Need help Reporting a UPI Fraud ?
Get Assistance from a team of Cyber Forensics Experts
Slider

UPI (Unified Payment Interface)

UPI or Unified Payment Interface is a real time payment system developed to facilitate seamless Inter Bank transactions by using uniquely generated UPI ID without the hassle of typing your card details, or net banking/wallet password.

To be able to Send and Receive money using UPI, both parties need to have a UPI Client installed which comes in the form of various apps such as BHIM, PhonePe, Google Pay to few to name.

One can either Send / Receive Money using UPI ID and Pin. Sending money requires you to enter a PIN while receiving money does not. For receiving payment via UPI you just need to provide your UPI ID to the Sender.

To receive money, the receiver just needs to share his VPA (UPI ID) with Sender. Receiving money does not require you to enter PIN.

Fraud on Call

A. User gives UPI Pin and grant access to Remote Access Software

The problem that is encountered frequently by many users is the deduction of money despite the transaction failure (which ideally should not deduct the amount or should refund instantly if debited).

The deduction of the money concerns the User and like everyone, the first thought which comes to mind is contacting Customer Support. Contacting customer support on email may take up to 24 Hours (as stated on Official Websites) and then multiple follow ups to resolve the query.

Calling customer support on the Given number, explaining the problem and getting the issue resolved is quick and usually done in a few minutes or more, depending on the complexity of the issue, hence Customers often reach out to the Support on given phone number.

See how Business Listing Scam Works [Blog : Business Listing Scam]

1. With any consumer services such as gas agency, internet providers, sometimes the primary number is busy due to an influx a lot of customers calls or no one receiving the calls after working hours.

In such a scenario, customers search for alternative Contact numbers. This is the first trap they fall into.
Examples of how fake numbers are posted :

twitter-fake-customer-care-upi-fraud

just-dial-fake-upi-fraud

2. Customers call one of these scammer numbers and are greeted in a way similar to Customer Support (although they do not mention any specific UPI portal, they’ll just say that they provide support for all UPI Apps – Obviously alarming to raise the suspicion and yet people believe them). If asked about the usage of mobile numbers, it would be stated that it is the personal contact number of the support employee so that they can provide support after work hours..

3. Customer explains the query to this person, he is asked to provide extra details about the issue so as to not raise a suspicion.

4. After having some conversation regarding the issue, the scammer asks customers to install a remote access application such as AnyDesk, TeamViewer Quik Support and ask for access code that is displayed on the screen by means of social engineering.

5. These apps give remote device access to the customer’s phone screen, everything he types, touches or clicks on which is then mirrored on scammer’s device in real time, Scammer can then operate customer’s device remotely and make payment as well.

6. In other methodology, Scammers transfer your UPI Account to their phone.

B. Fake Money receive Request

The ‘Request’ feature on UPI apps allows a person to send you a payment request where the amount is filled in by the requester.

 

This feature is used widely by scammers to fraudulently rip money off unsuspecting victims.

In OLX scam, this feature is employed by scammers while enquiring about the product ( pretending to be an interested buyer). Scammers gain trust by saying they work in the army or police which adds credibility.

The scammer calls you regarding the product and tells you that they can not make payment in person, rather make instant payment using UPI. During this conversation, the scammer poses to buy the product posted by victim and requests the victim for UPI ID to send advance payment.

money-req-upi-fraud

Scammers often forget to enquire about product condition, warranty etc. This should raise a suspicion but the victim gives their UPI ID.

After getting the UPI ID, the scammer starts asking random questions about the product and sends money request saying that they have made the advance payment and the victim needs to enter his UPI PIN to authorize the transaction. This is infact Money Request sent to the victim which eventually transfers money to the scammer’s account from the victim’s account rather than receiving any.

This scam takes place because users are not aware about the fact that Receiving Money does not require you to enter PIN, only Sending does.

To prevent this scam, many UPI Clients explicitly warn users that they are Sending Money when a Request is made to them.

Fraud by Phishing Page

fakeform-upi-fraud

This was a fake form distributed by scammers pretending to be a gas agency. There are multiple spelling mistakes and the very rough look of the form. The scammers were still able to trick a large number of people using this form.

Prevention

  • Be alert to fraudulent Calls that ask you to download any third party app that will allow your device to be accessed remotely.
  • Uninstall suspicious apps from your Smartphone especially the ones you think were not Installed by you.
  • Use fingerprint lock as app lock if available
  • Read Money Requests carefully

Report an Incident of UPI Fraud