UPI scams: types and ways to prevent UPI payment scams www.deekpay.com

UPI scams have become increasingly common in India due to the rise in digital transactions. According to India's Ministry of Finance data, more than 95,000 cases of UPI fraud were reported in FY2022-23. Fraudsters often use UPI ID Scams and other tactics create false IDs to deceive users. To protect yourself, users should regularly change their personal UPI PIN and be aware of common scams. Please remain vigilant and educate yourself to avoid becoming a victim of UPI fraud.

What is UPI fraud?

UPI fraud is the practice ofUnified Payment Interface of India (UPI) system involving fraudulent UPI-based transactions. Fraudsters exploit vulnerabilities in the UPI ecosystem and use a variety of tactics to defraud UPI users. Fraudsters often trick users into revealing their UPI PIN or personal information, which allows them to access the user's bank account and conduct fraudulent transactions.

Types of UPI Scams/Online Scams

common UPI paymentsFraud includes receiving a false payment request on a subscriber's device or a fraudster gaining unauthorised access to a subscriber's UPI account. Fraudsters use tactics such as phishing, SIM swapping, or creating fake UPI IDs to deceive users. Being aware of these scams and taking preventative measures can help users stay safe when conducting digital transactions.

phishing (Internet)

Phishing is the most common UPI TradingOne of the scams. Scammers send fake emails to obtain sensitive information. Once the user enters the user's details (password or PIN) in the fraudulent website, the information is immediately passed on to the hacker for misuse. This makes the user more vulnerable to UPI scams.

Merchant Fraud

Merchant scams are prevalent in online marketplaces. These scammers deceive unsuspecting buyers by selling counterfeit products or processing orders without delivering the products. This leads to financial losses and destroys trust in e-commerce sites.

Fraud through screen monitoring apps

Malicious people can use screen monitoring apps to compromise user's privacy and security. These apps allow fraudsters to record users' screen activity without their knowledge, thereby capturing sensitive information such as UPI PIN, OTP and other personal details. This allows them to access the user's banking details and carry out fraudulent activities.

malware

Malware is UPI One of the most common forms of fraud. It can be downloaded by mistake from fake email attachments or unsecured websites. Malware is designed to extract and copy data from infected devices.

money mule

Money mules are a more sophisticated form of fraud. Once they have access to a user's financial data, fraudsters transfer funds to an intermediary account to hold the loot. The account acts as one of the money mules, holding funds collected from various unsuspecting victims. This type of fraud is also common in UPI hacks.

SIM card cloning

SIM card cloning is a recently added feature that is rapidly emerging after banks imposed OTP mandates. If fraudsters clone a user's SIM card, they can access OTP on their device and even change the user's UPI PIN. Fraudsters will access the user's bank account details and proof of identity to reset the PIN. Within a minute, the user will become a victim of UPI fraud.

UPI handle fraud

Scammers often create deceptive UPI handles to trick unsuspecting users. These scams can occur on a variety of platforms, such as social media, online marketplaces, or through unsolicited messages. Scammers may use enticing offers or urgent payment requests to trick users into making transactions through their fraudulent UPI accounts.

phonetic phishing

Phishing is when fraudsters pose as bank representatives and ask questions on behalf of the bank. These individuals weave a web of lies and ask for the user's personal information in order to extract the user's PIN or password.

Collection requests

A common type of UPI scam is that scammers may use a user's UPI application to demand a fee. They may even request debit elimination or other refund-related activity. They may pose as legitimate entities or claim to be assisting users with transaction issues. In fact, they attempt to trick users into providing sensitive information or initiate fraudulent transactions into their accounts.

How do hackers commit UPI scams?

