Online payments have increased exponentially in India. This has also given cyber criminals an opportunity to target gullible citizens.
Various factors have contributed to the recent rise in frauds. These include digital illiteracy, smart-phones penetration, multiple modes of payment through apps, lack of awareness among the masses etc.
The fraudsters attempt to leverage human emotions like greed, sense of urgency, fear etc. to make them part with their hard earned money. In this write-up, we shall understand the various methods being used by fraudster to de-fraud people.
Request Money Fraud:
Unified Payment Inter-face, offers a collection request feature. It enables user (A), to collect money from other user (B). The person to whom the request is sent (B), must assent it by entering his confidential UPI PIN, to complete the process. Thus, the process has built in checks, and payment is made only after the debiting user (B) allows it.
The complete process can be represented below as:
Step 1: Persons A ---->Sends collection request to B.
Step 2: B enters his confidential UPI PIN to complete the process.
Step 3: Money gets credited into A’s account and debited from B’s account.
However, the fraudsters misuse this feature.
Fraudster call the victim on pretexts like refund and convince them with the data already gathered about the victim. Once the victim expresses faith in the fraudster, he sends a payment link to the victim (in reality a collection request).
The collection request is sent with fake messages to hide its true nature. Few examples of such messages include:
The fraudster then asks the victim to enter his UPI PIN to accept the refund into his / her account. The victim, thinking it as payment link, enters the UPI PIN, following which money gets deducted from his account.
You can read in detail about UPI based frauds at the link: https://cyber-cops.com/cyber-victim/upi-based-frauds-in-india-2020
QR Code Fraud:
In apps like Google Pay, there is an option to scan QR codes to process payments. Fraudsters exploit this feature, to commit fraud.
Fraudsters send a QR code over WhatsApp, and ask to scan it to receive the money. Once you scan the code and enter your confidential UPI PIN, your account is debited rather than being credited. This is because, the QR code sent by fraudster is a collection request rather than a payment request.
Like other UPI based payment, you need to scan the code and enter PIN only to make payment. So, if someone asks you to scan the QR code and enter PIN, deny doing it.
Scanning a QR code potentially poses even graver threats – “QR codes can encode a lot of information, but can also perform hidden unauthorized actions like connecting to a Wi-Fi network or navigating to a malicious link. This makes scanning a QR code risky, as there is no way of reading the information contained inside it, before exposing the device to the unsuspecting payload”. If you scan a QR code that seems suspicious, you must pay attention to what the code executes.
To read in detail, about QR code frauds, navigate to: https://cyber-cops.com/cyber-victim/qr-code-frauds-and-how-to-prevent-in-india-2020
Remote Access App:
The fraudsters call innocent people on different pretexts like purchasing OLX product, money refund by Zomato, sending lottery money etc. After gaining the trust of the person, fraudster asks the victim to install screen sharing apps like Any Desk, Team Viewer, Screen Share etc. as a pre condition to transfer money into the account.
Once you install the screen sharing app and exchange codes, your screen is visible to the fraudster. Any page you are watching on your smart-phone is also visible to the fraudster.
Fraudster then asks you enter the payment details like debit card. You fill it up, having a false sense of security that OTP will be needed for any outgoing payment. You remain unaware of the fact, that your screen is visible to the other person.
Once you fill in the card details, it is processed and you receive an OTP on your phone. As you open the message to read it, the fraudster also reads it. Fraudster then uses the OTP to perform unauthorized bank transaction or to buy online products.
RBI Warning About “ANYDESK” App:
On Feb, 2019 RBI alerted banks about fraudulent transactions on the Unified Payment Interface (UPI) platform. RBI’s cyber security and IT examination cell warned user that a mobile app “AnyDesk” was targeting the mobile phone of customers.
It seeks permission to access control the phone like any other application. However, when the permission is granted by a user, “AnyDesk” app allegedly steals confidential data on the phone to carry out fraudulent transactions through other payment apps available on the phone.
Read more about frauds perpetuated with remote screen recorder apps at: https://cyber-cops.com/cyber-victim/fraud-using-screen-recorder-apps
Social Media/ Impersonation Fraud:
At times, we complaint of poor services of Zomato, Uber, Flipkat, Amazon on social media sites, consumer complaint forums etc. The aim is to educate others, seek solutions or to prevent others from being de-frauded.
However, sharing personal details like mobile number enables fraudster to target us. This is because, fraudsters also track similar complaints, to find a good reason to call you.
In most cases, they impersonate as helpline individuals e.g., Zomato customer care. They ask confidential questions citing need of verification before rendering any help. As soon as, they gather sensitive information, they misuse it and then vanish like puff of dust.
SIM Swap Fraud:
You need a One Time Password (OTP) sent by your bank on the linked phone number to complete the log-in process, isn’t it? But what if fraudsters swap the SIM? It will give them complete control over the number and thus OTP also.
Thus, in a SIM Swap fraud case, fraudsters manage to get a new SIM card issued against the victim’s number through the mobile service provider. With the new SIM, they perform unauthorized financial transactions by having the access to OTPs and alerts.
To read more about SIM Swap frauds, click here: https://cyber-cops.com/cyber-victim/what-are-sim-swap-frauds-how-to-prevent-in-india-2020
Be vigilant and aware, to prevent being victim of these most common types of online frauds in India. In case, you become a victim of cyber crime, here is the procedure to get money back in case of online frauds - https://cyber-cops.com/cyber-victim/latest-cyber-cell-contact-details-in-india-2020