Bengaluru: A relatively new kind of cyber theft via UPI (
Unified Payments Interface) apps like
Google Pay is coming to light in Bengaluru. The rising popularity of such apps, coupled with users’ unfamiliarity with a certain feature in them, could be responsible for many falling victim to the fraud, say experts.
A senior oficial of the
cybercrime police station confirmed that thefts of this nature have been reported at the station in the past few months, although he could not give the count.
In such cases, typically, criminals say they will pay for a product via a UPI app, and then exploit the ‘collect request’ feature of the app that enables a user to request for payment. The victims respond to the request thinking they are receiving money, when, in fact, they are transferring the amount to the fraudsters.
Sneha Anand (name changed on request), a resident of Jigani, lost ₹28,809 to the fraud on June 26. She had uploaded an online advertisement to sell a bicycle. She received a call from a man saying he was interested and claiming to be a Central Industrial Security Force (CISF) personnel deployed in Mumbai. Impersonating defence personnel to convince victims is a commonly used ploy by scamsters to gain trust.
The caller said he wanted to make the payment via the UPI-based app Google Pay and asked Sneha to share the
QR code linked to her account. “I was using Google Pay for the first time, so I did not understand the threat involved and shared the code,” she said. Armed with the code, the caller then proceeded to make multiple transactions from her account. For some time, Sneha thought money was being added to her account.
On visiting the cybercrime police station to lodge a complaint, Sneha found a few other complainants scammed in a similar way. Multiple frauds using the same method have been reported from Mysuru, Thiruvananthapuram and Mumbai as well.
A Google spokesperson said the growth of digital payments has brought on a lot of new users who might not have made digital transactions earlier, making them, especially those in the older age groups, vulnerable to fraud. “Secondly, the ‘collect request’ feature is unique to UPI, and, hence, not a lot of users are familiar with how it works. However, on Google Pay, we are careful to be very explicit about the direction of money flow,” the spokesperson said.
An alert is issued on the app when a user gets a ‘collect request’ from someone not on the user’s contact list. “There are also machine learningbased fraud prevention models in the backend. For instance, if a new user is suddenly raising a lot of collect requests to various IDs, that person’s account is blocked for review and only cleared if it is certain that the transactions are legitimate,” the spokesperson said.