With digital transactions taking over, we are increasingly seeing more online payment fraud. In fact, according to the Reserve Bank of India, comparing March 2022 to March 2019, digital payments have risen in volume and value by 216% and 10%, respectively. And, UPI, IMPS, and PPI transactions among digital payments recorded CAGRs of 104%, 39%, and 13% throughout the same period, respectively. As evident by the stats, Indians are starting to go all-in with digital transactions, but one can’t deny the security issues that loom, thanks to the lack of education and know-how when it comes to online payments. Here, we will discuss the top five online payment frauds plaguing India.
1) UPI Frauds
It is widely acknowledged that UPI is the most common way to make day-to-day payments in India. Now, a lot of people are still foreign to the concept, but some marketplaces that allow people to sell pre-owned belongings are starting to see an influx of UPI frauds. This is how it goes:
Users puts up an ad for, let’s say, a Sofa.
A potential buyer (scammer) messages the user saying that they are on-board with the deal, negotiates slightly (to appear genuine) and then asks whether they can “book” the product by paying online?
The user happily agrees and asks the buyer to send the money. Scammer asks for the seller’s UPI ID to transfer the decided amount. Now, instead of transferring the amount, the scammer generates a UPI request that goes straight to the seller.
More than likely, at this point, the scammer calls the customer to distract the seller and asks the seller to approve the UPI transaction.
Unfortunately, many users have fallen prey to this, failing to read the fine print and approving the request. This results in an immediate transfer of money to the scammers account. Several other UPI frauds, including impersonation, phishing, and OTP access, are spreading like wildfire. Scammers end up impersonating businesses and notable merchants and ask unsuspecting customers to pay in advance or even connect with you using a UPI handle that looks as if it were an official account.
2) Remote Access/Screen Sharing Frauds
Time and again, we have seen the elderly and people new to online banking, get victimised due to remote takeovers of their devices. Fraudsters usually pose as bank employees, looking to enable a certain service or resolve an error on your phone. They will warn you about the consequences and threats to your bank account if they don’t resolve the issue. Post haste, they end up following the instructions given by the fraudster and end up installing a remote access/screen sharing app. As soon as you give them access, scammers get to work by acquiring sensitive information such as OTPs, saved passwords, banking credentials, etc.
RBI states, “If your device faces any technical glitch and you need to download any screen sharing app, deactivate / log out of all payment related apps from your device. Download such apps only when you are advised through the official Toll-free number of the company as appearing in its official website. Do not download such apps in case an executive of the company contacts you through his / her personal contact number. As soon as the work is completed, ensure that the screen sharing app is removed from your device.”
3) Scam using QR Codes
The widespread QR Code scam has made its way into India as more and more people start using smartphones and online payments in general. In a circular by RBI, it is stated that customers are frequently contacted by con men under a variety of guises and convinced to use the banking applications on their phones to scan QR codes and the moment users scan the code, they unknowingly authorize money transfer into the scammer’s bank account.
4) Frauds That Manipulate Search Engine Results By Compromising Credentials
A lot of people resort to search engine results for acquiring contact details of their banks, insurance companies and merchants. Usually, this works out great but occasionally, fraudsters can use techniques like SEO to rank their manipulated credentials imitating a real website or entity. So, customers end up calling the fraudster’s instead of their real bank.
Unfortunately, these fraudsters are highly manipulative and end up convincing you to share your sensitive details. To prevent this, it is advised that you cross-check the phone number or email, and learn to identity real entities. Also, RBI says “Do not call the numbers directly displayed on the search engine results page as these are often camouflaged by fraudsters. Please also note that customer care numbers are never in the form of mobile numbers.”
5) Phishing Links Scam
Fraudsters can trick users by making impersonating websites that resemble the real entities. Users new to online transactions and e-commerce can fail to identify such websites and end up completing transactions, only to receive nothing in return. It is common to receive the URL of such websites on messaging apps and social media. Fraudsters also use bulk messaging services to broadcast SMS to unsuspecting users.
