Detect UPI/OTP Fraud
Detect UPI/OTP Fraud
Don’t Become a Victim of UPI / OTP Frauds :-
- Unified Payment Interface is a fasted method to make payments digitally and is rapidly gaining immense popularity. Digital transactions have made life easier and saving time of going all way to vendor pay the cash / cheque or even logging on to internet to do an IMPS, NEFT or an RTGS Transaction. In the recent trends the whole country is rushing towards a cashless economy.
- UPI is one of the most chosen methods of payment in the recent times. All you need is just a 4-digit PIN to authorise your financial transaction and the whole transfer process is done in seconds. Of course, convenience definitely comes with its share of liabilities– and that’s what we’re going to see in this article.
- Please note almost all the UPI Apps i.e. Google Pay, PhonePe, Paytm are robust and technologically highly secured, but be cautious that Scammers have good knowledge of social engineering tactics to steal the money using Phishing, Vishing, Smishing, Malware, SIM Clone and other means.
Modus Operandi of UPI / OTP Frauds :-
- Fraudsters usually call targets to get their attention, they impersonate themselves as a bank representatives, calling for a regular issue like KYC updates, Redeeming Bonus Points and Cash Backs.
- To make the call sound legitimate, they mimic the actual bank process, they proceed to ask verification questions like your date of birth, name and mobile number etc.
- Scammers usually create a false story that the victim may have to give their personal data to resolve the issue.
- Once the Scammer has convinced the victim, they proceed to ask the latter to download an application on their phone. Most common app is AnyDesk and other screen sharing devices, which are available on the Play Store / App Store.
- After downloading AnyDesk or any other screen sharing application, it asks for the user’s privacy permission, like any regular app. Please note that these apps can access everything on your phone.
- The Scammers will then ask the victim for a OTP, which is generated on their phone. After the victim reveals the code, the hacker will also ask to grant permission from the phone.
- When the app acquires all permissions required, the caller starts to take full control of the victim’s phone without their knowledge. After getting full access to your phone, a scammer steals passwords and begins transacting with the victim’s UPI account.
- Let’s also discuss 04 Alternatively methods of how they steal money
- Fraudsters send an SMS and ask the victim to forward it on another number that they provide. After the message is successfully sent, it permits the fraudster to link the victim’s mobile number or account through UPI to their mobile.
- Fraudsters send an SMS with Short Links and Google forms and asking them to fill the username / password and OTP / UPI Details.
- Alternatively Scammer (Impersonating as buyers) sends a (regular) payment request to your Virtual Payment Address on apps like Google Pay, PhonePe, Paytm etc.
- Alternatively Scammer (Impersonating as buyers) sends a (QR Code) payment request to your Virtual Payment Address on apps like Google Pay, PhonePe, Paytm etc.
Scammers follow a pattern whilst doing the Social Engineering Frauds, and we have collated the sequence of steps that they do based on our interactions with the Victims.
How to Safeguard Yourself from UPI / OTP Frauds :-
Scammers use phishing scams obtain details of personal or financial information
- Look for a Secure Payment (https:// - URL with a Pad Lock Symbol).
- Never share OTP / UPIN / MPIN Numbers in any form, to the buyer or seller.
- Never do the Payment Transaction while you are on the call.
- Do not click and fill up any Short Links provided by the buyer or seller.
- Do not fill google forms links provided by the buyer or seller.
- Do not the Scan the QR Code, If you are scanning means money is getting debited from your account.
- Avoid using Screen Sharing Softwares i.e. ScreenShare, AnyDesk, TeamViewer etc on Smartphones for resolving any banking related issues.
- Do not search for your app’s customer support numbers on Google, or any social media. Visit the official website of your app or bank and, from there, find out the customer-care number.
Reach us at: email@example.com