• Apply Now

Money in bank in 24 hours

Apply Now

The modus operandi of UPI fraud

  • Highlights

  • UPI fraud cases are on the rise due to the digital shift in payments

  • Screen mirroring apps, phishing, ‘collect request’ are common ways UPI frauds are carried out

  • Do not enter your PIN or OTP to receive a payment or refund. No action is required from the receiver’s end

The digital payment initiative, Unified Payment Interface (UPI) was launched to boost India’s cashless payments segment and offer interoperability. This platform is used for real-time money transfer and has become a popular mode of payment especially during and after the pandemic. As per a study done by the National Payments Corporation of India, 2.29 billion UPI transactions were made in February 2021 alone. As more and more people started adapting to this new mode of payment due to the ease it offers, it gave fraudsters yet another platform to take advantage of unsuspecting people and UPI fraud cases started to come to light.

The modus operandi used by fraudsters to carry out UPI fraud


Phishing scams

Scammers send unauthorised payment links via text and this fake URL appears eerily similar to the original bank URL. People are not in habit of checking spellings or looking for an extra character in the domain name and believe the text at face value. When they click on the link, they are directed to the UPI payment app which is installed on the phone and the recipient needs to choose an app for auto-debit. Once the permission is granted, money gets debited from the UPI app immediately.


Gaining unauthorized access using screen mirroring apps

Multiple UPI fraud cases reported, throw light on this common modus. Either fraudster lists their numbers as customer service numbers of reputed companies on Google, or they call as bank employees or representative of financial institutions. They cite different reasons to get the victim to download an app ranging from complaint resolution to KYC detail updating to making a money transfer to the credit card.
The fraudsters suggest downloading apps such as Team Viewer, AnyDesk, or a third party essentially that gives these impersonators remote access to a person’s phone. They ask for a few permissions and get the OTP to gain full access to the device. The fraudster is now in full control of the victim’s phone and can carry out unauthorised financial transactions such as fund transfers via UPI.
How to Detect Gift Card Frauds


UPI and payment collect request

The whole charm about UPI is, being able to send money at any time or to anyone whose VPA & other details are known. Having said that, it also gives the option for people to initiate a ‘Collect Request’ which if authorized will transfer funds from the recipient’s account to the sender’s account. Often fraudsters send Collect requests while impersonating the target’s friends or family. Another reason given by scammers is getting people to approve this request to get a reversal of the debit or refund. Once the person unknowingly confirms this request, it leads to an immediate debit of the victim’s account.


By posing as sellers

Many times, when you Google a shopkeeper’s number and call the number listed on it, you can encounter an impostor posing as the seller. They list their numbers on Google under multiple businesses so people in search of those establishments end up calling a scammer. They take your order and ask for pre-payment via UPI to deliver the items and you never really receive this delivery.


Misleading UPI handles

Scammers create fake UPI social media pages (@NPCIDisputeTeam or @BHIM2help). These handles follow customer complaints and queries and look out for customer contact information on the actual UPI brand page. Scammers then use this contact information to reach out to the customer on the pretext of resolving an issue from the fake handle. They end up duping the customer and getting them to reveal their financial information via a fake UPI app. One falls prey to it just because of the presence of legitimate terms such as BHIM or NPCI.


The classic OTP or UPI PIN Fraud

A common way these fraudsters dupe people across platforms, be it UPI, e-wallets, credit card fraud is by fooling people into sharing their UPI PIN or OTP over the phone. Though OTP or UPI pin is required to carry out a transaction through any UPI app, always know that no one can request this information on a call or via text.

Bajaj Finserv and its lending arm Bajaj Finance are on a mission to beat the fraudsters by constantly reminding customers that customer care representatives or employees of Bajaj Finance or any of its subsidiaries never ask for OTP, PIN, or CVV details over Phone/SMS/Email/ Social Media platforms. Such information requests should be immediately rejected and reported by the customer.
The modus operandi of UPI fraud


Tips to prevent UPI fraud 

  • Bear in mind that to receive money, refund, or reversal of a charge, a PIN or password is not needed from your end. If you are being asked to enter a PIN to receive money or complete a transaction, your account will be debited

  • If you get a collect request from a ‘supposed’ friend or family, call and confirm if it is them

  • Do not disclose your personal details and contact information on the social media platforms of UPI apps, this can be misused

  • If you have found random shopkeepers online and not someone you have done business with before, wait for the goods to reach your house before making any payment. Do not prepay

  • Legitimate companies will not ask you to download third-party apps to resolve complaints or update KYC details – do not download 3rd party apps for issue redressal

  • Don’t download random UPI apps from text message URLs. Make sure the UPI app is verified and recognized by the RBI

While UPI fraud cases are on the rise, staying aware and alert will help you keep the imposters at bay!

Savdhaan Rahein. Safe Rahein.

How would you rate this article

 Please let us know why?

What did you dislike?

What did you dislike?

What did you like?

What did you like?

What did you like?