WhatsApp Scammers Use New Trick to Steal Your Bank and UPI Details

In a troubling trend, cybercriminals in India are using a sophisticated new scam on WhatsApp that can drain your bank account and UPI wallet in minutes. This scam, which combines social engineering with screen-sharing technology, tricks unsuspecting users into giving fraudsters direct access to their phone screens. Once they have this access, the scammers can see your sensitive information, including OTPs and UPI PINs, to steal your money. The scam starts with a call or a message from a number impersonating a bank official, a customer service representative, or a government employee. They create a sense of urgency, claiming there’s an issue with your account that requires immediate action. The fraudster then asks you to install a screen-sharing app and join a video call on WhatsApp.

Key Takeaways

• Scammers use urgency: Fraudsters create a sense of panic, pretending to be from a bank or a government agency.
• The trick is screen-sharing: They convince you to share your phone’s screen, claiming it’s for “verification.”
• They steal OTP and PIN: Once they can see your screen, they can view your OTPs and UPI PINs as you enter them.
• You lose money quickly: With this information, they can transfer money out of your bank account and UPI wallet.
• The solution is simple: Never share your screen with anyone and always be suspicious of unexpected calls or messages.

How the WhatsApp Screen-Sharing Scam Works

This fraud is a type of phishing attack, but with a modern twist. The scammer first gains your trust by posing as a representative from a well-known entity like your bank, an e-commerce company, or even a government department. They might claim your account has been frozen, your KYC details need to be updated, or you are owed a large refund. All these claims are designed to make you act fast without thinking. The fraudster then guides you to download a remote access or screen-sharing application from an unknown link or even a legitimate app store. Once the app is installed, they ask you to start a WhatsApp video call or share your screen through the app.

The moment you share your screen; they can see everything on your phone in real-time. The fraudster then walks you through a series of steps, like opening your mobile banking or UPI app. While you are on the video call, they can see you enter your UPI PIN or the OTP you receive on your phone to complete a transaction. The scammer can then quickly drain your accounts by initiating transactions from their side while watching you enter the codes on your end.

Protecting Yourself from the Scam

To protect yourself, you must be aware of how these scams work. The National Payments Corporation of India (NPCI), the entity behind UPI, has repeatedly warned users about the importance of keeping their UPI PIN and OTP confidential. Here are some critical steps to avoid this fraud:

• Never share your screen with anyone. No bank, government official, or company will ever ask you to share your screen. If someone asks, it is a scam.
• Do not respond to unknown numbers. Avoid answering calls or messages from suspicious numbers, especially those that pressure you to act quickly. Block the number and report it to the authorities.
• Be cautious of unsolicited links. Do not click on links sent by unknown people. These links can install malware or take you to fake websites designed to steal your information.
• Your UPI PIN is for sending money. You only need to enter your UPI PIN to send money, not to receive it. If someone asks you to enter your PIN to “receive” a payment, it is a scam.
• Enable two-factor authentication (2FA). For your WhatsApp account, enable 2FA for an added layer of security. This creates a six-digit PIN that only you know. Even if a fraudster gets your SMS code, they cannot access your account without this PIN.
• Report the fraud. If you have fallen victim to a scam, report it immediately to your bank and file a complaint with the cybercrime police on the government portal cybercrime.gov.in or by calling the helpline at 1930.

Staying alert and informed is the best way to safeguard your financial details. Remember, a bank or any financial institution will never ask for your confidential information.

Related FAQs

Q: Can a scammer drain my bank account just by having my phone number?

A: No, a scammer cannot drain your account with just your phone number. They need your confidential information like your UPI PIN, OTPs, or passwords. Scammers use social engineering to trick you into providing this information yourself.

Q: What is social engineering in the context of scams?

A: Social engineering is a psychological manipulation tactic used by criminals to trick people into giving up confidential information. Scammers impersonate trusted individuals or organizations to build trust and persuade their victims to take an action that is not in their best interest, like sharing their screen or OTP.

Q: Why is my UPI PIN so important?

A: Your UPI PIN is your Personal Identification Number. It is a 4- or 6-digit code you set up to authorize and approve UPI transactions. It acts as your digital signature and is the final step in a transaction. Sharing it with anyone is like giving them permission to access and transfer money from your bank account.