UPI Scams: Types and Ways to Prevent UPI Payment Scams
With the popularity of digital transactions, UPI scams are becoming increasingly rampant in India. According to India's Ministry of Finance, over 95,000 cases of UPI fraud were reported in FY 2022-23. Fraudsters often employ tactics such as UPI ID scams to create fake IDs to deceive users. To protect themselves, users should regularly change their personal UPI PIN and be aware of common scams. Please remain vigilant and educate yourself to avoid becoming a victim of UPI fraud.
What is UPI fraud?
UPI fraud refers to fraudulent activities involving UPI-based transactions within the Unified Payment Interface (UPI) system in India. Fraudsters exploit vulnerabilities in the UPI ecosystem and use various tactics to defraud UPI users. Fraudsters often trick users into revealing their UPI PIN or personal information, which allows them to access the user's bank account and conduct fraudulent transactions.
Types of UPI Scams/Online Scams
Common UPI payment scams include receiving a fake payment request on a user's device or fraudsters gaining unauthorised access to a user's UPI account. Fraudsters use tactics such as phishing, SIM swapping, or creating fake UPI IDs to deceive users. Being aware of these scams and taking precautions can help users stay safe when conducting digital transactions.
phishing (Internet)
Phishing is one of the most common UPI transaction scams. Scammers send fake emails to obtain sensitive information. Once the user enters the user's details (password or PIN) in the fraudulent website, the information is immediately passed on to the hacker for misuse. This makes the user more vulnerable to UPI scams.
Merchant Fraud
Merchant scams are prevalent in online marketplaces. These scammers deceive unsuspecting buyers by selling counterfeit products or processing orders without delivering the products. This leads to financial losses and destroys trust in e-commerce sites.
Fraud through screen monitoring apps
Malicious people can use screen monitoring apps to compromise user's privacy and security. These apps allow fraudsters to record users' screen activity without their knowledge, thereby capturing sensitive information such as UPI PIN, OTP and other personal details. This enables them to access users' banking information and carry out fraudulent activities.
malware
Malware is one of the most common forms of UPI scams. It can be downloaded by mistake from fake email attachments or unsecured websites. Malware is designed to extract and copy data from infected devices.
money mule
Money mules are a more sophisticated form of fraud. Once they have access to a user's financial data, fraudsters transfer funds to an intermediary account to hold the loot. The account acts as one of the money mules, holding funds collected from various unsuspecting victims. This type of fraud is also common in UPI hacks.
SIM card cloning
SIM card cloning is a recently added feature that is rapidly emerging after banks made OTP mandatory. If fraudsters clone a user's SIM card, they can access OTP on their device and even change the user's UPI PIN. fraudsters will access the user's bank account details and proof of identity to reset the PIN. Within a minute, the user will become a victim of UPI fraud.
UPI handle fraud
Scammers often create deceptive UPI handles to trick unsuspecting users what are the three-way payments in India. These scams may occur on various platforms such as social media, online marketplaces or through unsolicited messages. Fraudsters may use enticing offers or urgent payment requests to trick users into transacting through their fraudulent UPI accounts.
phonetic phishing
Phishing is when fraudsters pose as bank representatives and ask questions on behalf of the bank. These individuals weave a web of lies and ask for the user's personal information in order to extract the user's PIN or password.
Collection requests
A common type of UPI scam is that scammers may use a user's UPI application to demand a fee. They may even request debit elimination or other refund-related activity. They may pose as legitimate entities or claim to be assisting users with transaction issues. In fact, they attempt to trick users into providing sensitive information or initiate fraudulent transactions into their accounts.
How do hackers commit UPI scams?
It has been observed that fraudsters follow a certain pattern in executing these elaborate schemes. Therefore, we have managed to devise a schedule for executing these plans step by step. Let's take a look at how UPI scams happen:
Step 1: It all starts with random calls. Instead of texting, scammers usually call their targets to get their attention. They usually disguise themselves as bank representatives and call for seemingly innocuous questions.
Step 2: To make the call sound legitimate, they ask verification questions such as the user's date of birth, name, or mobile phone number.
Step 3: There are always problems. Hackers take advantage of technical difficulties in an application or website to talk to users. They usually make up false stories and convince users to give up their personal information to solve the problem.
