The Modern-Day Pickpockets: Common UPI Scams
UPI fraud doesn't hack the system; it hacks the user. [6] Scammers use social engineering—manipulating people into making mistakes—to steal money. [5] One of the most prevalent methods is the fake 'Collect Request'. A fraudster sends a payment request,
often disguised as a refund or prize, and tricks the user into entering their PIN to “receive” money. [16, 17] Remember, a UPI PIN is only ever required to send money, never to receive it. [3, 15] Other common tactics include phishing scams, where fake links in emails or texts lead to sites that steal your PIN, and QR code scams, where scanning a code unknowingly authorises a payment to a fraudster instead of receiving one. [4, 5] Scammers also impersonate bank or customer service staff, creating a sense of urgency to trick you into sharing sensitive details or installing remote access apps like AnyDesk, which gives them control of your device. [2, 5, 17]
How to Fortify Your Digital Wallet
Protecting your UPI account starts with a few fundamental rules. First and foremost, never share your UPI PIN or OTP with anyone—no legitimate bank, company, or customer service agent will ever ask for it. [2, 7] Before completing any transaction, always verify the recipient's name and UPI ID on the confirmation screen. [3, 4] Be extremely cautious with unsolicited links or attachments, as these are common vectors for malware that can steal your banking information. [4, 7] It's also wise to only download UPI apps from official sources like the Google Play Store or Apple App Store and keep them updated to benefit from the latest security patches. [2, 15] For an added layer of protection, use your phone's biometric lock and enable it for your UPI app. [3, 8] Finally, avoid making financial transactions on public or unsecured Wi-Fi networks, which are easier for hackers to compromise; use your mobile data instead. [3, 15]
Recognising the Red Flags of a Scam
Scammers thrive on creating a sense of urgency, fear, or greed. [6] Any message or call that pressures you to act immediately should be a major red flag. [15, 16] This includes threats that your account will be blocked, warnings about pending legal action, or claims of an expiring KYC update. [16, 17] Similarly, be wary of offers that seem too good to be true, like unexpected lottery wins or massive cashback rewards that require you to scan a QR code or approve a request. [12] Fraudsters often send fake payment screenshots to convince merchants or sellers that a transaction is complete. [2] Always verify that money has been credited by checking your bank account statement or transaction history within your official UPI app, not by relying on a screenshot. [15]
What to Do If You've Been Scammed
If you suspect you've fallen victim to UPI fraud, time is critical. The first and most important step is to call the National Cyber Crime Helpline at 1930. [8, 23] This can help initiate a process to freeze the transaction. [23] Immediately after, contact your bank to report the fraudulent transaction and request to block your UPI account. [2, 8] Following this, you must file a formal complaint on the National Cyber Crime Reporting Portal at www.cybercrime.gov.in. [2, 11] When filing, have all details ready, including the transaction reference number, screenshots of messages, and the fraudster's UPI ID or phone number. [21, 23] According to RBI guidelines, reporting an unauthorised transaction within three days makes your bank liable for a full refund, so acting swiftly is crucial. [8]