It has been observed that fraudsters follow a certain pattern in executing these elaborate schemes. Therefore, we have managed to devise a timetable for executing these plans step by step. Let's take a look at how UPI scams happen:

Step 1: It all starts with random calls. Instead of texting, scammers usually call their targets to get their attention. They usually disguise themselves as bank representatives and call for seemingly innocuous questions. Step 2: To make the call sound legitimate, they ask verification questions such as the user's date of birth, name or mobile phone number. Step 3: There are always questions. Hackers take advantage of technical difficulties in apps or websites to talk to users. They usually make up false stories and convince users to give up their personal information to solve the problem. Step 4: Once the scammers have convinced the user, they ask them to download apps on their mobile phones. Some of these apps are AnyDesk and ScreenShare, available in the Google Play shop. Step 5: While downloading AnyDesk or similar apps, it will ask for privacy permission like any other regular app. But don't be fooled; these apps have access to everything on the user's phone. Step 6: The scammers will then ask for the 9-digit OTP generated on the user's phone. Once you reveal the code, the hackers will also ask the phone to grant permission. Step 7: When the application gets the required ownership limits, the caller starts taking full control of the user's mobile phone without the user's knowledge. After gaining full access to the user's phone, the hacker steals the code and starts making transactions using the user's UPI account.

There are many other ways, for example, scammers send text messages and ask users to forward them to another number they provide. Once the message is successfully sent, the fraudster can link the user's mobile phone number or account to their mobile phone via UPI.

UPI Fraud Prevention Guide

Scams are not inevitable; they can be avoided by taking some necessary precautions. These tips will not only keep users away from scams. They are also the basic things that need to be kept in mind to ensure the security of the user's information in the age of internet.

Beware of associating with fraudsters

Avoiding involvement in UPI scams is the best way to protect yourself from scammers. The user's bank will never call to discuss the user's sensitive information. If the user receives any calls asking the user to do so, that is a red flag.

Users can check the authenticity of unknown numbers through applications such as Truecaller, which has a global database of user-tagged numbers.

Additional precautions taken when requesting/accepting

Fraudsters use the "request money" feature on apps such as Google Pay, PhonePe, BHIM and others. The imposters express interest in purchasing products advertised on various online platforms and interact with the sellers over the phone. They ask the sellers of the products to transfer funds using the "request funds" option of the UPI application. As a result, one careless click can sometimes lead to thousands of dollars in UPI fraud. Remember, a PIN code is not required to receive money.

Watch out for spam warnings on UPI applications!

UPI apps such as Google Pay and PhonePe often display spam warnings if a user receives a request from an unknown account. Therefore, please be aware of such warnings. If users find any suspicious accounts, please report them as spam.

Be on the lookout for malicious apps

UPI scams also use fake mobile apps to trick people. Scammers create an app similar to the original banking app and submit it to the Google Play shop.

When a customer accidentally downloads and installs a fake app on their mobile phone and grants the necessary permissions, the app sends sensitive data that enables the fraudster to withdraw funds from the victim's account.

Some fake apps like Modi BHIM, BHIM Modi App, BHIM Payment-UPI Guide, BHIM Banking Guide, Modi ka Bhim, etc. have reportedly stolen customers' data in the name of providing valuable banking services.

Follow security practices to avoid UPI scams

Ensure that the user's PIN code is never disclosed to strangers under any circumstances. Also, make sure that you protect the user's UPI application with biometric software. This way, hackers will not be able to misuse the user's account. Users should also install anti-virus software and regularly check for malware.

Never open an email without checking its authenticity to avoid UPI hacks

Emails are one of the easiest ways to trick users into downloading malware and getting their information. Be sure to scan your users' emails for viruses/malware to avoid UPI scams.

Checking one's account at regular intervals

Check user account activity every few months for any suspicious behaviour on their account. We often forget to keep track of this and can miss red flags. It's a good idea to thoroughly check a user's account every few months. If a user notices any unusual patterns or vulnerability to UPI fraud, be sure to notify the bank immediately.

Avoid open Wi-Fi

It's never a good idea to use open/public Wi-Fi for banking or UPI applications, as it may give hackers access to everything on the user's device. Instead, always check that the Wi-Fi is trustworthy before connecting.

Tracks all of a user's banking information to avoid UPI scams

When a user receives a message from their bank, please review it carefully. Understand the difference between passwords, PINs and OTPs and double check messages for inconsistencies or disputes to ensure security. Keep track of all bank messages from the user to ensure that the user is aware of all transactions made through the user's UPI ID.

While no application is completely foolproof, the only way to stay safe is to be wary of scammers, who can reach any level to fool users. If a user thinks there is a problem, contact the user's bank.