PhonePe Blogs Main Featured Image

Trust & Safety

Protect Yourself from Top Up Fraud

PhonePe Team|2 min read|30 August, 2017

URL copied to clipboard

You get a call from someone claiming to be a representative from your bank, the RBI, an e-commerce site, or even a lottery scheme. After collecting a few details they ask you to share your 16 digit card number and CVV. You give them this information assuming the authenticity of the call.

You next receive an SMS with a code. The bank representative calls back and asks you to share this code for verification purposes. Once you do that, the fraudster’s wallet gets topped up with money from your account. Soon afterwards, this balance disappears and you realize that you’ve been scammed out of your money.

Important reminder — PhonePe never asks for confidential or personal details. Ignore all mails claiming to be from PhonePe if they are not from the phonepe.com domain. If you suspect fraud, please contact the authorities immediately.

What just happened?

  • The ‘bank official’ who called you was a fraudster. The details you gave them allowed them to initiate a wallet top up from your bank account.
  • The fraudster needed to authorize the payment with the OTP you received. Once you shared it, the fraudster was able to go ahead with the top up.
  • The fraudster’s wallet was topped up with money from your account, and the fraudster transferred it from their wallet to different bank accounts.
  • By dispersing your money to various accounts, the fraudster made it tougher for authorities to retrieve the stolen amount.

Here’s how you stay safe:

  • Do not share your bank account details (card number, expiry date, PIN) with anyone.
  • Never share OTPs or any other codes that you receive via SMS or other channels.
  • If you get a call from an unknown number claiming to be from a bank and asking for your personal details, do not entertain the call and just disconnect it.
  • Do not follow instructions given to you over the phone. Ask the caller to send an email with instructions instead.
  • Check the sender domain of the email. If it is [XYZ]@gmail.com or any other email provider domain, ignore the mail. Ensure the email domain matches the bank’s actual domain. All bank emails come from a secure https domain only.

Watch a video on transacting safely: https://youtu.be/4mXbF_r5K5A

Keep Reading