Step 4: Once the scammers have convinced the user, they ask them to download apps on their mobile phones. Some of these apps are AnyDesk and ScreenShare, which are available in the Google Play shop.
Step 5: When downloading AnyDesk or a similar app, it will ask for privacy permission like any other regular app. But don't be fooled; these apps have access to everything on the user's phone.
Step 6: The fraudster will then ask the user for the 9-digit OTP generated on the phone. once you reveal the code, the hacker will also ask the phone to grant permission.
Step 7: When the application gains the required ownership rights, the caller begins to take full control of the user's mobile phone without the user's knowledge. After gaining full access to the user's mobile phone, the hacker steals the password and starts making transactions using the user's UPI account.
There are many other ways, for example, scammers send text messages and ask users to forward them to another number they provide. Once the message is successfully sent, the fraudster can link the user's mobile phone number or account to their mobile phone via UPI.
UPI Fraud Prevention Guide
Scams are not inevitable; they can be avoided by taking some necessary precautions. These tips will not only keep users away from scams. They are also the basic things that need to be kept in mind to ensure the security of the user's information in the age of internet.
Beware of associating with fraudsters
Avoiding involvement in UPI scams is the best way to protect yourself from scammers. The user's bank will never call to discuss the user's sensitive information. If the user receives any calls asking the user to do so, that is a red flag.
Users can check the authenticity of unknown numbers through applications such as Truecaller, which has a global database of user-tagged numbers.
Additional precautions taken when requesting/accepting
Fraudsters use the "request money" feature on apps such as Google Pay, PhonePe, BHIM and others. The imposters express interest in purchasing products advertised on various online platforms and interact with the sellers over the phone. They ask the sellers of the products to transfer funds using the "request funds" option of the UPI application. As a result, one careless click can sometimes lead to thousands of dollars in UPI fraud. Remember, a PIN code is not required to receive money.
Watch out for spam warnings on UPI applications!
UPI apps such as Google Pay and PhonePe often display spam warnings if a user receives a request from an unknown account. Therefore, please be aware of such warnings. If users find any suspicious accounts, please report them as spam.
Be on the lookout for malicious apps
UPI scams also use fake mobile apps to trick people. Scammers create an app similar to the original banking app and submit it to the Google Play shop.
When a customer accidentally downloads and installs a fake app on their mobile phone and grants the necessary permissions, the app sends sensitive data that enables the fraudster to withdraw funds from the victim's account.
Some fake apps like Modi BHIM, BHIM Modi App, BHIM Payment-UPI Guide, BHIM Banking Guide, Modi ka Bhim, etc. have reportedly stolen customers' data in the name of providing valuable banking services.
Follow security practices to avoid UPI scams
Ensure that the user's PIN code is never disclosed to strangers under any circumstances. Also, make sure that you protect the user's UPI application with biometric software. This way, hackers will not be able to misuse the user's account. Users should also install anti-virus software and regularly check for malware.
Never open an email without checking its authenticity to avoid UPI hacks
Emails are one of the easiest ways to trick users into downloading malware and getting their information. Be sure to scan your users' emails for viruses/malware to avoid UPI scams.
Checking one's account at regular intervals
Check user account activity every few months for any suspicious behaviour on their account. We often forget to keep track of this and can miss red flags. It's a good idea to thoroughly check a user's account every few months. If a user notices any unusual patterns or vulnerability to UPI fraud, be sure to notify the bank immediately.
Avoid open Wi-Fi
It's never a good idea to use open/public Wi-Fi for banking or UPI applications, as it may give hackers access to everything on the user's device. Instead, always check that the Wi-Fi is trustworthy before connecting.
Tracks all of a user's banking information to avoid UPI scams
When a user receives a message from their bank, please review it carefully. Understand the difference between passwords, PINs and OTPs and double check messages for inconsistencies or disputes to ensure security. Keep track of all bank messages from the user to ensure that the user is aware of all transactions made through the user's UPI ID.
While no application is completely foolproof, the only way to stay safe is to be wary of scammers, who can reach any level to fool users. If a user thinks there is a problem, contact the user's bank.
India Three-Party Payments
Chinese
Leave a Reply