UPI fraud involves deceptive practices within the UPI system where fraudsters exploit vulnerabilities to gain unauthorized access to funds or sensitive information. By definition, UPI fraud occurs when individuals are tricked into revealing their UPI PIN or other confidential details through various deceptive methods. For instance, imagine receiving a message claiming to be from your bank, asking you to verify your UPI PIN due to a supposed technical issue. Believing it to be genuine, you provide your PIN, unknowingly enabling fraudsters to access your account and initiate unauthorized transactions.
Another scenario involves making a payment using a QR code at a store. However, the QR code has been tampered with by fraudsters to redirect the payment to their account instead of the store’s, leading to financial loss.
These scenarios highlight how unsuspecting individuals can fall victim to UPI fraud. It underscores the importance of vigilance and verifying the authenticity of communications before sharing any sensitive information. By staying informed and cautious, you can protect yourself against such fraudulent activities in digital transactions.
Fraudsters employ various tactics, including manipulating device settings with malware for illicit activities, as well as deceiving victims through manipulation alone in some cases. The table below categorizes these tactics accordingly.
- Courier or Parcel Delivery Scam – Tech
- Malicious Software (Malware) – Tech
- Mobile Number Duplication (SIM Cloning) – Tech
- Screen Monitoring App Fraud- Tech
- Email and Website Spoofing (Phishing) – Tech
- Counterfeit UPI QR Codes – No Tech
- Bogus Merchants or Fraud Sellers – No Tech
- Fake Collect Requests – No Tech
- Fabricated Payment Screenshots – No Tech
- Voice Phishing (Vishing) – No Tech
- Misleading UPI Identifiers – No Tech
- Money Laundering Scheme (Money Mule) – No Tech
How Hackers Conduct UPI Fraud
It has been observed that fraudsters continually devise new methods to deceive people, often employing a systematic approach to execute these frauds repeatedly. Here are the tips to recognize common types of fraud:
- Courier or Parcel Delivery Scam
- Method: Deceiving victims by pretending to assist with courier delivery issues, leading to downloading of malicious apps and disclosing sensitive information.
- Malicious Software (Malware)
- Method: Using malware to intercept UPI transactions, capture banking credentials, or perform unauthorized transactions.
- Mobile Number Duplication (SIM Cloning)
- Method: Cloning victims’ SIM cards to intercept OTPs required for UPI transactions.
- Screen Monitoring App Fraud
- Method: Tricking users into installing apps that monitor their screens to capture sensitive information like UPI PINs.
- Email and Website Spoofing (Phishing)
- Method: Sending fraudulent emails or creating fake websites to deceive users into disclosing UPI credentials.
- Counterfeit UPI QR Codes
- Method: Creating fake QR codes to redirect payments to fraudster accounts instead of intended recipients.
- Bogus Merchants or Fraud Sellers
- Method: Posing as legitimate sellers online to attract victims into making advance payments for goods or services that are never delivered.
- Fake Collect Requests
- Method: Sending deceptive collect requests to trick users into approving fraudulent transactions.
- Fabricated Payment Screenshots
- Method: Creating fake payment screenshots to deceive victims into providing goods or services without actual payment.
- Voice Phishing (Vishing)
- Method: Using phone calls to impersonate bank officials and manipulate victims into revealing UPI PINs or OTPs.
- Misleading UPI Identifiers
- Method: Creating deceptive UPI handles or QR codes that resemble legitimate ones to redirect funds.
- Money Laundering Scheme (Money Mule)
- Method: Recruiting individuals as money mules to receive illicit funds into their accounts and transfer them elsewhere.
These tactics outline how fraudsters exploit various methods, both technical and through deception, to perpetrate UPI frauds.