With the arrival of digital payments, the common man’s dependence on cash has come down drastically. The Unified Payment Interface (UPI) is now an easy way to transfer funds, pay bills, recharge and shop online with just a smartphone on hand. Some of the commonly used UPI-based payment apps include BHIM, Google Pay, Amazon Pay, and Phone Pe. On verifying your bank account details, you will be assigned a virtual ID to transfer and request money using the application.
With increasing dependence on the internet, chances for fraudulent elements are also ripe. Phishing, malware, money mule, SIM cloning, vishing, etc are some cyber fraudulent activities that contribute to UPI scamming. Scammers always follow a well-planned pattern to execute fraudulent activities.
The most common mode is a phone call from a self-professed bank representative to resolve a technical issue. Gullible victims either provide their bank account info for the fraudsters to do identity theft / follow the harmful links to download screen sharing applications to their smartphones. They are then asked to scan in their debit/credit cards in front of the camera to fraudulently acquire the card info. They also seek permission to access the OTP codes and thus take complete control of the mobile device. Then comes the stage when the victim is shocked to receive messages of his / her account being completely emptied of all available balance!
By accessing freely available information on social media such as date of birth, location, etc, fraudsters trick customers into believing them to be representatives from their bank. Another method used by the fraudsters is to track all social media posts/complaints on UPI forums. They then pose as authorized representatives and share their phone number for the complainant to call in. Innocent customers end up calling these unauthorized numbers and sharing sensitive information leading to digital thefts.
Another highly serious form of fraud is getting a duplicate SIM by posing as a mobile operator representative. Once the customer mistakenly authorizes the request, the existing SIM gets deactivated, and the fraudsters use the new SIM to obtain OTP SMSs and set up UPI apps on their phones for swindling.
Fraud Protection Tips
Be aware, and do not share sensitive information such as card number, expiry date, PIN, OTP over phone calls. Respond only to email requests from the official domain of your bank. Consider as a red flag if you receive phone calls asking for bank information. Check the authenticity of the number received on your phone using apps like Truecaller.
The PIN is required to be entered only while transferring money. You do not need to enter the PIN for receiving the money. If you are entering the PIN means you are approving an outward payment. A fraudster may exploit the “request money” feature on apps like Google Pay, PhonePe, etc to steal money from your account.
UPI apps usually give spam warnings to users generally when they receive a request from an unknown account. Pay attention to such warnings to avoid being fooled.
Make sure to install only those apps that are verified with excellent user ratings and reviews in the play store /app store. Restrict access to screen-sharing apps, and install anti-virus software to prevent any malicious activity.
In case you identify any fraudulent activity, lodge a First Information Report with the nearest cyber crime police. Most UPI apps have a Help feature designed to report fraud.