UPI frauds are becoming increasingly common in India due to the rise of digital transactions. There were over 95,000 cases of UPI fraud reported in the 2022-23 financial year, according to finance ministry data. Understanding the types of UPI payment frauds can help you stay safe. Fraudsters often employ tactics such as UPI ID fraud, where they create fake IDs to deceive users. To protect yourself, change your UPI PIN regularly and be aware of common scams. Remember, UPI scams prey on fear, greed and emotion. Stay vigilant and educate yourself to avoid falling victim to UPI fraud.
Table of Contents
What is UPI Fraud?
UPI fraud refers to fraudulent activities and scams that take place within the Unified Payments Interface (UPI) system in India with reference to UPI based digital transactions. Fraudsters use various tactics to deceive individuals and exploit vulnerabilities in the UPI ecosystem. Fraudsters often trick you into revealing their UPI PIN or personal information, enabling them to access your bank accounts and carry out fraudulent transactions.
Related Read: What is UPI Lite? How Does it Work, and its Benefits
Types of UPI frauds / online frauds
Common UPI payment frauds include receiving fake payment or fake UPI transfer requests on your device or scammers getting unauthorised access to your UPI accounts. Fraudsters employ tactics like phishing, SIM swapping or creating fake UPI IDs to deceive users. Being aware of these frauds and taking precautionary measures can help you stay safe while conducting digital transactions.
Vishing refers to fraudsters posing as bank representatives, asking questions on behalf of the bank. These individuals weave a web of lies and enquire about your personal information to extract your PIN or password.
2. Fake UPI Payments or Transfers
Fake UPI payments or transfer requests are fraudulent attempts to manipulate users into believing that they have received or made a legitimate UPI transaction request.
These can be done through various forms including but not limited to:
3. Fake UPI QR codes
5. Fake payment screenshots
Fraudsters create illegitimate screenshots of UPI payment confirmations and send them to users, making them believe that they have received a payment.
Phishing is one of the most common UPI transaction frauds. Fraudsters send bogus emails to access sensitive information. Once you key your details (password or PIN) into the fraudulent site, the information is immediately passed on to the hacker for misuse. This way, you become more prone to UPI scams.
7. Fraud Sellers
Fraudulent sellers are prevalent in online marketplaces. These fraudsters deceive unsuspecting buyers by selling counterfeit products or getting the order processed but not delivering the product. This leads to financial losses and a breach of trust in the e-commerce website.
8. Fraud Through Screen Monitoring Apps
People with malicious intent can exploit screen monitoring apps to compromise your privacy and security. These apps allow fraudsters to capture sensitive information like UPI PINs, OTPs and other personal details by recording your screen activities without your knowledge. This allows them to gain access to your banking information and conduct fraudulent activities.
Malware is one of the most common forms of UPI fraud. It can be mistakenly downloaded from a fake email attachment or an unsecured website. Malware is designed to extract and copy data from the infected device.
10. Money Mule
Money mule is a more elaborate fraud. Once your financial data is obtained, fraud rings transfer money to an intermediary account to house the loot. This account acts as one of the money mules to park money collected from different unsuspecting victims. This type of fraud is also common in UPI hacking.
11. SIM Cloning
SIM cloning is a recent addition that has mushroomed after the OTP-mandatory rule by banks. If a fraudster clones your SIM, they can get the OTP on their device and then even change your UPI PIN. The fraudster gets hold of your bank account details and ID proof to reset the PIN. Within a minute, you will become a victim of UPI fraud.
12. Deceiving UPI Handles
Fraudsters often create deceptive UPI handles to trick unsuspecting users. These scams can occur on various platforms, such as social media, online marketplaces, or through unsolicited messages. Fraudsters may use enticing offers or urgent requests for payment to deceive you into making transactions to their fraudulent UPI handles.
13. Collect Request
A common type of UPI fraud is when fraudsters may request a collect payment from you using your UPI apps. They can even ask for debit reversal or other refund-related activities. They may pose as a legitimate entity or claim to be assisting you with a transaction issue. In reality, they are attempting to deceive you into providing sensitive information or initiating fraudulent transactions to their accounts.
How Do Hackers Execute UPI Fraud?
It’s been observed that fraudsters follow a pattern whilst executing these elaborate plans. As a result, we’ve managed to weave a stepwise timeline of how these plans are generally performed. Let’s take a look at how UPI fraud occurs:
- STEP 1: It all starts with a random call. Fraudsters usually call targets to get their attention, as opposed to texting. They commonly disguise themselves as a bank representative, calling for a seemingly harmless issue.
