How to Avoid Online Payment Fraud While Using E-Wallets or UPI Apps

Online payment frauds in India are becoming increasingly more common as a growing number of users are using UPI apps and e-wallets to make digital payments. The total number of UPI transactions in February 2022 exceeded 4.53 billion, according to data analyzed by the National Payments Corporation of India (NCPI). More people are using online payment apps and e-wallets to make transactions in the country, and even people in rural areas are now affected by e-UPI scams. criminals are getting better at using social engineering tactics and tricking users by sending them payment requests on their UPI wallets. Most commercial banks, lending partners, and UPI app development communities warn users of these scams and run cyber awareness campaigns to educate users. Ultimately, it boils down to common sense for detecting and avoiding them. However, sometimes new users miss these checks and accidentally make payments to scammers. 

Did you know? There are more than 80,000 UPI frauds reported every month in India.

What is e-UPI App Fraud?

The COVID-19 pandemic has motivated many businesses to switch to a digital route, which means more and more customers are making online transactions. One of the easiest ways to make cashless payments through mobile phones is using UPI apps. e-UPI apps get connected to bank accounts and facilitate real-time transactions in seconds. And e-UPI frauds are any scams associated with these apps. The good news about using these apps is that they are designed with built-in security and safety features. However, no technology is perfect and ultimately, sharing sensitive data to outsiders becomes the sole responsibility of users who engage with these apps. 

Also Read: QR Code Scams are Rising: See ways to safeguard yourself from it

How to Avoid Online Payment Frauds in India

The best way to prevent digital payment frauds in India is to stay aware of the latest scams trending online. Online payment frauds through UPI apps are becoming more sophisticated, making them harder to detect. At first glance, payment requests can seem normal, and scammers impersonate official entities and individuals so well that users fall for their tricks. Below are some of the common ways scammers obtain sensitive information, along with steps you can take to stay safe from them:

Phishing Scams

Phishing scams are where attackers create fake websites and make them look official. Scammers send payment links to these sites through text or SMS, and people fall into their trap once they're clicked. These payment links send requests to their UPI app and debit money from their e-wallets when they approve them. 

Scams That Involve Sharing UPI PIN or OTP

Many fraudsters call customers and ask them to share a UPI OTP sent on their phones to receive app support. In some cases, the scammer might pose as a bank representative and request the customer to review their transaction history. During the process, they may ask to reset UPI PIN and ask what their current PIN is set to and dupe users this way. Remember that scammers tend to be very smart and have the skills to persuade users into giving out sensitive information over the phone. Banks or UPI app support staff never makes phone calls to customers for asking such details. The best practice is to ignore or avoid phone calls from people who claim they are calling on behalf of companies operating e-wallets in India.  

QR Code Scanning

Fraudsters send a QR code to customers and ask them to scan during checkout. When a user uses the UPI app to scan, it automatically initiates a transaction. However, UPI apps do not normally allow merchants to create and send QR codes to receive money. If you get such a request, ignore it.

Misleading UPI Names

Many scammers use the words 'UPI' or 'BHIM' at the end of their handles to make their UPI IDs look convincing. Users seeing addresses ending with @disputesNCPI or @paymentsBHIM_service often believe these to be authentic. Scammers create fake UPI IDs and get users to disclose sensitive information by paying these accounts.

Social Media UPI Frauds

Another fraud that is prevalent among UPI wallets is social media UPI scams. Users get asked to install a screen-sharing app like TeamViewer on their phones and hold their credit/debit card in front of the webcam for verification. After that, the scammer tells them to share their UPI OTP, which they receive via SMS, to complete the verification process. Once users share the details, money gets withdrawn from their accounts. 

Also Read: What are the Common UPI Frauds and How to Avoid Them?

SMS Scams

You may receive a text on your phone asking to update your UPI login credentials or update the app, along with a link contained in it. Clicking on malicious links in SMS texts can infect your phone with malware or download viruses. Attackers get unauthorised financial access to your account when you key in details using the link, and you could risk getting locked out. The best solution is to ignore these texts and not open them. Always update your UPI app and wait for developers to release patches. Visit the official website and catch up on the latest news when in doubt. 

Other Do's and Don'ts

1. Don't share personal details with anyone, such as your credit/debit card number, UPI OTP, PIN, etc.
2. Do not open suspicious UPI payment links sent to you over email. If the subject line or sender is someone you don't recognise, do not interact with it. Respond only to official emails that come directly from the app developers and banks
3. It's important to note that you never share your UPI PIN when someone wants to send you money, and no PIN is needed for receiving digital payments to your UPI ID.
4. Do not use customer support numbers listed on social media websites and internet forums for your UPI. Always visit the official website and check out the contact us pages
5. Do not respond to phone calls coming from unverified callers or locations. If someone claims to be a bank representative, ignore it. If you get contacted by a scammer, note their phone number on paper and report it to the nearest police station.
6. If you got scammed, collect your UPI transaction IDs, details, credit/debit card numbers, and visit your nearest cyber crime department to complain. File an FIR at the police station and immediately get in touch with bank authorities to work on reversing the transaction. Record your phone calls if the scammer contacted you via phone so that you have proof of the scam.
7. Keep a screenshot of your transaction history so that you can pull it out and forward it to the bank in the chance you get scammed. Never post your contact and UPI information on social media or websites since fraudsters can see your posts and reach out.
8. If you get a spam warning on your phone from a UPI app, do not ignore it. Read and be aware of what's happening since app developers try to inform users through these notification alerts.

Conclusion

Now that you're aware of how UPI apps are used and the routes attacker typically take to steal money, you can take measures to prevent them. Always exercise caution when interacting with strangers, and do not give out your financial details online unless you know them personally. When in doubt, visit the app developer's website for the latest cybercrime trends happening on the app.Follow Khatabook for the latest updates, news blogs, and articles related to micro, small and medium businesses (MSMEs), business tips, income tax, GST, salary, and accounting.

Kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime. Send an email to cybercell@khatabook.com to report the case.

Important: Never share OTPs, PINs, or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.