A login screen looks different
Pause before entering a mobile number, password or OTP. Compare the full address, page identity and recovery route with a record you already trust.
Check account accessFind clear checks for suspicious login links, Android app warnings, pending UPI payments, delayed withdrawals and session limits.
Stop further payments, contact the bank or UPI app, keep the UTR or reference number, and report cyber financial fraud on 1930 or the official portal. Do not let the same person “help” by asking for another payment.
Different problems need different evidence. Jumping between random fixes can erase useful records or create a second payment.
Pause before entering a mobile number, password or OTP. Compare the full address, page identity and recovery route with a record you already trust.
Check account accessDo not bypass the warning automatically. Review the source, file name, permissions and Play Protect result before deciding whether to proceed.
Review the app fileSave the UTR, amount, recipient and time. Check the bank status before repeating a transfer or accepting a “refund” request.
Protect the transaction trailSeparate processing delay, rejection, incorrect account details and possible deception. Record the status before contacting any support channel.
Use symptom-based checksThe order matters. Identity comes before login, device safety comes before installation, and transaction evidence comes before escalation.
Read the complete domain, not only the logo or the first words of a message. A copied design can look familiar while sending data somewhere else.
Keep Android and security checks updated. Treat accessibility, screen overlay, SMS, notification and device-admin access as high-impact permissions.
An OTP, password, UPI PIN, card PIN or recovery code should not be sent to another person as “verification.” Legitimate support can investigate without learning those secrets.
Look at the payment request type, recipient, amount and debit message. Do not assume a collect request will credit money to you.
Keep screenshots that show status and time, along with UTR or bank reference, account ID and the exact route used to contact support. Hide sensitive numbers before sharing publicly.
Start with the facts you can see, then keep the account, device and payment details in one clear timeline.
Compare the link, contact method, permission request and payment demand before taking an action that cannot be reversed.
Record the amount, UTR, recipient, bank status, platform status and the time of each update before contacting support.
Use symptom-based checks for login or withdrawal issues, and set a fixed money and time limit before a new session.
Good records reduce confusion when you speak to a bank, payment app, platform support, consumer channel or cybercrime authority.
| Record | Why it matters | What to hide before public sharing |
|---|---|---|
| Exact date and time | Separates the first event from later retries and helps match bank records. | Nothing, unless combined with other identifying data. |
| Transaction reference or UTR | Lets the payment provider locate a specific transfer without guessing. | Do not publish it on open forums unless an authorised channel asks. |
| Amount and recipient display | Shows what was approved and where the request appeared to go. | Mask account numbers, UPI IDs and personal names in public copies. |
| Account ID and visible status | Connects the issue to the correct game account and current state. | Hide mobile number, email, wallet balance and identity documents. |
| Screen capture of the error | Preserves the wording before a page, app version or status changes. | Crop OTPs, passwords, QR codes, bank details and notification previews. |
| Contact route used | Helps determine whether you spoke to a verified channel or an impersonator. | Keep the number or URL for authorities, but avoid amplifying it publicly. |
A bank or payment app can inspect transaction status, a platform can inspect account and withdrawal records, and government reporting channels can receive suspected cyber-fraud complaints.
Before contacting any route, save the date, time, status wording, UTR or reference number, and one redacted screenshot. A complete timeline is easier to investigate than several disconnected messages.
People often notice the first familiar word and ignore the part that actually controls the destination. In a normal address such as help.example.com, the registered domain is usually the final name before the ending. Extra words placed farther left are subdomains. A deceptive address may place a trusted brand in the subdomain or path while the real registered domain belongs to someone else.
Also look for letter substitutions, extra hyphens, unusual endings and redirects. A link can begin on one address and move to another after loading. Copy the final address from the bar rather than relying on the text displayed inside a button.
| What you see | What it does and does not tell you | Useful next action |
|---|---|---|
| Lock icon / HTTPS | The connection is encrypted. It does not prove the operator’s identity or business claims. | Continue checking the full domain, page purpose and requested information. |
| Familiar logo and colours | Visual assets can be copied from another site or app. | Compare the address and support identity with a record you already trust. |
| Countdown or urgent warning | Urgency can push a decision before verification. | Close the page, reopen independently and decide without the timer. |
| Shortened link | The final destination is hidden until it opens. | Avoid using it for login, payment or app installation. |
| New “working domain” in a message | It may be legitimate, outdated or an impersonation; the message alone cannot settle that. | Verify through a separate channel before entering any account data. |
A fake support contact often begins with information that feels specific: a username, a delayed payment, a screenshot copied from a public comment, or a claim that the account has been flagged. The contact then introduces urgency and a private action—install an app, share the screen, approve a request, or pay a small amount to unlock a larger one.
Real investigation should produce a case reference, explain the requested evidence and allow you to contact the organisation through its own verified route. It should not depend on keeping the conversation secret from the bank or moving repeatedly between personal numbers.
Evidence is useful only when it is readable and controlled. Keep an original copy in a secure folder, then create a redacted copy for support. Use descriptive file names such as 2026-07-07_1420_deposit-pending.png so the order is clear. Avoid editing the original; cropping and masking should be done on a duplicate.
A public post is rarely the right place for a full bank statement, QR code or identity document. Share the minimum needed through the responsible route. When a case is closed, review whether copies remain in cloud albums, chat downloads or a shared computer.
| Known fact | Unknown fact | Proportionate decision |
|---|---|---|
| The bank shows a successful debit. | The platform has not matched it to the wallet. | Preserve UTR and wallet status; do not repeat the payment while reconciliation is unresolved. |
| The app source is known. | A new version requests accessibility access. | Treat the update as a new risk decision and deny access until the need is independently verified. |
| An OTP arrived. | You did not start the described action. | Do not enter or share it; review account security from a trusted route. |
| A withdrawal is marked processing. | No internal queue information is visible. | Record the stated timeframe and status; avoid claims or payments based on guessing. |
| A contact knows your account ID. | Their relationship with the operator is unverified. | End the private conversation and open a case through an independently verified channel. |
Set the maximum money and time first, then confirm account, device and payment conditions before play begins.
TCGame provides practical checks for account access, Android app warnings, UPI or bank payment records, delayed transactions and responsible play.
No. HTTPS protects data in transit, but it does not prove who operates a site or whether its claims are reliable. Check the full address, visible identity, support details and consistency before entering any private information.
Normally, no. NPCI states that a UPI PIN is used when sending money, not for receiving it. Read the request type and amount before approving anything. See the official NPCI safety points.
Contact your bank or payment app immediately, preserve transaction records and report cyber financial fraud through the National Cyber Crime Reporting Portal or helpline 1930. Fast reporting may help, but recovery is not guaranteed.
No. A previous outcome does not make the next outcome certain. Avoid systems that promise fixed returns, secret patterns or guaranteed recovery of losses.
No. The calculators and checklists use local JavaScript in the current tab. They do not submit the entered values to TCGame or store them in a database.