6 Signs You Are A Victim of “UPI Fraud”

Vaibhav Kumar Srivastava
4 min readFeb 17, 2021

--

The rush for Digital transactions has also given rise to the fire of Digital frauds and scams, especially in the case of UPI (Unified Payment Interface). When it comes to the cashless economy, It’s no surprise that UPI has gained its popularity as the most favored payment platform of the current era. With one click, UPI PIN and no hassle of typing card details, one can do the transaction in a fraction of seconds through well-known applications like Google Pay, PhonePe, BHIM, etc. The ease-to-use concept always comes with a trade-off as a security loophole. New strategy and gambit being used by scammers for looting money digitally under the umbrella of UPI. One point to highlight here is UPI itself is very secure when it comes to digital transactions therefore the Scammer’s main target is to attack and deceive the mindset of users, infamously known as Social Engineering. So, What are the 6 major signs to identify UPI fraud?

1- Fraudsters may ask for UPI PIN/OTP directly or indirectly.

In the new UPI scam by fraudsters, they try to convince that somehow you are a winner of some XYZ contest or any other hoax and in order to claim the prize money you have to share your UPI ID. Temptation makes people share their UPI ID as it doesn’t involve any private credential sharing. On the other hand, Instead of sending money to the victim, the scammer requests the same amount of money using the option of “Request money”. If the victim is in a hurry, he will click on the “pay” button without giving a second thought and enter the UPI PIN thinking that prize money will be credited but the same amount gets debited from the account. You must remember one thing as a thumb rule in online transactions that UPI PIN is only required when you’re Sending Money or checking Account balance.

2- Fraudsters may ask to download an Unverified Application.

The other trick used by Scammers is to take full control of the device by convincing victims to install the third-party unverified application on their smartphones (AnyDesk, Teamviewer, etc). This gives remote access to Scammers, mirroring every move you make like when you are typing your UPI PIN or other credentials. You should install applications from verified sources only or at-least crosscheck the background of application before installation.

3- Fraudsters may send you Phishing Links & Cloned pages.

Fraudsters will try to flood your Email and phone with messages containing some unauthorized payment links. By chance, if you click on those links may direct you to the UPI payment app or some cloned pages. In the worst scenario, it could also install malicious programs and steal your bank account credentials. Sometimes the scammers may also send a Cloned transaction page (very easy to create now a days) directly that looks very similar to the original one and victims may end up giving their UPI PIN details. Before submitting your credentials make sure to check the URL of website and compare it with the official website available.

4- Fraudsters may call you directly pretending to be a Bank employee.

Infamous way of extracting bank details nowadays, where the Scammer pretends to be an employee from your bank and will ask for the details like your UPI PIN or OTP. For successful attempts, they can also put you under the threat that if you don’t follow them your account will be closed permanently. You must remember, in any case no Bank employee will ever ask for credentials like PIN or OTP. Dare to say “NO” bluntly if someone ask for your credentials.

5- Fake Customer Care number for Banks & UPI platform.

Fraudsters these days spread fake Customer Care numbers on different platforms used for online transactions. They make sure that whenever you search for customer care numbers online, their fake numbers will appear on the top. The victims will end up giving the credentials thinking that they are talking to genuine Customer Care. Instead of blindly relying on Google search results, always try to visit official page for Customer Care number.

6- Fake & misleading UPI handles.

Social media platforms are also being used by Scammers to manipulate and allure victims easily. They include terms like UPI, BHIM, or names similar to any bank organization in the URL part, email, or the website itself to look more genuine and convincing. The victim may fall for the trap and end up giving the credentials. Avoid following pages and website on social media platforms other than the official ones.

Stay Curious Stay Protected !!

Let’s get engaged:

Youtube: https://youtu.be/EdlYV5NM_pU

--

--

Vaibhav Kumar Srivastava
Vaibhav Kumar Srivastava

Written by Vaibhav Kumar Srivastava

Penetration Tester | Masters in Information Security

No responses yet