- STEP 2: To make the call sound legit, they proceed to ask verification questions like your date of birth, name, or mobile number.
- STEP 3: There is always a problem. Hackers use technical difficulties in the app or website to talk to you. They usually weave false stories that convince you to forfeit your personal information to resolve the issue.
- STEP 4: Once the fraudster has convinced you, they ask you to download an application on your phone. Some of these apps are AnyDesk and ScreenShare, which are available on the Google Play Store.
- STEP 5: While downloading AnyDesk or a similar application, it asks for privacy permission, like other regular apps. But don’t be fooled; these apps can access everything on your phone.
- STEP 6: The fraudster will then ask you for a 9-digit OTP generated on your phone. As soon as you reveal the code, the hacker will also ask to grant permission from the phone.
- STEP 7: When the app acquires all permissions required, the caller starts to take complete control of your phone without your knowledge. After gaining full access to your phone, the hacker steals passwords and begins transacting with your UPI account. Thus, you become one of the many victims of UPI fraud.
We identified other approaches, too. For example, fraudsters send an SMS and ask you to forward it to another number they provide. After the message is successfully sent, the fraudster can link your mobile number or account through UPI to their mobile.
A Guide to UPI Fraud Prevention
Scams aren’t inevitable; they can be avoided by taking some essential precautions. These tips aren’t just to keep you away from fraud; they are also fundamental things to keep in mind to keep your information safe in the Internet era.
1. Beware of engaging with fraudsters
Avoiding engaging with UPI fraud is the best way to protect yourself from fraudsters. Your bank will never call to discuss your sensitive information. If you receive any call asking you to do the same, that’s a red flag right there.
You can check for the authenticity of unknown numbers via apps like Truecaller, which has a global database of numbers flagged by users.
2. Take extra precaution while requesting/accepting requests
Fraudsters take advantage of the ‘request money’ feature on apps like Google Pay, PhonePe, BHIM, etc. Imposters express interest in buying a product advertised on various online platforms and engage with the seller on a phone call. They make the seller of the product transfer the money using the UPI app’s “request money” option. So, a careless click can sometimes cost you thousands via UPI fraud. Remember, receiving money requires no PIN.
3. Pay attention to SPAM warnings on your UPI app
UPI apps like Google Pay and PhonePe generally present a spam warning if you receive a request from an unknown account. So, keep an eye out for such warnings. If you spot any suspicious accounts, report them as spam.
4. Be wary of malicious apps
UPI frauds also occur using fake mobile apps to cheat people. Scammers create an app similar to the original bank app and submit it to the Google Play Store.
When a customer accidentally downloads and installs the fake app on their mobile phone and gives necessary permissions, the app sends out sensitive data to enable fraudsters to withdraw money from the victim’s account.
Several fake apps like Modi BHIM, BHIM Modi App, BHIM Payment-UPI Guide, BHIM Banking Guide, Modi ka Bhim, etc., have been reported to have stolen customers’ data in the name of providing valuable banking services.
5. Follow security practices to avoid UPI fraud
Make sure that you don’t reveal your PIN to strangers under any circumstances. Also, make sure to protect your UPI apps with biometric recognition software. This way, hackers cannot misuse your account. You should also install anti-virus software to regularly check for malicious software.
6. Never open emails without checking their authenticity to avoid UPI hacking
Emails are one of the easiest ways to trick you into downloading malware and obtaining your information. Always scan your emails for viruses/malware to avoid UPI fraud.
7. Keep a check of your account every once in a while
Once in a few months, sift through your account activity to check for any suspicious behaviour on your account. We often forget to keep track of this and may miss a few red flags along the way. It’s always best to check your accounts thoroughly once in a few months. If you notice any unusual pattern or are prone to UPI fraud, make sure to alert the bank right away.
8. Avoid using open Wi-Fi
Using open/public Wi-Fi for banking or UPI apps is never a good idea as it may give hackers a chance to access everything on your device. Instead, always check if the Wi-Fi is trustworthy before connecting to it.
9. Keep track of all your bank messages to avoid UPI fraud
Take a close look when you receive messages from your bank. Know the difference between a password, PIN and an OTP and carefully examine the message for inconsistencies or disputes to stay safe. Keep track of all your bank messages to ensure you’re aware of all the transactions made via your UPI ID.
