What is Screen Sharing Fraud and How Is It Done via UPI?

What is UPI and Why is it a Target for Fraud?

Have you ever received a call from someone claiming to be from your bank or a popular company, offering to fix a problem with your account? This is often the first step in a dangerous scam. Screen sharing fraud is a trick where a scammer convinces you to share your mobile phone's screen with them. They do this to see your private information, like your UPI PIN, and steal your money. It uses social engineering, not hacking, to gain access to your accounts.

First, let's quickly cover what is UPI. UPI stands for Unified Payments Interface. It is an instant real-time payment system developed in India. It lets you link multiple bank accounts to a single mobile application. You can send and receive money, pay bills, and shop online using just a UPI ID or by scanning a QR code. Its convenience has made it incredibly popular, but this popularity also makes it a big target for fraudsters.

Scammers love UPI because transactions are instant and often irreversible. Once the money is gone, getting it back is very difficult. They don't need to hack complex bank systems; they just need to trick you into revealing your sensitive details.

How Does Screen Sharing Fraud Actually Work?

The scam doesn't start with technology. It starts with a conversation. A fraudster will call you with a carefully crafted story. They might pretend to be a customer service agent from your bank, your mobile wallet provider, or even a tech support company.

The Hook: Creating a Fake Problem

The scammer creates a sense of urgency or panic. They might say things like:

• "Your KYC has expired and your account will be blocked."
• "You have won a lottery, and we need to verify your account to send the prize money."
• "There is a technical issue with your payment app, and I need to guide you to fix it."
• "We are issuing a refund for a failed transaction, please follow my steps."

Their goal is to make you trust them and believe you need their help immediately. They sound professional and convincing.

The Tool: Installing the Screen Sharing App

Once they have your trust, they will ask you to install an application from the app store. They will name popular and legitimate screen sharing or remote desktop apps. Some common examples include AnyDesk, TeamViewer, or ScreenLeap. These are not malicious apps themselves; they are genuine tools used by IT professionals for remote support. The scammer exploits their features for a criminal purpose.

They will guide you through the installation process. After you install the app, it will generate a unique access code. The scammer will ask you for this code. When you give it to them, you grant them permission to see everything on your phone screen in real-time. You are essentially showing them your digital life.

The Theft: Capturing Your UPI PIN

This is the final and most critical step. With live access to your screen, the scammer will ask you to open your UPI payment app. They will tell you to perform a specific action, like entering an amount for a “refund” or to “verify” your account.

As you open your app and navigate to the payment screen, they are watching every move. When the app asks for your confidential 4 or 6-digit UPI PIN, you will type it in. Because they are watching your screen, they can see the numbers you press.

Once they have your UPI PIN, it's game over. They can now:

1. Use the PIN to approve transactions from your account.
2. End the call, leaving you confused.
3. Quickly transfer all available funds from your linked bank account to their own accounts.

An Example Scenario: The Fake KYC Update
Rohan gets a call from someone claiming to be from his e-wallet company. The caller says Rohan's KYC is incomplete and his wallet will be blocked in 30 minutes. Panicked, Rohan follows the caller's instructions. He downloads the 'ScreenShare' app and gives the caller the 9-digit code. The caller then asks him to open his UPI app and send 1 rupee to a specific number to 'verify' the account. When Rohan enters his UPI PIN, the scammer sees it. Seconds later, Rohan receives messages that thousands of rupees have been debited from his bank account.

How to Protect Yourself from UPI Screen Sharing Scams

Prevention is your strongest defense. Scammers rely on your fear and lack of awareness. By following simple rules, you can keep your money safe.

Simple Rules to Follow

• Never Share Your Screen: No legitimate bank, wallet company, or service provider will ever ask you to download a screen-sharing app to solve a problem. This is a massive red flag. Just hang up.
• Never Share Codes or PINs: Your UPI PIN, OTPs, and any access codes from apps like AnyDesk are private. Never share them with anyone over a call, text, or email.
• Verify the Source: If you receive a call about an account issue, hang up. Find the official customer care number from the company's official website and call them back yourself to verify the claim.
• Be Wary of Urgency: Scammers create fake emergencies to make you act without thinking. Always take a moment to pause and consider the request. Is it logical?
• Check App Permissions: Be mindful of what permissions an app asks for. A simple game shouldn't need access to your contacts or SMS messages.

For more information on safe digital transactions, you can refer to the Reserve Bank of India's public awareness initiatives. Their BE(A)WARE booklet provides valuable information on various financial frauds.

What to Do If You Become a Victim

If you suspect you have been scammed, you must act fast. The sooner you report it, the higher the chance of potentially recovering some of your money.

1. Call Your Bank: Immediately contact your bank to report the fraudulent transaction and request them to block your account or card.
2. Report on National Cyber Crime Portal: File a complaint on the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call the helpline number 1930.
3. Inform the UPI App Provider: Report the incident to the customer support of the UPI app you were using (e.g., GPay, PhonePe, Paytm).

Staying vigilant is the key. UPI is a powerful tool for payments, but its security ultimately depends on you, the user. By understanding how scams like screen sharing fraud work, you can easily spot the danger and protect your hard-earned money.