Table of Contents
Amidst the pandemic, when the government is putting extreme emphasis on introducing the concept of a cashless Economy in India, digital transactions have become the need of the hour. Digital transactions, like any other system, have both pros and cons. Therefore, it is necessary to stay vigilant of all the loopholes of the system. One of the primary pillars of the digital economy is UPI, which is the most preferred and used method of online transactions as all you need is a 4-digit PIN to authorize a transaction. However, UPI frauds like phishing, malware, money mule, SIM cloning and vishing are taking place quite often these days.
With the growing popularity of convenient and fast UPI transactions, numerous UPI fraud cases are occurring all over the country. Recently, UPI scams make cover page stories of newspapers regularly. The stories mostly revolve around fraudsters/hackers stealing money from users’ Bank accounts via UPI. In cases like these, often the mobile phones of the users are remotely accessed via device control apps like AnyDesk or any other.
Hackers succeed in carrying out UPI scams when you is not aware of the cyber malpractices and heedless while downloading apps from Google Play store and links from emails. This might be because of the lack of knowledge about how exactly do the fraudsters design their scams.
The most regularly occurring scams are:
Many fraudsters send you unauthorized payment links via SMS. These bank URLs though will look very identical to the original one, but are fake. When you are in a rush and click on that link without looking at it meticulously, it will direct you to the UPI payment app installed on your phone. It will then ask you to select any of the apps for auto-debit. Once permission is given from your end, the amount gets debited from the UPI app instantly. Also, clicking on a fake link may cause a virus attack on your phone, created to steal crucial financial data stored on the device. Hence, the URL needs to be carefully read before clicking on it, because the difference of even a dot should be considered before clicking on any link. These are called “Phishing Scams”.
With the growing acceptance and adoption of the work-from-home culture globally, working professionals are downloading remote screen monitoring tools, using which one can connect their smartphones and laptops via Wi-F with smart TVs. Along with authentic verified apps, there are also numerous unverified apps on Google Play and the apple app store. Once you download an unverified app, it gets full control of the device and extracts data from your phone. Also, fraudsters often pose as bank representatives and ask you to download a third-party app for “verification purposes”. Immediately after getting downloaded, the third-party apps will provide the hackers with remote access to your phone.
Though a UPI social media page(Facebook, Twitter etc) has the word NPCI, BHIM or names similar to a bank or government organisation, it is not always authentic. Hackers design similar handles so that you get deceived and reveal your account details through a fake UPI app.
Talk to our investment specialist
To complete an online transaction through a UPI app, you need to either enter the OTP (One Time Password) or UPI PIN. The OTP is sent by your bank through an SMS on the registered number. One of the most common ways hackers try to scam people is by requesting them to share their UPI PIN or OTP over the phone. Once you give them the information, they authenticate UPI transactions and money from your account gets transferred to their accounts.
Your bank will never Call and ask you about sensitive data. Therefore, if someone calls you and requests to share the account related information, understand the person on the other side of the call is not a bank executive. There is a feature on apps like Google Pay, PhonePe, BHIM, called “request money”, which fraudsters take advantage of.
Swindlers often show interest in purchasing a product advertised on different online platforms and engage with the seller on a phone call. If someone, claiming to be a buyer, asks you to share a PIN with him to receive the payment of the product you are selling, you should understand, he is trying to scam you as receiving money requires no PIN. Therefore, never reveal your PIN to strangers on phone, under any circumstance. Secure your UPI apps with biometric recognition software. Also, you can install anti-virus software for optimum security.
Today, on online marketplaces like OLX, UPI frauds are taking place quite often. People get calls from self-claimed buyers who show interest in buying their advertised products. These buyers, who are actually scammers, start convincing the sellers to send their UPI address so that the amount could be transferred. Once they share the UPI address, they get trapped and lose a hefty amount from their accounts.
Google Pay and PhonePe always give a spam warning to the users, if they receive a request from an unknown account. Always keep your eyes open and in case of such suspicious accounts, always lodge a Google Pay fraud complaint.
Make sure the apps you are downloading from Google Play Store are verified and authentic. If you mistakenly or carelessly downloaded a fake app, it becomes easy for a hacker to extract sensitive data and steal money from your account. Numerous fake apps like Modi Bhim, Bhim Modi App, BHIM Banking Guide, etc. have been reported to have extracted personal data of customers in the name of providing some valuable banking service.
E-mails often comprise content that lures you to download. Make sure you don’t download anything without scanning it for viruses/Malware.
Try to avoid using open Wi-Fi as it may give a hacker a chance to access everything on your device. Therefore, always check if the Wi-Fi is safe and trustworthy, before connecting to it.
The Chairmen and Managing Directors/Chief Executive Officers (CMD/CEOs) of banks must provide focus on the "Fraud Prevention and Management Function" to enable, among others, effective investigation of fraud cases and prompt as well as accurate reporting to appropriate regulatory and law enforcement authorities including Reserve Bank of India.
The fraud risk management, fraud monitoring and fraud investigation function must be owned by the bank's CEO, Audit Committee of the Board and the Special Committee of the Board.
Banks with the approval of their respective Boards, shall frame internal policy for fraud risk management and fraud investigation function, based on the governance standards relating to the ownership of the function and Accountability resting on defined and dedicated organizational set up and operating processes.
Banks shall send the Fraud Monitoring Returns (FMR) through the XBRL system.
Banks should specifically nominate an official of the rank of General Manager who will be responsible for submitting all the returns referred to in this circular.