In a strange case of UPI fraud, a Noida-based man has lost nearly Rs. 7 lakh from his bank, without even owning a smartphone.
The victim, Mohan Lal, has claimed his account was wiped clean over last two months and he didn't even get a single message regarding the same.
The matter has been referred to cyber cell, but here's what might have happened.
Seven transactions over two months, but no notification
In his complaint, Lal has alleged that as many as seven UPI-based transactions were initiated from his SBI account since September 29.
However, despite that, he didn't receive a single text alert about the money pouring out from his account.
"It was on December 4 when I visited an ATM to withdraw some money that I found out the fraud," he told TOI.
So, what might have happened?
While speaking to TOI, Lal said he didn't own a smartphone - a fact that implies he didn't have a UPI account.
But, here's the thing. Your number remains linked to your bank, even if you don't own a smartphone.
And, when your number is linked, all hijackers need is access to your SIM to carry out a UPI-based attack like this.
But, how can they gain access to SIM?
Fraudsters can gain unauthorized access to your mobile number by employing the infamous SIM swap technique.
They may call you posing as some company representative and lure you into authorizing a SIM swap request.
Following this, their duplicate SIM would be activated with your number, which they could use to create a regular UPI account (with the target's account) and transfer money.
Statement from a cyber cell officer on such attacks
"Hackers can get a duplicate SIM from a mobile store by blocking the original one," a Cyber Cell officer told TOI. "They can also clone the SIM card of those who already using the UPI app and transfer money after downloading the app."