This article is to draw your attention towards one of the most irritating and rapidly flourished evil in our society i.e. UPI Scam. Several banks have also issued advisories to their customers to inform them about the increasing UPI scams. People usually complain I got scammed on Google Pay, PhonePe. People are advised to follow the ‘Safe Banking’ steps to safeguard their own money. There are various UPI scams right now being practiced but the common is all is the scammer appears as the customer care officer of PhonePe/Paytm/Google Pay etc.
Never Fall for Cashback schemes. No UPI App or Bank call any customer for Cashbacks. If you are eligible for any kind of cashback then you will receive it directly in the App itself.
There are many cases when people fall for cashback and loses Lakhs and even Crores from their bank accounts. Paytm customer from Mumbai loses ₹1.7 lakh in the KYC fraud case. Not only this, but we also have a series of stories where even educated people become the victim of such frauds in the greed of cashback. We have added viral call clips too that claim that Police officials are also part of it. A 17 years old Fraudster claiming himself from Jarkhand has earned more than 75 Crores from such frauds.
Let’s Look to the type of UPI scams:
1. Phishing
Digital transactions are the need of the hour, and with the country rushing towards a cashless economy. As said by Prime Minister Narendra Modi it is required to turn our economy into a cashless economy to avoid the increase in black money. In phishing, The scammer sent to you a bugged email with a portal to log in your details which let the fraudster to gain access to your UPI pin and other sensitive information. they make a fake UPI id with money to make it look more realistic. A Phishing email may look like this
One should report phishing email as soon as they receive the email to prevent other to get driven away with the scam,
2. Remote Screen Mirroring Tool
This is quite famous and the most latest scam the fraudster is engaged with. The fraudster calls the victim acting as the customer care representative of Paytm/PhonePe and most of the times convince you to get a virtual KYC for which you have to download the application which is remote screen mirroring tool (usually team viewer ) and ask you for the pin showed once you open the screen mirroring. The moment you provide them the pin they can now remotely access your mobile phone without any problems. They can now access every information which is on your mobile phone and control your phone without you getting noticed. SBI reported a similar issue when a lot of their customer was facing similar problems.
3. Deceptive UPI handles
Not every UPI address is authentic. There are many complaints people calling as a company representative and ask you for payment with a similar UPI address (eg. YourNumber@UBI) you usually make payments with. UPI handles allow users to change their UPI addresses which we think they should now allow. Be aware of these frauds and lodge an FIR if you have faced so. we prefer to use scan and pay features when you make UPI payments.
For example, Your number is +91 9876543210 and if the fraudster asks you to pay a certain amount at 9876543210@UBI for cashback then don’t fall for it. It is not your UPI address.
4. Vishing
This is the most common fraud which people follow to become a victim and there are about 1000s of victims each day of this fraud. In this type of fraud, the fraudster calls / SMS as the UPI Provider representative or calls on behalf of the bank and asks for sensitive information such as Bank Details, Card details, CVVs, OTP, etc. Remember bank never calls their customer to ask for this information. they already have them saved in their server. With this information, they can make transactions even in crores. Beware of these frauds
Here is an example of vishing scam
Patterns of UPI/Bank Scams
We’ve observed fraudsters follow similar pattern to execute these frauds
Step 1 – They Call the victim as Bank Representative to get their attention. They usually target people who are educationally weak & who are easy to get scammed
Step 2 – They tell you your personal information for verification to sound legit. Personal information may be Name, DOB, and address.
Step 3 – They will ask the victim for OTP ( One Time Password) as the given personal information is not correct ( Here is the main part)
or
Step 3 – They will ask the victim to get their KYC done virtually and once the victim is convinced they’ll ask you to download Screen sharing applications such as AnyDesk, ScreenShare, Team Viewer Etc.
Step 4 – If the fraudster gets the OTP he’ll be able to make the transaction and then will cut the call and block you.
OR
Step 4 – Once you Download any of the screen sharing application they’ll ask you to open the application and read out the OTP which is on screen.
Step 5– Once You’ve told them the OTP they’ll get the remote access of your device and can get any of the sensitive information without you getting noticed.
The above is the basic execution of a plan which the fraudsters follow but these are other methods as well such as
- Fraudsters send an SMS and ask the victim to forward it on another number that they provide. once the message is sent, it allows the fraudster to link the victim’s mobile number or account through UPI to their mobile. Once the mobile number is linked they can do whatever they want with your account.
- They also send you a payment request and ask you to to enter the UPI PIN
“A recent UPI fraud is hackers sending “request money” links to the customer. Once the customer clicks on the link and authorizes the transaction thinking they’ll receive money, the amount gets deducted from their account.”
Bala Parthasarathy, Co-founder and CEO, MoneyTap, a Bengaluru-based fintech firm to economic Times
How to Avoid/Prevent UPI Frauds?
1. Don’t ever provide your Sensitive information to anyone.
2. Avoid using open Wi-Fi.
3. Keep record of all your bank messages.
4. Use scan and Pay option when paying in Shops.
5. Do not click on links in any SMS, especially those from unknown agencies.
6. Avoid clicking fake URLs.
Few Incidents of UPI Fraudsters Calling our team members
- A Person called acting like a PhonePe executive and said you have a Cashback pending of amount Rs. 1950 for which he asked to follow a few steps. He asked to open PhonePe and add UPI ID with our team member’s Number with @rbl (RBL BANK UPI ID) which according to him is refund balance. By the time he changed his UPI id to our team members number. when our team member raised objection he said “Jo Karna h Karlo” and hung the call.
- A person Claiming from Kaun Banega Maha Crore Pati sent a WhatsApp text and ask us to call the SBI manager to get the reward transfer to your account.
- A person called to one of our friends and asked him to download team Viewer application and when he was concluded to not to do such things he said he’s earning 2-3 lakhs per month using these frauds and have earned about 71 crores from similar frauds and said he pay a certain amount police official not to expose them.
What to do if you are a Victim of UPI Fraud?
Normally, if you went to Police Stations to report for the UPI Fraud incident, they don’t take actions saying that the amount is less than Rs. 50,000 or file the complaint in Cyber Crime Cells, and Cyber Crime cells are not in every city. We contacted Police Commissioners of Delhi, Rajasthan, Jharkhand, and Chattisgarh for their take on such crimes but yet to receive any reply. Cyber Crime Cells are established to solve all internet-related criminal cases under the Information Technology Act, 2000. There are 37 Cyber Cells in India. Click here to get their contact details. If you are a victim of Paytm UPI fraud then you can report at 0120 3888 3888. In the case of PhonePe UPI Fraud, report it at support.phonepe.com.
This is the reality of UPI frauds. As we know it cannot be prevented 100% all we can do is we can avoid these frauds by being aware of all such things. If you’ve faced such issues please contact the cybercrime cell of your state. Do let us know in the comment section if we have missed anything regarding the context.
Do follow us on all social Media handles for regular Tech Updates.