- Request money fraud: Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money’, ‘Payment successful receive Rs XXXXX’ etc. You need to enter PIN only for sending money.
- Do not 'Pay' or enter your UPI PIN to receive money
- Do not transfer funds without knowing to whom you are transferring. Ensure due diligence
- QR code fraud: Fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. Once the QR code is scanned on the mobile, all the banking credentials gets shared with the fraudsters. QR code scanning is like granting banking controls to the fraudsters. QR code needs to be scanned only to make payments.
- Never scan QR code for receiving payments
- Never share your UPI wallets PIN, card details like PIN, One-Time Password (OTP), CVV, expiry date, grid value, types of card (Visa, Mastercard, Rupay, etc.) to anyone even if the person claims to be from bank.
- Remote access app: Fraudsters lure the customers to download screen sharing/remote access apps like ’Screenshare’, 'AnyDesk', ‘Team Viewer’, etc. from Play Store or App Store. There are more apps similar to these apps that help in providing remote access of device to other users. These apps are not malware, but they do grant access of your mobile data to the third party. Once the app is downloaded, a 9 or 10-digit number (app code) gets generated on customer's mobile/ device which the fraudster would ask the customer to share. Once the fraudster inserts this 9-digit app code on his/her device, then s/he would ask the customer to grant certain permissions which are similar to what are required while using other apps. Post this, the fraudster will gain access to the customer’s device. Then, the customer shares the mobile app credentials and the fraudster can do the transaction through the mobile app which is already installed on the customer’s device.
- Never download third-party apps such as Screenshare, Anydesk, Teamviewer, etc. based on call request from unknown person even if caller claims to be from Bank or wallet company
- Never download any application/ UPI app/ payment wallet recommended/ requested by any unknown person
- Social media/impersonation fraud: Fraudsters track complaints in social media and share fake contacts or impersonate bankers or RBI officials in response to a post and ask for confidential information which no banker is supposed to ask for.
- Do not search for helpline numbers on Google, Facebook, Twitter. Instead, check the official website.
- SIM swap fraud: Fraudsters manage to get a duplicate SIM which provides them access to one-time passwords. They do this by pretending to be from a mobile company and asking you to forward an SMS containing the SIM card number to activate the duplicate SIM.
- Do not respond to texts, e-mails from unknown addresses to click on links.
Need to add these 2 safety tips along with other tips.
Some general safety tips to be remembered:
- Fraudster might ask you to do a legitimate small value transaction after screen sharing, this is to know your UPI PIN or Debit Card details. Disconnect the call immediately.
- Ensure no one is looking at your screen or noticing your finger movement to know your PIN. In case of remote access, the fraudster will be able to view the numbers/buttons/links being clicked.