Kochi, 2023 Rajesh, a small business owner, received an SMS on a busy Monday morning:

“Blue Dart: Package delivery failed due to incorrect KYC. Update by 6 PM today or return will be initiated.”

It looked legitimate. He had actually been expecting a parcel. There was a link — “Update KYC”.

Pressed for time, he clicked it between meetings. It asked for name, PAN, and Aadhaar number. He entered it all.


Within 48 hours, two fraudulent credit card accounts were opened in his name. One had already been maxed out.

❝ He didn’t believe the sender. He believed the clock. ❞

🧠 THE BIAS AT PLAY: URGENCY BIAS


This is a classic Urgency Bias — when a time-bound threat or deadline forces you to act before thinking.


🧠 Unlike other forms of truth bias that rely on appearance or authority, this one hijacks your response mechanism:


  • Stress clouds attention

  • Speed overrides logic

  • Relief feels like compliance


You act fast not because you believe the source, but because the message made you feel you had no time to doubt it.


📦 COMMON URGENCY SCAMS IN INDIA

Scam Type

Urgent Message Example

Courier fraud

“Delivery failed – update address now or return initiated”

Banking fraud

“Your KYC expires today – account freeze imminent”

Income tax scam

“Last reminder – unpaid tax. Legal action starts tomorrow”

Job fraud

“Shortlisted! Confirm interview today to avoid rejection”

Telecom fraud

“SIM blocked due to KYC error – click now to prevent lock”

🛡️ WHAT SHOULD RAJESH HAVE DONE?


1. Recognize urgency as a red flag

Real institutions don’t issue ultimatums by SMS — especially from random numbers.

2. Cross-check through official apps/websites

Courier companies, banks, and telcos have portals for updates. Don’t trust push alerts.

3. Avoid acting under pressure

Scammers use deadlines to prevent deliberation. Take 5 minutes to think. That’s your protection.

4. Look for common signs

Shortened URLs, grammar errors, sender names like bluedart-alerts123@gmail.com

5. Don’t click when distracted

Scammers rely on catching you during your busiest moments — lunch break, commute, meetings.

🧩 QUIZ SCENARIO FOR INTERACTION


Scenario: You get this text at 8:45 PM:

“RBI Alert: Your bank account will be suspended within 3 hrs unless KYC is updated via secure link. ”You’re tired, it’s late, and the link looks somewhat legit.

Real or Fake?


🧠 Answer: Fake

🧠 Bias Exploited: Urgency Bias

🧠 Giveaway: RBI never communicates with customers directly via SMS — and no real notice gives a 3-hour deadline.


📢 TAKEAWAY


Some messages don’t fool you with detail. They fool you with deadline.

You don’t believe the source. You believe the clock they invented.

That’s urgency bias. And it’s everywhere — in your inbox, your SMS folder, even in app notifications.


💬 CALL TO ACTION

Have you ever rushed into a decision because a message said “last chance”? What tipped you off (or didn’t)? Comment below — and let’s slow down together.

📚 References & Citations – Episode 9: The Clock Is Lying


  1. Keepnet Labs. (2022). Phishing attacks leveraging urgency: Why they work and how to stop them.https://blog.keepnetlabs.com/phishing-and-urgency


  2. Lookout Threat Report. (2020). Mobile phishing up 475% – urgency and impersonation are leading tactics.https://www.lookout.com


  3. The Times of India. (Dec 2023). Mumbai man loses ₹6.5 lakh after clicking on fake KYC update link in courier SMS.https://timesofindia.indiatimes.com


  4. India Post Cyber Alert. (2023). Beware of fake delivery messages requesting Aadhaar/KYC updates.https://www.indiapost.gov.in


  5. Trellix Threat Intelligence. (2024). India among top 3 countries targeted by phishing attacks.https://www.trellix.com


  6. Cyber Peace Foundation. (2023). Fake courier delivery scams: Trends, detection, and prevention.https://www.cyberpeace.org


  7. CERT-In (Indian Computer Emergency Response Team). Public Advisory on fake SMS/Email threats mimicking banks and courier firms.https://www.cert-in.org.in


Comments

© 2025 Vivek Krishnan. All rights reserved.  
Unauthorized use or duplication of this content without express written permission is strictly prohibited.  
Excerpts and links may be used, provided that clear credit is given to Vivek Krishnan with appropriate and specific direction to the original content.

bottom of page