Why We Fall For It: The Scammer’s Playbook
UPI fraud is less about hacking technology and more about hacking human psychology. Scammers don’t break into the UPI system; they trick you into willingly handing over your money. Their tactics rely on a few key triggers: urgency, authority, and confusion.
They might call impersonating a bank official, warning that your account will be blocked unless you follow their instructions immediately. [7, 15] This manufactured panic prevents you from thinking clearly. [7] They might also create hyper-contextual scams, referencing a recent online order or electricity bill payment to sound more credible. [11] By exploiting your trust in the platform and creating a high-pressure situation, they manipulate you into making a mistake.
The Most Common Scams to Watch For
While methods evolve, most UPI fraud falls into a few categories. The most common is the 'Collect Request' scam. [6] A fraudster sends you a payment request, often disguised as a refund or prize money. [2] If you approve it and enter your PIN, money is debited from your account. Another prevalent method is the QR code scam. [8] You're sent a QR code and told to scan it to receive a payment. However, scanning a QR code is only for making payments, so entering your PIN completes a transfer *to* the scammer. [5, 7, 17] Finally, be wary of fake customer support numbers found online. Scammers post these numbers and, when you call for help, guide you through a 'process' that involves installing remote access apps or revealing your PIN and OTPs. [14]
The Golden Rule: Never Enter a PIN to Receive Money
If you remember only one thing from this article, let it be this: you never, ever need to enter your UPI PIN to receive money. [5, 7, 14] Your PIN is a secret key that authorises money to leave your account. It is exclusively for making payments, not for receiving them. Any person, message, or QR code that asks you to enter your PIN to get a refund, accept a payment, or unlock a prize is a scam. [7, 14] This is the single most important rule that can defeat a vast majority of common UPI frauds. Legitimate banks and companies will never ask for your PIN over the phone, via SMS, or through email. [2, 4]
Your 5-Second Pre-Payment Checklist
Before your finger taps that 'Pay' button, develop the habit of a quick mental check. First, always verify the recipient's name displayed on the screen before entering your PIN. [5, 10] Does it match the person or business you intend to pay? Second, double-check the amount. A simple misplaced zero can be a costly mistake. Third, if it's a 'Collect Request' from an unknown person, decline it. Fourth, if you're using a QR code, be sure it's from a trusted source. [13] And finally, question any sense of urgency. A legitimate transaction can almost always wait a few seconds for you to be sure. [10] These simple pauses are your strongest defence.
What to Do Immediately If You Are Scammed
If the worst happens, speed is your greatest ally. The moment you suspect fraud, your first call should be to the National Cyber Crime Helpline at 1930. [3, 7] This can help initiate an immediate freeze on the fraudster's account, giving you the best chance of stopping the money trail. [3] The second step is to file a formal complaint on the National Cybercrime Reporting Portal (cybercrime.gov.in). [7, 21] After this, immediately contact your bank to report the unauthorised transaction and raise a dispute directly within your UPI app's transaction history. [3, 12] Having the transaction ID, screenshots, and the time of the event ready will be crucial. [21]