While no application is entirely foolproof, the only way to stay safe is to be wary of fraudsters who can go to any level to fool you. Contact your bank if you think something’s wrong.
Basic Do’s and Don’ts To Avoid UPI Fraud Cases
|Beware of fraudulent calls or messages from individuals posing as bank representatives. Verify the authenticity of unknown numbers using apps like Truecaller, and refrain from responding or providing any personal information.
Avoid sharing your UPI PIN, password or OTP (One-Time Password) with anyone, including bank representatives. Legitimate bank representatives will never ask for such information over phone calls, emails or text messages.
When conducting UPI transactions, ensure that you are using a secure and trusted Wi-Fi network.
Avoid using public or unsecured networks that can be easily accessed by hackers.
Regularly update your UPI apps to the latest version available. Software updates often include security enhancements that can protect you from potential vulnerabilities.
Do not disable push notifications and transaction alerts on your UPI apps
Keep a close eye on your UPI account activity and transaction history. If you notice any unauthorised or suspicious transactions, immediately contact your bank and report the issue.
Never leave your bank account unattended.
As the country embraces the digital era and moves towards a cashless economy, the rise of UPI transactions brings with it an increased risk of fraud and scams. UPI fraudsters employ various tactics such as phishing, malware, money mule schemes, SIM cloning and vishing to exploit unsuspecting individuals. However, by staying vigilant and implementing preventive measures, you can protect yourself from falling victim to UPI fraud.
Remember to be cautious of unknown numbers and avoid engaging with fraudsters. Take extra care when requesting or accepting money through UPI apps and pay attention to spam warnings. Be wary of downloading malicious apps and always prioritise security practices such as safeguarding your PIN, utilising biometric recognition, and installing anti-virus software. Regularly monitor your account activity and remain alert for any suspicious behaviour. Avoid connecting to open Wi-Fi networks and carefully scrutinise bank messages for any inconsistencies.
By following these guidelines and promptly reporting any suspicious activity to your bank, you can minimise the risk of UPI fraud. Stay informed and vigilant, and protect your hard-earned money in the digital landscape. Check out Razorpay’s Dispute Resolution Guide to gain more information.
Frequently Asked Questions
1. Is it safe to share UPI ID?
Sharing your UPI ID or Virtual payment address is generally considered safe for digital transactions. It is essential to be cautious and only share your UPI ID with trusted individuals or verified organisations. However, do not disclose sensitive details like UPI pin or mPIN or transaction passwords to untrusted individuals, websites or social media platforms to prevent unauthorised access and potential fraud.
2. How do I report online money fraud or UPI fraud?
In case of online money fraud or UPI fraud, inform your bank immediately about the fraudulent charge. You can ask them to reverse the transaction or give you a refund.
3. Is the bank responsible for UPI fraud?
No, the PSP (Payment Service Provider) is responsible for any losses incurred during any instance of online payment fraud.
4. What happens if I get UPI scammed?
If you have been the victim of a UPI scam, you must report the fraud to your local police station and register a complaint with the National Cyber Crime Reporting portal, either on the phone (Dial 1930 for the helpline) or via their website.
5. Do banks investigate UPI fraud?
Banks provide protection services for their customers, so they don’t have to worry about the ever-increasing cases of UPI fraud. The first thing the bank will do is try to substantiate that UPI fraud has occurred. They will ask you to provide additional details about the transaction and how you think it’s fraudulent. Secondly, depending on the type and scale of fraud, the bank decides whether higher authorities are needed to interfere with the matter.
6. Is sharing account numbers safe, or does it lead to UPI fraud?
Yes, giving someone your basic bank account details, like the account number to deposit money, is generally safe. But, if people ask for crucial information like your PIN or password, it could be dangerous.
7. What happens if someone hacks my bank account or I face UPI fraud?
If your bank account is hacked, you need to verify your account activity, call your bank, freeze your account, change your PIN and other relevant passwords, check your transaction history, and file a police complaint.
8. Do banks refund fraudulent money?
Yes, banks are obligated to refund the money in case of fraudulent activity like UPI fraud. In most cases, banks offer debit fraud protection and must refund the money if you follow the bank’s fraud reporting procedures systematically.
9. Can UPI frauds be reversed?
UPI frauds can be reversed, but it is important to act quickly. If you become a victim of a UPI fraud, immediately contact your bank and report the incident. They will guide you through the process of reversing the fraudulent transaction. It is crucial to provide all necessary details and evidence to support your claim.