Phishing on WebNotes

How to respond to an additional-documents email from Zerodha

Sat, 20 Jun 2026 00:00:00 +0000

If Zerodha emails you asking for additional documents during onboarding or re-KYC , the safe response is to verify the email is genuine first, then upload the document only through your own Zerodha login at support.zerodha.com or signup.zerodha.com/rekyc, never through a link in the email, an SMS or a WhatsApp message. A genuine request always corresponds to a pending item visible inside your own logged-in account; if the demand exists only in the email, treat it as phishing.

How to secure an Indian trading and demat account: best practices

Sat, 20 Jun 2026 00:00:00 +0000

Securing an Indian trading and demat account comes down to a few controls that block the routes attackers actually use: a strong, offline second login factor, clean device habits, a refusal to enter credentials on pages or calls you did not initiate, a scope-limited DDPI rather than an open-ended power of attorney, and regular monitoring through Zerodha Console so an unauthorised move shows up early. None of these is exotic; the gap is that most accounts run on the weakest available option for each.

How to verify whether an email is genuinely from Zerodha

Sat, 20 Jun 2026 00:00:00 +0000

An email is genuinely from Zerodha only if its sender domain is zerodha.com or one of the ten mailer subdomains Zerodha publishes on its verify-genuine-email support page, and even a genuine email never asks for your password, OTP or PIN. The sender domain, the part of the address after the @ sign, is the one signal a fraudster cannot fake past your email provider’s authentication checks. The logo, the formatting, the tone, the client ID in the body: all of these are copied from real emails and prove nothing.