🚨 What the report is saying
A cybersecurity company CloudSEK has warned that fraudsters are now using advanced techniques to bypass UPI app security systems and steal money.
This is serious because UPI is widely used across India for daily payments.
🧠 How the fraud is happening (simple explanation)
Fraudsters are not hacking banks directly. Instead, they are targeting your phone and behavior:
1. 📲 Screen-sharing / remote access apps
They trick users into installing apps like:
- AnyDesk
- TeamViewer
➡️ Once installed, they control your phone remotely and approve payments themselves.
2. 🧾 Fake payment requests (Collect request scam)
- You receive a “payment request” instead of money
- It looks like you’re getting paid, but actually you are sending money
3. 🪪 Fake apps / APK files
- Fraudsters send apps via WhatsApp or SMS
- These apps look like real UPI apps but steal:
- OTP
- PIN
- SMS data
4. 🔐 Overlay attacks (new advanced method)
- A fake screen appears on top of your real UPI app
- You think you’re entering your PIN safely
- But fraudsters capture it in the background
👉 This is likely what the report refers to as “bypassing security”
⚠️ Why this is dangerous
Even though UPI apps have strong security:
- Device binding
- PIN protection
- OTP verification
➡️ Fraudsters are bypassing YOU (the user) instead of breaking the system.
🛡️ How to stay safe (VERY important)
✅ Never do this:
- ❌ Don’t install apps sent on WhatsApp
- ❌ Don’t share screen with unknown person
- ❌ Don’t approve “collect requests” without checking
- ❌ Don’t share OTP or UPI PIN (even with bank officials)
✅ Always do this:
- ✔️ Install apps only from Play Store
- ✔️ Check payment screen carefully (Pay vs Receive)
- ✔️ Use app lock / biometric security
- ✔️ Keep your phone updated
💡 Golden Rule
👉 No one can debit your account without YOU entering UPI PIN — unless you are tricked
🧾 If you get scammed
Immediately:
Inform your bank
Call 1930 (Cyber Crime Helpline in India)
Report on: https://cybercrime.gov.in