UPI, Payment Wallet Fraud Alert! What are rogue banking apps and how to spot them? Know the safety tips

Fraudsters misuse the request feature on UPI by sending fake payment requests with messages like Enter your UPI PIN to receive money, Payment successful receive Rs XXXXX, etc. The customers need to enter PIN only for sending money. Do not Pay or enter your UPI PIN to receive money. Do not transfer funds without knowing to whom you are transferring. Ensure due diligence 

Fraud via QR Code  

Similarly, fraudsters share a QR code over WhatsApp asking for the code to be scanned to receive money in their account. Once the QR code is scanned on the mobile, all the banking credentials get shared with the fraudsters. QR code scanning is like granting banking controls to fraudsters. QR code needs to be scanned only to make payments. So, never scan QR code for receiving payments. Never share your UPI wallets PIN, card details like PIN, One-Time Password (OTP), CVV, expiry date, grid value, types of card (Visa, Mastercard, Rupay, etc.) to anyone even if the person claims to be from bank. 

At the same time, fraudsters lure the customers to download screen sharing/remote access apps like ’Screenshare’, 'AnyDesk', ‘Team Viewer’, etc. from Play Store or App Store. There are more apps similar to these apps that help in providing remote access of devices to other users. These apps are not malware, but they do grant access to your mobile data to a third party. Once the app is downloaded, a 9 or 10-digit number (app code) gets generated on the customer's mobile/ device which the fraudster would ask the customer to share.  

Once the fraudster inserts this 9-digit app code on his/her device, then s/he would ask the customer to grant certain permissions which are similar to what is required while using other apps. Post this, the fraudster will gain access to the customer’s device. Then, the customer shares the mobile app credentials and the fraudster can do the transaction through the mobile app which is already installed on the customer’s device. So, never download third-party apps such as Screenshare, Anydesk, Teamviewer, etc. based on-call requests from an unknown person even if the caller claims to be from Bank or wallet company. Never download any application/ UPI app/ payment wallet recommended/ requested by any unknown person.  

Fraud via Social Media 

Moreover, fraudsters track complaints in social media and share fake contacts or impersonate bankers or RBI officials in response to a post and ask for confidential information which no banker is supposed to ask for. Do not search for helpline numbers on Google, Facebook, Twitter. Instead, check the official website. 

Likewise, fraudsters manage to get a duplicate SIM, which provides them access to one-time passwords. They do this by pretending to be from a mobile company and asking you to forward an SMS containing the SIM card number to activate the duplicate SIM. Do not respond to texts, e-mails from unknown addresses to click on links.

See Zee Business Live TV Streaming Below:

Rogue Banking Apps 

Rogue banking apps are illegitimate or look-alike banking apps with embedded malware with an intention to steal sensitive/critical data or banking credentials. These may be generally available online as freeware. 

Cybercriminals are known to imitate legitimate versions of apps and embed them with mobile malware – an act called Trojanizing. These malicious apps are designed to look like real mobile banking apps. Cybercriminals use different tricks like using the same images and icons and closely imitating the publisher’s name 

Some rogue mobile apps may come with well-written legal terms usually highlighting the fact that the app may charge you. Even if these legal terms make the app seem legit, its best you read them carefully. 

The rogue app can drain your phone battery really fast. So, battery running low frequently might be a sign of infection with malware or virus.  Check your phone bill periodically and keep tabs on any suspicious activity. If you spot unusual activity in your phone or in your bill, contact your mobile network provider. Check the app’s download page for inconsistencies or misspellings. Those are tell-tale signs of a fake.