Skip to content
Home » How UPI and VPA Scams work

How UPI and VPA Scams work

UPI, which was created by NPCI, is basically an immediate real-time payment system that makes peer-to-peer and person-to-merchant transactions between banks possible. One can easily keep track of all transactions made using an ID thanks to the UPI address, a virtual identity that is exclusive to each person.

UPI enables you to securely conduct transactions using only the recipient’s UPI ID by connecting your bank account to mobile applications like Google Pay, PhonePe, PayTM, BHIM, etc.

UPI ID, also known as a Virtual Payment Address (VPA), reduces the risk of fraud because it does not include any sensitive information, as opposed to net banking where account numbers and IFSC codes must be shared.

Scammers and Digital Payments

Scammers may abuse UPI, a tool for quickly moving money between bank accounts. Don’t participate if you don’t know a UPI address or aren’t sure about the information supplied because fraudsters are getting smarter every day.

Scammers construct phony websites or applications in UPI scams. They send you these links by SMS or email, and when you open them, they take you to an app that supports UPI and has a pre-filled payment amount.

The fraudulent program is simple to download and closely resembles the legitimate bank app. If you unintentionally download and install the bogus program, it will provide criminals access to your private account information and let them steal your money.

Never give out your UPI PIN to a stranger, click on links in emails from suspicious senders, or download UPI apps from unverified websites.

Keep an eye out for any strange activity in your bank’s transactions and statements, and notify them right away.

Major Fraudulent Behaviors

One should be alert of the following fraudulent behaviours:

Phishing
Phishing is one of the most common types of fraud, in which con artists send SMS messages with phony payment links. Customers may foolishly click on the link that takes them to the UPI payment app that is loaded on their phone and prompts for an auto-debit because these phony bank URLs will seem quite similar to the actual URL.

Malware
By clicking on unknown URLs that are obtained from a fraudulent e-mail attachment or an unsafe website, consumers might fall victim to malware, another common type of cyber fraud.

A SIM clone
Here, after cloning a SIM, the scammer may quickly reset the targeted user’s UPI ID due to his access to the user’s bank account information and ID proof.

Vishing
In this scenario, scammers might phone or communicate with the targeted person while pretending to be a bank official. After gaining the potential victim’s trust, these people collect sensitive personal information, such as a UPI PIN or password, under the pretext of updating KYC or another related formality.

upi/vpa scams
UPI / VPA scams through digital payments

While UPI is unquestionably one of the safest and most secure systems for cashless transactions, users still have a responsibility to follow safety standards and procedures.

Customers in the UPI incident become victims of scammers because to their own ignorance and lack of awareness. Such UPI / VPA scams can be reported on ScamYodha (www.scamyodha.com).

The main objective is to jointly assist the vulnerable and less informed of these threats in order to prevent financial or other losses. You can download the android version of scamyodha app from play store.