Team-BHP (https://www.team-bhp.com/forum/)

-   Shifting gears (https://www.team-bhp.com/forum/shifting-gears/)

-   -   Payment wallet scams (https://www.team-bhp.com/forum/shifting-gears/231437-payment-wallet-scams-2.html)

Someone I know lost a lot of money through this scam. He was selling some furniture on Olx. He got a call soon after posting the ad. The guy at the other end agreed to buy without negotiating. He sent some google pay link. My acquaintence clicked and the scammer got hold of almost 60k. This was in Mumbai. Police registered a case but notbing happened after that. It is difficult to believe that when you have the criminal's number and olx email id, the guy cannot be traced. Maybe Police themselves receive a cut from this.

'Amazon Pay' and 'Amazon Pay UPI' ? I don't know if they can technically be called 'linked', but one can do all UPI transactions from within 'Amazon Pay', including loading up the wallet. I find it convenient. Is their anything one should be concerned about in this set up?
.

I prefer to open a separate account for online transaction purposes. As others have mentioned in this thread, one can simply topup that account as per needs.

Linking that account across the digital payment apps minimizes the risk to some extent.

And it is always better to use credit card as much as possible for online transactions.

Nopes, police not needed/involved. Actually they can't really do a lot as this is out of their general area of expertise. This is a known and common scam (google it and you'll find hundreds of olx/quickr scam examples). I believe there's a thread on this on tbhp too.

Basically the guy at the other end sent a link to "receive" the money than "pay" the money, so your acquaintance most probably went through the process thinking he's getting paid whereas he was giving the go-ahead to debit money from his linked account.

A more "smart" way of doing this is the scammers put a <Pay user> message in the remarks that makes us believe that this is a credit transaction whereas it's actually a debit transaction request. With my limited understanding, to an extent, this is still legal as the individual are doing an allowed (hence legal) transaction via an existing payment channel/mode.

As I was saying to @gkveda earlier, it requires a naivety and quite a bit of carelessness on our part to be scammed via UPI than a technology/product issue.

For a long time, I have been using all the Payment Wallets to their fullest benefits, saved my credit card and debit card information and linked bank account.

Highly convenient and rewards like cashback flow all the time!.

Not faced a single issue yet :thumbs up.

Keep an eye out for scamsters, suspicious emails, messages and calls. That is all you need to do.

The way my friend described was that the money got added to Paytm Wallet and then subsequently sent over to MPL Gaming. I don't really know the exact sequence of events is.

Most of the frauds are due to ignorance and clicking on some unknown link. I have yet to come across any Paytm/ Gpay fraud where the victim was minding his own business, didnt share any link, didnt click on anything and money was just siphoned off from their bank account.
One of the most common methods is when people search for something on google (airlines, hotel booking etc), call the number posted there, share the otp with the caller.
OLx fraud is also one of the most common ones.

I agree, the money is deducted when a scammer gets access to the OTP or PIN. Smart scammers are able to get hidden applications installed on phones through unknown links that can read OTP and PIN. So, we need to be alert all the time and take multiple preventive measures. I already use the following strategies to prevent fraud but we all are still vulnerable. Scammers are like pocket thieves who would steal when they get the opportunity.

1. My email account linked to bank are not accessed via phone
2. The phone numbers for wallet and bank accounts are different
3. UPI is disabled on some of my bank accounts. I prefer using a bank account with less money for daily transactions.
4. Use credit card where possible because banks watch for frauds on them better than debit cards.
5. Disable international use on credit/debit cards by default and when not in use. RBI mandated it recently. It is more difficult to investigate international scammers such as money going to Somalia.
6. Where possible pay people using wallet by asking for phone number or UPI and avoid links altogether.

PayTM is especially terrible for stuff like this. The app doesn't allow you to make a strong password! Eight characters only, no special characters / symbols. Think about what a pathetically weak password you'll make no matter what. Can probably be cracked in under a second.

Aside from that, what happens when you get scammed / money stolen through PayTM, is that you often end up dealing with a circular firing squad of sorts:

PayTM: We're only a simple app. We're not a bank or anything lol. You need to raise this issue with your bank. We can't do anything.

Bank: There was no security issue from our end. This happened through PayTM, you need to raise this issue with them. We can't do anything.

I'm not saying that all banks do this, but I've seen this scenario unfold with many friends and co-workers.

Bottom line: PayTM in particular has absolutely terrible security and should be avoided. I honestly cannot understand why anyone trusts that app.

Once when I posted an item for sale on Olx and shared my number with a prospective buyer. The buyer calls me, readily agrees on the price set and is willing to Paytm me the money immediately. He suggests that I verify my Paytm by scanning a QR code he sent, which but obviously, is for DEDUCTING money. I say no. He insists that this is a new way to transfer money. I say no again and call out his BS. He turns abusive. I cut the call. He tries to Whatsapp video call me. I block his number and lodge a complaint with the National Cyber Crime cell. Post about the incident on Twitter, tagging Paytm and Olx.

Good people, never scan a QR code for receiving money.

I am confused too. UPI payments are done only after entering UPI pin. So basically our smartphone is like a debit card and our UPI pin is its's pin. In the case of google pay, there is an external pin too. I found google pay to be very safe and they don't ask OTPs.

This sir, is the best method to ring fence our bank details online. I follow the same approach, load up some money into both the paytm wallet and the paytm bank account and use it wherever credit cards are not accepted/convenient.
In addition I never save card details on any of the gateways/portals(or restrict to a CC with low limit), while this is a tad inconvenient, this to some extent safeguards us in the event of a data breach.

Yup! That's why I questioned @gkveda on what's the underlying point that he's assuming or considering. The OP clearly doesn't have all the facts (not even sure if it's a UPI or a wallet issue) so this thread's basis itself is a bit of a quandary - the only fact is somehow his friend was duped of 25k.

Honestly, if there's a genuine risk (ignoring mere stupidity/carelessness on the user's part) with UPI, I'd like to know for sure.

Care to expand?

To let go off the convenience of UPI or leaving debit card numbers on merchant websites after having used it for long is not practical. But the thing I have done is to have a separate the bank account for all these activities which operates on a minimum balance, and completely segregate it from your main account. I liked one suggestion in this group here about using separate phone numbers for UPI apps or generic merchandise shopping and for our sacrosanct bank transactions.

I think you are using an old version of Paytm. I think Paytm has the best security system now among the UPI apps.

• You can create really strong Passwords.
  
• No screenshots/screen recording
  
• Paytm wont open with Apps like TeamViewer, AnyDesk, etc installed.
  
• Give additional security to Paytm with your Phone fingerprint or PIN using Security Shield.

Please update your App.

Cheers!