July 2, 2022
UPI Hack

Latest Methods Which Hackers Use To Hack UPI/PhonePe/GooglePay/BHIM And How To Prevent

Share This Article

Introduction

If you live in India, you will definitely hear about this hack. Those people who become the victim of this hack complains about money getting deducted from their bank accounts using their UPI IDs. About two-three years ago, Hackers transfer the money from bank account by getting your details of your Debit/Credit Card but over time, people came to know about it. This method was difficult for hackers because they had to call you first then ask for your card details after that they had to convince you for OTP. But as soon as UPI launched in India, they changed their techniques to hack bank account. So today we are sharing the latest methods/techniques which hackers are using now a days so that you can prevent yourself from getting hacked.

What is UPI?

UPI stands for Unified Payments Interface. It is an instant payment system which is developed by  National Payments Corporation of India. UPI was launched on 11th April 2016 by Dr. Raghuram G Rajan, Governor, RBI at Mumbai. The interface is regulated by the Reserve Bank of India and used to transfer money between two bank accounts. At present more than 150 banks are live members of UPI. For using UPI, You should have a UPI client app and by using UPI you can send or request money. You can send/receive money using following methods-

  1. Virtual Payment Address (VPA) or UPI ID
  2. Mobile number
  3. Account number & IFSC
  4. QR Code
  5. Aadhaar

Why We Use UPI/PhonePe/GooglePay/BHIM ?

We use UPI or UPI apps like PhonePe, GooglePay, BHIM because by using these apps we can send or receive the money within a minute without wasting time for OTP. UPI came into the trend at the time of demonetization in India.

How To Get Started With UPI

There are some steps by which you can start UPI.

  1. Download UPI app (Like BHIM, Google Pay, Phone Pe, etc.)
  2. Install the UPI App.
  3. Setup App (Give required permissions)
  4. Create Your Virtual Address. (e.g. 9876543210@ybl)
  5. Add your bank account.
  6. Set UPI Pin. ( 6 digit number)
  7. Start transacion using UPI.
ALSO READ  How To Create A Folder Without Name In Windows

How Hackers Get Your All Information

They are using these two method-

  1. They call the victim and get information.
  2. Or Victim installed an app for transactions from an un-authorized store or website which is vulnerable and that app sends all your information to them.

What Hackers Can Do With Your Information

If they got your information like your Debit/Credit card number, Expiry date, CVV then they can convince you to share your OTP by making you a call and transfer money from your account. Your all information will be shared with their network and you will get fraud calls frequently.

If you installed any vulnerable app then they can access your OTP automatically because at the time of installation you have given permission of SMS access to that app. If your card information is available

Generally, we never bother about permissions of any app during installation but we should check whether that app is really required all permissions which it asks?

Hack UPI/PhonePe/GooglePay/BHIM

How Do They Do It

Incident No 1.

Before that, I will tell you about an incident which is happened to one of my friends.

Few days ago, my friend received a call from an unknown number (From Mobile Number not from Landline). He introduced himself as his Brother-In-law and asking for help and told my friend that he wants to transfer money to his friend who is in an emergency but all banks are closed and his UPI app is showing error during transaction. Then he gave an idea that first, he will transfer money to my friend’s account and after that, my friend will transfer to his friend’s account who is in an emergency.

During this conversation, he convinced my friend then told my friend that he will send his PhonePe account link, and by using that link my friend will receive 20000 rs. in PhonePe which he has to transfer. Here is the screenshot of that link.

Hack UPI/PhonePe/GooglePay/BHIM

If you look at the link, it seems original because it consists of HTTPS (Hyper Text Transfer Protocol Secure) and in URL, PhonPe is mentioned. But if you focus on spelling it is PhonPe not PhonePe.

ALSO READ  What is Dark Mode? How to enable dark mode on various platforms?

Now the question is- Is this link genuine? Though the link looks genuine but it isn’t because if you focus on its URL i.e. https://phon.pe/xocwrppi, you will see that it looks like a Shortened URL.

And the second thing is to receive money in Phone Pe, you need not to click on any link. You have to send your number, UPI ID, or QR code to the sender and by using any of the method sender can send you money.

Now coming to the incident after getting the message, my friend clicked on the link and as it looks, it is a shortened URL, and the URL redirects to the Phone Pe App.

After redirection, an alert popup displayed in the Phone Pe app for the transaction of money. Thereafter my friend entered his UPI pin for transaction and money got debited from his account.

Lesson From This Incident

  1. Don’t believe anyone easily on a phone call and if you have any doubt then ask him/her for video call so that you can identify him/her.
  2. Understand the basics of the UPI app. So that you can easily understand and alert yourself from fraud.
  3. Read all alerts and Popups carefully.
  4. Do not click on unnecessary links.

Incident No 2

This incident happened with a boy named Roshan. A few days ago, Roshan was going to market for purchasing some grocery items for the home. On the way to the market, he saw a dog that looked ill so he decided to help the dog.

To help the dog, he searched for Animal Welfare Organisation on the Internet. After that, he called one of them. One of the representatives of that Animal Welfare Organisation attended the call and asked for any kind of help. Roshan told about that dog and requested to help the dog. That representative asked all details ( Place, City, etc.) and told Roshan that he has to pay 10 Rs (Ten Rupees Only) for welfare funds.

ALSO READ  How to Send WhatsApp Messages Without Saving Number On Android, iOS and PC

Roshan agreed to pay 10 rs because it was a tiny amount. The representative sent a link to his number and asked Roshan to pay via that link. Roshan opened that link and the same as Incident 1, that link redirected to PhonePe. Roshan entered his 6 digit UPI PIN and paid 10 rs.

Everything was going well till now but after 5 minutes, Roshan received a message from PhonePe about the deduction of 5000 rs. but Roshan didn’t make any payment. After 2 minutes he again received a message about the deduction of 7000 rs. Until he can understand something, his account became empty and he could not do anything.

So what was wrong in that link? That link was not genuine and as Roshan entered his PIN, the PIN went to the spammer. After getting his PIN, spammer emptied the account of Roshan.

Lesson From This Incident

  1. Understand the basics of the UPI app. So that you can easily understand and alert yourself from fraud.
  2. Read all alerts and Popups carefully.
  3. Do not click on unnecessary links.

How To Prevent Yourself

  1. Always use a caller id app because the caller id app tells about spam numbers.
  2. Don’t believe anyone easily on a phone call if it is a matter of money.
  3. Never share personal info over the phone like Credit/Debit card details, CVV, Expiry, or UPI PIN.
  4. Download any app from authorized stores or websites.
  5. Don’t click on any forwarded link because it may contain malicious codes.
  6. Lock all sensitive apps with app locker.
  7. Check permissions of apps that you are going to install.
  8. Never allow any app to read your SMS.
  9. Never use public WiFi for any kind of transaction.
  10. Understand the basics of the UPI app.
  11. Read all alerts and Popups carefully.

What To Do After If You Become A Victim

  1. Lodge an FIR in the nearest police station.
  2. Block that Credit/Debit card.
  3. File a complaint with the Cyber Crime Department.
    https://cybercrime.gov.in

talktogeekbro

We are Tech Bloggers. We develop, gather and disseminate technical and gadget's information to our visitor in very easy methods.

View all posts by talktogeekbro →

3 thoughts on “Latest Methods Which Hackers Use To Hack UPI/PhonePe/GooglePay/BHIM And How To Prevent

Leave a Reply

Your email address will not be published.