A Quick Peek into the Terrifying World of UPI Frauds
UPI frauds have grown exponentially in recent years. Take a look at how UPI fraud happens and the different varieties of UPI fraud.
While the world moving online has led to great strides in improving our quality of life and making payments easier, it has also opened up new avenues for cyber fraud such as UPI scams. Although online payment systems have made cashless transactions very easy, they have also made us vulnerable and created new opportunities for online fraudsters.
Today, all you need to send and receive money is a UPI ID and a pin. Sadly, UPI frauds are a common occurrence these days. According to the Ministry of Home Affairs data, there was a 15.3% rise in cyber fraud complaints between the first and second quarters of 2022. However, if we educate ourselves and remain vigilant, we can greatly reduce the risk of falling prey to UPI fraud.
What is UPI and How Does it Work?
UPI (Unified Payments Interface) is an instant payment system that has been developed by the National Payments Corporation of India (NPCI). It facilitates inter-bank peer-to-peer and person-to-merchant transactions.
Users can make simple bank transactions with the help of a mobile platform using a UPI pin. UPI makes it very easy and quick to conduct mobile transactions with just one click by making use of a certified digital payment app like GooglePay or Paytm.
Now, what is a UPI fraud? Well, any type of threat or malicious act that involves using UPI and fooling a victim into paying money or making a transaction is called a UPI fraud.
How do Hackers Execute UPI Frauds?
Hackers generally tend to follow a set pattern when it comes to phoney transactions and UPI fraud. Some of the steps are as follows:
- Call the target to get their attention while impersonating a bank official. Request a seemingly harmless issue.
- Ask for some basic verification questions like birthdate and mobile number to make the phone call seem legitimate.
- Exploit technical issues in the website or the app. Tell the victim a problem that can be solved by giving some personal information and gaining access to private data.
- Once the victim has been convinced, ask them to download an app on their phone. AnyDesk and Screenshare are two easily available apps.
- Like any other app, AnyDesk asks for the user’s permission to access their personal information. These apps have full access to the victim’s phone.
- Request a 6-digit OTP from the victim that will be produced on the target’s phone. Ask for authorisation from the phone as soon as the victim provides the code.
- Take complete control of the victim’s phone without their knowledge once the app has all the necessary permissions. Steal credentials and use the target’s UPI account to make transactions.
Common Types of UPI Frauds
Let us now take a look at the different ways in which UPI scams and UPI frauds take place:
- Phishing Scam: In this UPI scam, payment links are sent by hackers in the form of an SMS. These fake bank URLs look almost like the original URLs. Clicking that link will take you to the UPI payment application on your phone for auto-debit. Once you give permission, the money will instantly be deducted from your account. The phone can also be infected with a virus or malware that can steal financial data that has been stored on the device.
- Remote Screen Monitoring: Downloading unverified apps from the app store can result in a privacy breach and leakage of data. Third-party applications can collect personal data from your device and acquire UPI app information, leading to UPI fraud.
- Fake Calls: Scammers will contact their targets claiming to be bank employees, asking for their UPI pin, and/or asking them to download third-party apps for verification purposes. This enables them to get access to the target’s personal information and account information. Unless you are sure of the source, it is best to ignore such inquiries.
- Deceptive UPI handles: Using social media, hackers can make fake pages with names that are identical to real ones. This is why it is ill-advised to put personal data on such sites. Screenshots of your UPI handles can be used to scam you. It is best to keep private information off the public domain.
- Unverified Links: Receiving money through the UPI app doesn’t require scanning QR codes or entering a UPI pin, which is something most users are unaware of. Hackers often send fake links with the option to request money. Once the victim clicks on this link, it asks for their UPI pin or to scan a code which exposes their financial data to hackers.
- Sim Cloning: This is a rather new innovation whose popularity has boomed since banks made OTPs essential. If a scammer clones your sim, they can even modify your UPI pin. In order to reset the pin, the scammer acquires the target’s bank account information and identity proof.
- Malware: This is one of the most common cybercrimes. Malware can be downloaded by accident through phishing emails or unprotected websites. Malware are created to extract and copy data from the device they infect.
- Money Mule: This is a sophisticated type of scam in which fraud rings get access to the victim’s data and then transfer money to an intermediary account to store it. Such accounts serve as money mules and store funds acquired from victims.
Tips to Prevent UPI Fraud
Here are some basic Dos and Don’ts that you can use to help yourself avoid UPI scams:
- Never tell your UPI pin to anyone
- You do not need to enter your UPI pin when receiving money.
- Install biometric and antivirus software.
- Always verify the identity and beneficiary details while making payments, especially when you use a QR code.
- Do not open emails or links from unknown sources.
- Do not accept unknown collect requests.
- Keep track of your financial transactions and bank statements and be on the lookout for suspicious behaviour.
- Only use secure WiFi and never open public WiFi.
- Regularly change your UPI pin.
- Alert your bank as soon as you find suspicious activity.
Reach out to us today & let’s talk about how we can help you!