UPI Account Hijack via Unclaimed Funds Message

How UPI Account Hijack via Unclaimed Funds Message Works

Overview: In this scam, criminals use the buzz around unclaimed assets to send fraudulent messages claiming you’re due a refund or dormant account payout. The catch: to 'process' the recovery, they ask you to share your UPI PIN, authenticate a payment collect request, or install a remote access app. This puts anyone with a UPI-linked mobile number at risk of having their accounts cleaned out within minutes. The scam is especially dangerous as UPI is trusted and commonly used across India. How It Works: After receiving a message or call about a dormant account payout, the scammer instructs the victim to approve a small UPI collect request (“We just need ₹1 to verify your UPI ID”). Accepting the request gives the fraudster access to withdraw higher sums, or the victim is tricked into sharing their UPI PIN, after which multiple high-value transactions occur. India Angle: This pattern is rampant in states with high UPI adoption—Maharashtra, Delhi, Karnataka, Tamil Nadu, and West Bengal—and especially among those over 45 who may not fully understand digital payment safety. Real Examples: WhatsApp: “Dear customer, your ₹52,130 unclaimed FD will lapse in 24 hours. Claim via UPI now—enter your PIN for verification. Click: [suspicious link].” Phone call: “Sir, RBI asset refund—approve ₹1 collect request for processing.” Red Flags: - Any request to share, enter, or verify your UPI PIN - Urgent instructions to approve UPI collect requests - Claim that nominal transfers are needed to 'unlock' a much bigger sum - Caller or sender using unofficial email/phone/chat channels Protective Measures: Never share your UPI PIN or approve collect requests from unknown parties. UPI refunds do not require verification payments. Use the official UDGAM or other regulator sites for all claims. If in doubt, consult your bank branch directly. If Victimised: Call your bank's helpline to freeze the account, report to 1930 and to cybercrime.gov.in. File a complaint with RBI if a UPI-linked deposit was compromised. Related Scams: - UPI Lottery Refund Scam - KYC Expiry WhatsApp Scams - Remote Access App Frauds

How This Scam Works — Detailed Explanation

Scammers often use social media platforms such as Facebook, Instagram, and even WhatsApp to identify and approach potential victims. They scan for individuals who may have expressed financial concerns or who openly discuss finances or investments. Once they spot a target, they craft tailored messages that play on the buzz around unclaimed assets, often using familiar phrases or social engineering techniques to lower the recipient's defenses. These messages typically claim the recipient is due a refund for dormant UPI-linked accounts, enticing victims with the promise of easy money to manipulate them into a quick response.

The tactics employed by these fraudsters leverage common psychological tricks such as urgency, fear of missing out, and a simple allure of getting money back. They often create a sense of legitimacy by including terms like "government approved" or "RBI guidelines," influencing victims to trust their narrative. The scam may suggest that failure to act could lead to losing out on what rightfully belongs to them, which prompts victims to take hasty actions. By urging individuals to share their UPI PIN or approve what they claim to be a small payment to unlock larger returns, scammers exploit the urgency to benefit from lack of caution.

Once victims fall prey to these traps, the process usually unfolds rapidly. Initially, victims receive what appears to be official communication via WhatsApp or SMS, instructing them to provide sensitive information like their UPI PIN or to approve a payment request from an unknown number. For instance, a victim might receive a message claiming their ₹50,000 refund is pending, but they need to share their UPI PIN to unlock it. After sharing this information, they often see unauthorized transactions on their UPI-linked accounts almost immediately, leading to significant financial losses. Real-life cases have emerged where victims lost crores due to these scams. Reports reveal that individuals lost approximately ₹100 crore to similar UPI-based scams in 2023 alone.

The impact of such scams on the Indian populace is critical, especially as the prevalence of digital payment systems like UPI continues to grow. With over 460 million monthly UPI transactions valued at approximately ₹7 lakh crore, the stakes are high for scammers as they exploit this rapid shift towards cashless transactions. Regulatory bodies like CERT-In and the RBI have issued advisories, emphasizing the necessity for consumers to verify communications claiming to be from banks or government agencies. Financial loss is only part of the equation; the emotional distress and loss of trust in digital transactions can hinder the broader adoption of secure financial technology, as evidenced by rising consumer hesitance.

To differentiate between legitimate communication and scams, it’s crucial for users to remain vigilant. Genuine bank messages will not ask for your UPI PIN, personal identification details, or approval for transactions from unfamiliar contacts. Instead, customers should independently verify any claims regarding refunds or account verification by directly contacting their bank through known helplines, such as SBI's 1800-11-1109 or HDFC's 1800-202-6161. Being equipped with this knowledge can significantly lower the risk of falling victim to scams that leverage the innocent trust that many place in digital payment systems.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does UPI Account Hijack via Unclaimed Funds Message Target?

General public across India

Red Flags — How to Identify UPI Account Hijack via Unclaimed Funds Message

• Requests for your UPI PIN under any pretext
• Instructions to approve UPI collect requests from strangers
• Promise of large refunds unlocked by a ₹1 payment
• Unfamiliar WhatsApp numbers or email IDs

What To Do If You Encounter UPI Account Hijack via Unclaimed Funds Message

1. Report any suspicious messages immediately to 1930 or use cybercrime.gov.in.
2. Do not share your UPI PIN or approve payment requests from unknown numbers.
3. Contact your bank's customer service helpline to verify any questionable transactions.
4. Educate your family and friends about these scams and alert them to avoid becoming victims.
5. Change your UPI PIN and any linked passwords immediately if you've shared sensitive information.
6. Monitor your bank statements and transaction history regularly for any unauthorized activity.

How to Report UPI Account Hijack via Unclaimed Funds Message in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my UPI PIN in a scam?

Immediately contact your bank helpline to block any unauthorized transactions and report the incident to cybercrime.gov.in.

How can I identify the UPI Account Hijack via Unclaimed Funds Message scam?

Look out for messages asking for your UPI PIN or prompting you to accept payment requests from unknown numbers.

How to report this type of scam in India?

You can report scams to the cybercrime helpline 1930 or visit cybercrime.gov.in to file a complaint.

How to recover money or protect accounts after falling for this scam?

Contact your bank immediately to block your account and inquire about recovery options, while also reporting to cybercrime authorities.

Related Scams in India

• Southeast Asian Job Offer Human Trafficking Trap
• Digital Arrest Scam Using Dark Web Data
• Forced-Task Scam Recruiting Indians
• Deep-Fake Emergency SWIFT Payment Scam
• Digital Arrest: Fake Police Call Extortion

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.