Common UPI Frauds and How to Avoid Them

UPI has revolutionised how we, as a country, go about everyday transactions. Thanks to it, standing in queues at the ATM is thankfully a thing of the past. It has also eliminated the need to calculate and count change for each transaction– a major win for a lot of us who are not particularly fond of mental math. 
That said, as is the case with all technology, some use it for good, and scammers do their best to exploit it. UPI is no different, and fraudsters have found and are constantly coming up with new ways to exploit unsuspecting users.
If you want to know what the most common UPI payment frauds are happening in India today, and how to avoid them, this guide is for you. 
 

What Are UPI Frauds?

UPI Frauds, a.k.a UPI scams, are the tactics scamsters or bad actors use to steal money or gain sensitive information related to UPI accounts. Think of them as the same tactics used to gain your bank info or credit card details, but this time within the UPI ecosystem.
It is essential to be aware of and spread awareness regarding this issue, as the UPI frauds have been steadily rising in the country. According to data presented in the Lok Sabha, in the financial year 2022-23, the number of such instances was 7.25 lakhs. This figure also doubled in 2023-2024 to 13.42 lakhs.  
Another national survey conducted this year found that 1 in 5 Indian households have faced some form of UPI fraud in the past three years. What's worse is that 51% of the 32,000 respondents of this survey from across 365 districts in India never filed a complaint. This indicates that the scale of the problem could be even higher. 

6 Common Types of UPI Frauds In India

UPI scammers employ a host of tips and tricks to steal money or information. Here are the most common UPI frauds ones to look out for. 

1. Phishing Scams

Phishing is one of the oldest scams in the book. You receive an email or a message that looks "official" from either a bank or a known brand. In it is a link that takes you to a fake website and asks you to enter sensitive details, and all your keystrokes are captured here. 

Fake Customer Support Calls

Here, scamsters pose as support agents representing a bank or your UPI app. They attempt to trick you into sharing sensitive information, like an OTP you may receive or your UPI pin. The justification can be anything from verification of KYC to claiming that your account is blocked, and this info is required to unblock it. 

Unauthorised Payment Requests (Collect Request Scams)

The scams are payment requests disguised to look like you are about to receive a refund, a cashback, or win some prize money. The interface used is also designed to be indistinguishable from the original UPI app. If you tap “approve,” money leaves your account instantly.

Screen Sharing and Remote Access Frauds

Here again, you will be contacted by scammers posing as support executives. They will ask you to install the screen-sharing or remote access apps to assist you. Once you hand over control to them, they quickly install key loggers or monitor your screen remotely to gain access to sensitive information. 

Fake UPI Handles and QR Code Frauds

In this UPI scam, fraudsters create a fake UPI ID that looks similar to an official one or replace a merchant’s QR code with their own. Anytime you make a payment, the money then goes to the wrong account.

SIM Swap Fraud

These are the most notorious of all the UPI scams. Scamsters first steal sensitive data and then duplicate your SIM, which then gives them access to all the OTPs they need to drain your accounts. 
Also Read - Scam-Safe Borrowing: A Checklist to Verify RBI-Regulated Lenders 

How UPI Frauds Happen: Fraudster Techniques Explored

All of the above scams use either one or a combination of the following techniques. Each of them either exploits the technology itself or exploits human psychology. The most common of these include: 
•    Social engineering - This is a technique where fraudsters try to gain your trust while seeming to be or represent a legitimate entity.  
•    Create urgency - Scamsters trick you into acting quickly so that you panic and do what they want. The format is usually "You have X minutes to do this, or something will happen to your account.".
•    Psychological pressure using FOMO - Scamsettes try to induce FOMO (fear of missing out) to make you make quick decisions without giving them much thought. 
•    Technical manipulation - Here, they use technology against you. It could be by gaining remote access to your devices, logging keystrokes, or using malware to steal sensitive information. 

