Cybersecurity experts warn of rising online banking fraud through phishing, fake UPI collect requests and remote access app scams, urging vigilance and prompt reporting.

Phishing, UPI Scams and Remote Access Fraud on the Rise, Experts Warn

The420 Web Correspondent
5 Min Read

With the rapid expansion of digital banking, UPI payments, mobile banking and online investment services across India, incidents of cyber-enabled financial fraud are also increasing. While banks continue strengthening their security infrastructure, experts say cybercriminals are simultaneously refining their social engineering techniques, making consumer awareness one of the strongest remaining safeguards against digital banking fraud.

Phishing and the UPI Collect Request Trap

Phishing remains one of the most common forms of online banking fraud, with cybercriminals impersonating banks through emails, SMS, WhatsApp texts or calls asking customers to verify accounts, update KYC details or complete security checks. Victims who click malicious links or disclose OTPs, passwords or card details unknowingly hand fraudsters direct access to their accounts.

UPI-related fraud has grown alongside the payment method’s own explosive scale, India now processes over 130 billion UPI transactions annually, and government data presented in the Lok Sabha recorded 13.42 lakh UPI fraud cases worth ₹1,087 crore in FY2023-24 alone, nearly double the previous year’s figure. The RBI flagged 18 lakh fake collect requests in the first quarter of 2026 alone. Fraudsters posing as buyers, sellers or customer support routinely send “Collect Requests” disguised as incoming payments, and many users unknowingly enter their UPI PIN without realising the PIN is only ever required to authorise an outgoing payment, never to receive one. A LocalCircles survey found that roughly one in five UPI users has personally experienced fraud, and over half of those victims never filed a complaint at all.

Remote Access Apps and Fake Customer Care

Remote access application scams remain another frequently reported tactic. Fraudsters persuade victims to install apps such as AnyDesk or TeamViewer under the pretext of resolving a banking issue, after which criminals can view the victim’s screen, monitor credentials and initiate fraudulent transactions in real time. The RBI first flagged this specific threat in a confidential circular to banks years ago, describing exactly this mechanism: a nine-digit code generated on the victim’s device, shared with the fraudster, granting full remote control. Banks and authorised financial institutions do not normally ask customers to install such applications for routine support, a distinction that remains the clearest tell that a call is fraudulent.

Cybercriminals also operate fake customer care services, publishing counterfeit helpline numbers on search engines and social media while impersonating legitimate banks to extract confidential information. Similarly, fraudulent investment schemes promising unrealistically high or guaranteed returns continue to lure investors, with experts recommending independent verification of any investment opportunity’s regulatory status before committing funds. Cybercrime figures nationally have climbed sharply in parallel with these tactics, from over 10.29 lakh reported incidents in 2022 to nearly 28 lakh in 2025, reflecting how deeply these methods have embedded themselves across India’s digital economy.

Prof. Triveni Singh, the former IPS officer and cybercrime specialist, said modern cybercrime exploits not only technological vulnerabilities but human behaviour itself. He advised customers never to share OTPs, UPI PINs, internet banking passwords or CVV numbers with anyone, and recommended keeping devices and banking apps updated, downloading apps only from official stores, and enabling SMS and email alerts for every transaction. He said users should remain particularly cautious around suspicious links, QR codes or screen-sharing requests, since these three vectors continue to account for the overwhelming majority of banking fraud cases reported nationally.

Experts further advise that anyone noticing suspicious account activity should immediately contact their bank to secure the account, then report the incident to the National Cyber Crime Helpline at 1930 or through the National Cyber Crime Reporting Portal, since prompt reporting significantly improves the chances of blocking or recovering fraudulently transferred funds before they move beyond reach through layered mule accounts.

Stay Connected