What is UPI?
UPI or Unified Payments Interface has gained immense popularity for its user-friendly features. It is a single platform that brings together a variety of banking services and features under one roof. To send and receive money, all you need is a UPI ID and PIN. The UPI ID can be created using the bank account's credentials as well as the mobile phone associated with the account. An OTP (one-time-password) will be sent to the user's mobile number, which may be used to complete the registration and set a PIN. The cellphone number or the UPI ID can then be used to complete transactions. Users don't have to know the account number, account type, IFSC, or bank name of their beneficiaries. They can send money by simply utilising the bank's registered cellphone number or the UPI ID. While it is exceedingly handy to use, it has also extended the scope of cyber-attacks and created numerous concerns about digital security.
Did You Know?
There have been many Fraudsters who targeted innocent e-commerce users by asking them to enter their UPI PINs in the app instead of their UPI IDs to complete payment and vanish with their money.
Also Read: How Secure is BHIM UPI? | A Complete Guide
What is UPI and how it functions
Customers can use a mobile platform to make simple bank transactions using a UPI interface. It was developed by the National Payments Corporation of India (NPCI) and is governed by the Reserve Bank of India (RBI). Users may conduct speedy mobile transactions with just one click by using certified digital payment apps like Google Pay, Paytm, and PhonePe. Although UPI has a significant impact on the digital economy, it also poses significant security threats.
The Different types of a UPI scam
With the increase in the number of UPI transactions, there has also been an increase in the number of online financial attacks, UPI fraud complaints, hacking, cyber-frauds, and other hazards. Given below are a variety of ways in which the UPI scams take place:
Phishing Scam
This is a scam in which payment links are sent by fraudsters in the form of an SMS. These fake bank URLs will look almost identical to the original URL. Upon clicking on that link, it will take you to the UPI payment app on your phone, where any app can be chosen for an auto-debit. Upon giving permission, the money will be deducted from the UPI account immediately. Also, the phone will be infected by a virus or malware that can steal the financial information that has been stored on the phone.
Unverified Links
Many users are unaware that receiving money via the UPI app does not require scanning a QR code or entering your UPI pin. Hackers frequently send fake links with the option to request money. Once you click on this link, it will ask for your UPI pin or to scan a code. This exposes your financial information to hackers.
Remote screen monitoring
Downloading an unverified app from the app store can sometimes result in a privacy breach and data leak. These third-party apps can collect personal information from your phone and access UPI app information, which can lead to UPI fraud.
Deceptive UPI handles
Fraudsters are always coming up with new ways to deceive people, and one of them is using social media. On social media, there may be false pages with names that sound similar to real ones, and people may fall for it. It's risky to put your personal information on such sites. You can be cheated using screenshots of your UPI handles. It is wise not to upload these in the public domain.
Fake Calls
Fraudsters will contact you claiming to be bank employees, asking for your UPI pin, or requesting you to download a third-party app for verification purposes. This provides them access to your personal information and account information. It's better to ignore such inquiries unless they are from verified sources.
Money Mule
Money Mule is a more sophisticated scam in which fraud rings get the victim's data and then transfer money to an intermediary account to store the plunder. This account serves as one of the money mules, storing funds obtained from many victims.
SIM Cloning
SIM cloning is a relatively new innovation that has exploded in popularity since banks made OTP essential. A scammer can even modify the UPI PIN if he/she clones your SIM. To reset the PIN, the fraudster obtains the victim's bank account information and ID proof.
Malware
Malware is one of the most common types of cybercrime, and it can be downloaded by accident via a phishing email attachment or an unprotected website. Malware is created with the intention of extracting and copying data from the infected device.
How are UPI frauds executed by Hackers?
A large number of Hackers are seen to follow a set pattern when it comes to fraudulent transactions. Some of these are as follows:
Step 1
Instead of messaging, fraudsters generally call their targets to grab their attention. They frequently impersonate a bank official and request an apparently harmless issue.
Step 2
To make a telephone sound genuine, fraudsters ask for some basic verification questions like name, date of birth, and mobile number.
Step 3
To talk to the victim, hackers frequently exploit technical issues in the app or website. They tell them a problem which can be resolved only by giving some personal information. In this way, they take away their information.
Step 4
Once the victim has been convinced, the fraudster will ask them to download an application to their phone. AnyDesk and ScreenShare are two of the apps available on the Google Play Store.
Step 5
AnyDesk, like any other program, asks for the user's permission to access their personal information when they download it. However, don't be fooled: these apps have full access to your phone.
Step 6
The fraudster will then request a 9-digit OTP from the victim, which will be produced on their phone. The hacker will ask for authorization from the phone as soon as the victim provides the code.
Step 7
When the app has all of the necessary permissions, the caller takes full control of the victim's phone without their awareness. After gaining complete access to your phone, a hacker steals credentials and uses the victim's UPI account to conduct transactions.
Also Read: UPI-like platform needed for easy credit disbursal to MSMEs, says Union IT Minister
Various methods to prevent and control UPI scam
Some measures have been given below to control UPI frauds:
- No government or financial institution will seek personal information through text messages or phone calls. If you suspect UPI fraud, block the e-wallet as soon as possible by phoning the bank. This will avoid further losses. The scam should be reported to the police or the cybercrime cell immediately.
- Unverified communications or phone calls from anyone pretending to be bank representatives should be ignored. SMSes in the name of the Employee Provident Fund Organisation (EPFO) or the Insurance Regulatory and Development Authority of India can also be delivered (IRDAI). It's worth noting, though, that they don't send messages to users.
- Instead of using Google to look for customer service numbers, try using the official website. Scammers frequently post illegitimate phone numbers on websites that appear to be authentic or authorised but are not.
- On UPI, users should not accept payments from unknown accounts. If you receive money demands that aren't identifiable, simply deny them.
- UPI payment apps have an excellent feature that alerts users if they receive a request from an anonymous account, which helps to avoid fraud. Do not disregard this warning, as doing so could cost you thousands of rupees.
- Always keep your laptops and desktops safe by installing anti-virus software in them.
Conclusion
Online payments are the most beneficial. These have become a part of our daily lives and it is important for everyone to be highly aware of the various methods by which fraudsters can deceive you. They can come up with an interesting new manner of tricking you into sharing your details with them. It is therefore extremely important to be very cautious when making online payments. Kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime. Send an email to cybercell@khatabook.com to report the case.
Important: Never share OTPs, PINs, or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.
Follow Khatabook for the latest updates, news blogs, and articles related to micro, small and medium businesses (MSMEs), business tips, income tax, GST, salary, and accounting.