Warning Signs and Red Flags of UPI Frauds

There are several common denominators when it comes to UPI scams. And these red flags are often easy to spot.
•    Any call, message, or email asking for sensitive information - No legitimate institution will ask you for sensitive information outright. In fact, most now place alerts on their home page, alerting users regarding this. If this happens, it's most likely a scam. 
•    Spelling mistakes and poor grammar - Any email or message that contains a ton of spelling mistakes or has bad or nonexistent use of grammar is probably a scam. Do not click on any links that come in these communications. 
•    Offers that are too good to be true - Out of the blue messages offering cashbacks and refunds are another red flag to be on the lookout for. If they are accompanied by a "collect" request, ignore and delete the message right away. 
•    Apps requesting updates outside of the Play Store and Apple Store - All legitimate apps will auto-update directly from their respective stores. If one is attempting to update from a third-party source, it's probably a fake app. Uninstall it immediately.

Steps to Take If You Are a Victim of UPI Fraud

In the event you have become a victim of a UPI fraud, this is what you must do -
•    Contact your bank immediately - Use the customer care number or visit the nearest branch to report the fraud. 
•    Block your UPI ID and linked accounts - Most apps have a “Report Fraud” or “Block” option. You can also log into your banking app and "Deactivate" your UPI ID. 
•    File a complaint with NPCI - Use the UPI complaint portal to register the complaint. 
•    Report to the National Cybercrime Portal - Do the same on the National Cybercrime Portal. 
•    Lodge an FIR Locally - You also need to file an FIR at your nearest  police station along with the acknowledgement of the report filed on the Cybercrime portal. 
•    Keep records of all fraud-related transactions - Keep all  messages, screenshots, call recordings, and transaction IDs handy to help with the complaints. 
•    Continue monitoring your accounts - Continue monitoring your bank accounts to ensure there are no other suspicious transactions after all the measures you have taken. 
Also Read - Top 5 UPI Features You Didn’t Know You Could Use to Simplify Your Monthly Budget 

Is Sharing Your UPI ID Safe: Understanding Risks and Practices

Sharing your UPI ID is safe. Think of it as sharing your bank details to receive funds. However, sensitive information like passwords, OTPs, and UPI PIN must never be shared under any circumstances. 

RBI Guidelines on Unauthorised UPI Transactions and Consumer Protection

According to RBI guidelines, if you: 
•    Raise a complaint within 3 days - You will receive the entire amount back (if you can prove you didn't contribute to the fraud through negligence).
•    Raise a complaint between 3 and 7 days - You will be liable between ₹5,000 and ₹25,000. The balance will be credited to you. 
•    Raise a complaint after 7 days - The bank is not liable to refund anything to you. 
The RBI has also mandated that all payment system operators, including UPI apps, must have a robust grievance redressal mechanism. If your bank doesn't resolve your complaint satisfactorily (within 30 days), you can escalate it to the Banking Ombudsman.

Stay Safe From UPI Frauds

UPI is here to stay, and you can continue enjoying its perks stress-free as long as you stay alert. Awareness is the first line of defence, and you should know all the red flags to avoid being scammed. Spread this awareness to protect everyone you know as well. 
As is the case with UPI, you also need to rely on legitimate apps when it comes to loans. Hero Fincorp offers instant personal loans via verified loan apps on Android and iOS. The process is digital, paperless and transparent, and you can get the funds you need in under 24 hours.
Skip the scam. Tap for a safe, instant personal loan with Hero FinCorp.

Frequently Asked Questions

1. What should I do if money is debited due to UPI fraud?

In the event of a UPI fraud, notify your bank immediately, block or deactivate your UPI either from the UPI app or the bank app. Then file complaints with NPCI and Cybercrime portals, followed by your local police station. 

2. Are all UPI apps equally secure?

Yes, all UPI apps, when downloaded from official app stores, i.e, the Google Play Store or the Apple Store, are secure. 

3. How can I recognise a fake payment request?

If the sender's ID is unknown or if the offer is too good to be true, it's probably a fake payment request.