Alongside UPI’s convenience, it has also become a fertile ground for fraudulent activities. Fraudsters continuously devise new tactics to exploit vulnerabilities within the UPI ecosystem, jeopardizing the financial security of users. Let’s delve into the most prevalent types of UPI frauds, understanding their definitions and exploring real-world examples to illustrate their impact.
Few UPI Fraud Types
Courier or Parcel Delivery Scam – Tech
Fraudsters exploit the expectation of receiving a courier to deceive victims into downloading malicious apps, enabling them to intercept sensitive information and perpetrate digital frauds.
Example: A user, expecting a package, clicks on a tracking link that leads to a fake courier service website. They download an app to expedite delivery, unknowingly granting fraudsters access to their SMS messages and sensitive UPI details.
Malicious Software (Malware) – Tech
Malware is malicious software designed to infiltrate devices and steal sensitive information. In the context of UPI fraud, malware can intercept UPI transactions, capture banking credentials, or perform unauthorized transactions.
Example: A user unwittingly downloads malware via a suspicious email attachment. The malware infects their device and captures their UPI login details, allowing fraudsters to access their account and make unauthorized transactions.
Mobile Number Duplication (SIM Cloning) – Tech
SIM cloning involves duplicating a victim’s mobile number to intercept OTPs or other security measures required for UPI transactions. Fraudsters use this method to gain unauthorized access to victims’ UPI accounts.
Example: A fraudster clones a victim’s SIM card to intercept OTPs sent by the bank for UPI transactions. With access to OTPs, they can authorize fraudulent transactions without the victim’s knowledge.
Screen Monitoring App Fraud- Tech
Fraudsters trick users into installing malicious apps on their devices that monitor their screens. These apps capture sensitive information such as UPI PINs or OTPs during transactions, compromising security.
Example: A user downloads a seemingly useful app that claims to enhance device performance. Unbeknownst to them, the app secretly monitors their screen activities, capturing UPI PINs entered during transactions.
Email and Website Spoofing (Phishing) – Tech
Phishing involves fraudulent emails, messages, or websites designed to mimic legitimate entities such as banks or payment platforms. These fake communications aim to trick users into divulging their UPI PINs, passwords, or other sensitive information.
Example: A user receives an email appearing to be from their bank, requesting them to update their UPI credentials by clicking on a link. The link redirects them to a fake website that captures their login details.
Counterfeit UPI QR Codes – No Tech
Fraudsters create counterfeit QR codes, typically displayed at legitimate merchant locations or sent via messaging platforms. Unsuspecting users scan these QR codes to make payments, unknowingly transferring funds to the fraudster’s account instead of the intended recipient.
Example: A customer scans a QR code displayed at a local store to make a payment. Unbeknownst to them, the QR code has been tampered with by fraudsters to redirect the payment to their account.
Bogus Merchants or Fraud Sellers – No Tech
Fraudsters pose as legitimate sellers on online platforms, offering attractive deals or products at discounted prices. Victims make advance payments for goods or services that are never delivered, resulting in financial loss.
Example: A customer purchases electronics from an online store offering significant discounts. After making the payment via UPI, they never receive the products and find that the seller has disappeared.
Fake Collect Requests – No Tech
Fraudsters send fraudulent collect requests posing as trusted sources, tricking users into approving transactions without realizing they are authorizing fraudulent payments.
Example: A user receives a collect request seemingly from a family member or friend, requesting urgent payment. Trusting the sender, they approve the request, only to find out later that it was a scam.
Fabricated Payment Screenshots – No Tech
Fraudsters fabricate screenshots of payment transactions to deceive victims into believing they have received funds. This tactic aims to trick users into making further transactions or providing goods or services without actual payment received.
Example: A seller receives a screenshot showing a successful payment for their goods. Trusting the screenshot, they dispatch the goods to the buyer, only to realize later that the payment was fabricated.
Voice Phishing (Vishing) – No Tech
Voice phishing, commonly known as vishing, involves fraudsters using phone calls to impersonate bank officials or customer service representatives. They manipulate victims into revealing sensitive information such as UPI PINs, OTPs (One Time Passwords), or banking credentials. For instance, a fraudster might call pretending to be from a bank, urgently requiring the victim to verify their UPI credentials due to a security breach.
Example: An individual receives a call from someone claiming to be a bank executive, informing them of unauthorized transactions on their UPI account. To rectify the issue, the victim is persuaded to disclose their UPI PIN and OTP, unwittingly providing access to their account.
Misleading UPI Identifiers – No Tech
Fraudsters create deceptive UPI identifiers (like UPI handles or QR codes) that resemble legitimate ones. Users inadvertently transfer funds to these misleading identifiers, believing them to be genuine.
Example: A user intends to transfer money to a friend’s UPI handle but mistypes a character, sending the funds to a fraudulent UPI handle controlled by a fraudster.
Money Laundering Scheme (Money Mule) – No Tech
Fraudsters recruit individuals as “money mules” to receive illicit funds into their bank accounts and transfer them elsewhere. This scheme aims to disguise the origin of fraudulent funds obtained through UPI transactions.
Example: An individual is offered a commission to receive funds into their bank account and transfer them to another account. Unaware that they are participating in illegal activities, they become unwitting accomplices in a money laundering operation.