Fraud using UPI platform:
By using the modus operandi mentioned below, fraudsters can get easy remote access to mobile device and remotely do transactions:
- Fraudsters lure the customers to download an app called 'AnyDesk' from Play Store or App Store. There are more apps similar to 'AnyDesk' that help in providing remote access of device to other users.
- Once the app is downloaded, a 9-digit number (app code) gets generated on customer's mobile/ device which the fraudster would ask the customer to share.
- Once the fraudster inserts this 9-digit app code on his/her device, then s/he would ask the customer to grant certain permissions which are similar to what are required while using other apps
- Post this, the fraudster will gain access to the customer’s device.
- Then, the mobile app credentials are vished from the customer and the fraudster can do the transaction through the mobile app which is already installed on the customer’s device.
With the help of the above modus operandi, the fraudster can do transactions through any Mobile Banking and payment related apps (including UPI, wallets etc.)
- Always verify and instal the authenticated UPI app/payment wallets from the Google Play Store and Apple Store
- Never download any application/ UPI app/ payment wallet recommended/ requested by any unknown person
- Only download those applications/ UPI app/ payment wallets which are owned by trusted or reputed companies/ banks
- Never download any application/ UPI payment/ payment wallets which you have never heard about
- Always read reviews before downloading any application/ UPI app/ payment wallet
- Be alert before giving permissions while downloading any application on your mobile
- Register your e-mail ID and verify to get notified of any untoward or unauthorised action on your account
- If you misplace or lose your phone, please get the SIM blocked immediately and log out of your account from the web
- Always check your banking transaction alerts sent via SMS and e-mail for unauthorised transactions. Once you find an unauthorised transaction, immediately inform the bank.
- Do not transfer funds without knowing to whom you are transferring. Ensure due diligence.
- Never share your UPI wallets PIN, password, OTP and M-PIN with anyone, even if the person claims to be a bank employee.
- Do not click on any unknown link via SMS and e-mail for making a digital payment. Always use trusted and protected website.
- Never share your card details like PIN, One-Time Password (OTP), CVV, expiry date, grid value, types of card (Visa, Master, Rupay etc.) to anyone even if the person claims to be from bank.
- Change your passwords regularly. Passwords should have a unique character, so that they are not guessed by anyone.
- Always validate Mobile Money Identifier (MMID) and mobile number.
- Be observant of incoming Unstructured Supplementary Service Data (USSD) requests.