Link your UPI app to a separate bank account or wallet that has only a limited sum.
Indians have lost Rs 485 crore (Rs 4.85 billion) to frauds on the Unified Payments Interface (UPI) across 632,000 incidents reported until September of the current financial year, according to data from the ministry of finance.
"Post-Covid, UPI transaction volumes have grown significantly due to the convenience UPI offers in undertaking both large and small transactions," says Vikram Babbar, partner, EY forensic and integrity services-financial services.
"But UPI frauds also tend to impact many people due to its massive user base," adds Babbar.
Key methods of fraud
Phishing links: Fraudsters send spam links via SMS, e-mails, or other means, enticing victims to click on them.
"These links either install malware, extract sensitive banking information, or trick users into entering their UPI PIN, resulting in unauthorised transactions," says Babbar.
Prashant Mali, an advocate and expert on cybercrime, informs that fraudsters often impersonate trusted entities, like banks, e-commerce platforms and other service providers, to trick victims into entering their UPI PIN.
QR code manipulation" Frauds linked to QR codes have also grown.
"Users scan QR codes with a certain set of expectations. Instead, their accounts get debited," says Amit Dubey, author and cyber security evangelist.
QR code frauds take a variety of forms. Fraudsters send QR codes claiming they are for cashback offers or refunds.
Scanning these codes leads to phishing Web sites or malware installation, allowing fraudsters to steal credentials or initiate unauthorised transactions.
Fraudsters also place fake QR codes over legitimate ones -- on parking meters, donation boxes, etc. When users scan them, the payment goes to fraudsters' accounts.
Sometimes, scanning a QR code installs malware on a victim's phone, which intercepts OTPs (one-time passwords) or accesses the UPI app and carries out unauthorised transactions.
OTP theft: WhatsApp accounts of 40 to 50 Gurugram-based doctors were hacked recently.
The fraudsters posed as representatives of an organisation sending Diwali gifts.
Since the gifts were expensive, the doctors were told to verify themselves online. They were asked to dial a number.
In fact, dialling this number activated call forwarding. All incoming calls got redirected to the fraudsters' phones.
The scammers then attempted to log into the doctors' WhatsApp accounts.
When WhatsApp sent a voice OTP to verify the login, the fraudsters intercepted the OTP, logged into the doctors' accounts, and gained control over them.
They then used these WhatsApp accounts to message the doctors' family, friends, and colleagues, asking for money. Many complied.
How to stay safe
Never open links from unknown senders and unverified sources.
"Avoid downloading apps or executable files from suspicious links," says Babbar.
Mali suggests verifying the identity of the person requesting money before responding.
Link your UPI app to a separate bank account or wallet that has only a limited sum.
"This will minimise potential losses," says Babbar.
Dubey suggests setting daily transaction limits on UPI apps.
Mali warns that QR codes are for sending money, not for receiving it.
Nowadays, security apps (like Mobi Armour) are available.
"An app like this one can scan QR codes, links, and Wi-Fi networks and ensure it is safe," says Dubey.
Update your UPI app regularly to avail of the latest security features.
To keep transactions secure, Mali suggests using only trusted apps and platforms for UPI transactions.
If you get a suspicious request from, say, your bank, verify the request by calling its customer care number.
Mali also suggests keeping yourself updated about the latest tactics being employed by fraudsters.
STEPS TO TAKE IF YOU FALL PREY TO SCAM
Disclaimer: This article is meant for information purposes only. This article and information do not constitute a distribution, an endorsement, an investment advice, an offer to buy or sell or the solicitation of an offer to buy or sell any securities/schemes or any other financial products/investment products mentioned in this article to influence the opinion or behaviour of the investors/recipients.
Any use of the information/any investment and investment related decisions of the investors/recipients are at their sole discretion and risk. Any advice herein is made on a general basis and does not take into account the specific investment objectives of the specific person or group of persons. Opinions expressed herein are subject to change without notice.
Feature Presentation: Ashish Narsale/Rediff.com