Digitalisation in India has significantly simplified everyday life, but there have also been many cases of its misuse. The popularity of the online medium has increased in addition to the increasing number of online fraud. The risk of UPI fraud has also increased along with the use of UPI.
What is UPI fraud?
UPI (Unified Payments Interface) fraud refers to any type of fraudulent activity that takes place in the context of UPI-based digital transactions. UPI is a popular payment system that allows users to transfer funds instantly between bank accounts using a mobile device. While UPI has made transactions faster and more convenient, it has also made users more vulnerable to fraud and scams.
Types of UPI fraud
Here are some common types of UPI fraud:
● Phishing:
Phishing is when fraudsters send fake UPI links or ask for sensitive information such as UPI PINs, passwords, and OTPs through text messages, emails, or phone calls. Once they receive this information, they use it to transfer funds or make purchases without the user's consent.
● Malware
It is a software that can be used to steal a user's UPI login credentials, payment information, or other sensitive data.
● Money mule
In this type of UPI scam, fraudsters use unsuspecting users as intermediaries to transfer funds obtained through illegal means. They may promise the user a commission or other incentives in exchange for using their UPI account to receive or transfer funds.
● SIM cloning
SIM cloning is a process where fraudsters create a duplicate SIM card of a victim's mobile number. They can then use this SIM card to access the victim's UPI account and transfer funds without the victim's knowledge.
● Vishing
It is a type of UPI scam where fraudsters use voice calls to trick users into revealing sensitive information such as UPI PINs, passwords, and OTPs. They may pose as bank officials or representatives from UPI payment providers to gain the user's trust.
How do hackers execute UPI fraud?
Here’s how hackers execute UPI fraud:
- It starts with a random call from a fraudster who pretends to be a bank representative to get the target's attention.
- The fraudster asks verification questions like the target's name, date of birth, or mobile number to make the call sound legitimate.
- The fraudster claims that there is a problem with the UPI app or website and uses technical difficulties to talk to the victim. They create false stories and convince the victim to share their personal information to resolve the issue.
- The fraudster then asks the victim to download an application on their phone, such as AnyDesk or ScreenShare, available on the Google Play Store or App Store.
- While downloading the application, it asks for the user's privacy permission, like any regular app. However, these apps can access everything on the phone.
- The fraudster will then ask the victim for the OTP generated on their phone. As soon as the victim reveals the code, the hacker will also ask for permission from the phone.
- When the app acquires all permissions required, the caller starts to take complete control of the victim's phone without their knowledge. After gaining full access to the phone, the hacker steals passwords and begins transacting with the victim's UPI account.