As digital payments become a daily habit for millions of Indians, cybercriminals are increasingly targeting users of Unified Payments Interface (UPI). Investigators and cybersecurity experts warn that fraudsters are using deceptive tactics such as fake payment requests, QR code scams and impersonation of customer support agents to steal money from unsuspecting victims. Authorities say many complaints received through the National Cyber Crime Reporting Portal involve victims unknowingly authorising transactions after being manipulated by scammers.
UPI has transformed instant payments in India, allowing users to send money quickly through smartphones. However, the system’s simplicity and massive adoption have also made it a major target for cybercrime. Experts say criminals often rely on psychological pressure and misinformation to trick people into approving payments. One common method is the collect request scam, where victims are told they must enter their UPI PIN to receive money, while in reality the PIN authorises a payment. Another tactic is the QR code scam, where users are asked to scan a code to receive refunds or payments, but the action actually triggers a transfer from the victim’s account.
Cybercriminals also use impersonation tactics. In fake customer care scams, fraudsters pretend to represent banks or payment apps and ask users to share OTPs, UPI PINs or enable screen-sharing access. In another scheme known as the wrong transfer scam, criminals claim they mistakenly sent money to a victim’s account and urgently ask for it to be returned to another account. Experts say these scams are increasing partly because many users are unaware that a UPI PIN is required only when sending money, not when receiving it. Fraudsters often obtain phone numbers from leaked databases or social media before targeting victims with customised scams.
Cybersecurity authorities recommend several safety measures to reduce risks while using UPI apps. Users should remember that a UPI PIN is required only for sending payments, always verify the receiver’s name before confirming transactions and never allow unknown individuals to access their device or install screen-sharing apps. They should also avoid clicking suspicious links or payment requests and set daily transaction limits. If a user becomes a victim of fraud, officials advise immediately contacting the bank, calling the national cybercrime helpline at 1930 and filing a complaint through the cybercrime reporting portal. Officials say quick reporting increases the chances of freezing fraudulent accounts and recovering funds. Recent incidents include stolen phone-based UPI fraud uncovered in Aligarh, fraudulent transfers from an engineer’s accounts in Udupi and government data showing ₹805 crore lost to UPI scams this year.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
