Paytm has become an indispensable payments app for millions of people in India. It’s popularity has grown over recent years, especially following the demonetisation of the Rs 500 and Rs 1,000 currency notes back in 2016. With limited cash in the market, people were forced to make payments through their e-wallets and by then Paytm was already widely accepted by big retailers and small merchants. Today, Paytm offers an easy way to pay bills, buy movie/train/airplane tickets as well as to make payments to friends and merchants. But the popularity of Paytm also invites more scams with fraudsters looking to easily rob you of your money.
There have been a few notable Paytm scams in recent years. These scams have cost victims lakhs of rupees and many have happened simply out of the victim being unaware of the tactics employed by the fraudsters. Here’s a look at some of the ways scammers can steal your money on Paytm.
1. Paytm KYC scam
One of the most common Paytm frauds is the KYC scam, which became particularly popular earlier this year when a Mumbai-based Paytm user lost Rs 1.7 lakhs to a gang that included a person from Jamtara district of Jharkhand. You may have heard about Jamtara thanks to a Netflix series by the same name that revolves around phishing operations.
Pls don’t trust any SMS send of blocking your Paytm account or suggestion to do a KYC.— Vijay Shekhar Sharma (@vijayshekhar) November 19, 2019
These are fraudsters attempting on your account. Pls RT. pic.twitter.com/vHKBFmo3nc
This kind of Paytm scam involves the victim getting an SMS or email, asking them to update their Know Your Customer (KYC) details on Paytm or their account would be blocked. In panic, the victim calls the phone number in the SMS/email and is asked by a ‘Paytm representative’ to download Team Viewer or AnyDesk; these are Remote Desktop sharing apps that allow another person to view your phone’s screen. Unaware of this, the victim downloads the app and allows the fraudster to see everything on their phone.
The fraudster then asks the victim to log out of Paytm app and then login again — this lets them see not only the victim’s Paytm user ID but also their password. Once the login process is complete, the scammer asks the victim to top up their Paytm balance using debit card, netbanking, etc; this reveals the victim’s debit card PIN or netbanking password. Then the scammer asks the victim to transfer an amount as little as Re 1 to validate whether the KYC process has been completed. With this, the scammer can see the Paytm PIN for the account and then proceeds to siphon off thousands and lakhs of rupees from the customer’s account within a few minutes in multiple transactions.
How Paytm KYC scam works:
- Victim gets SMS or email saying their Paytm account will be blocked unless KYC is done
- The victim calls the number in the email/SMS
- Scammer asks victim to install Team Viewer or AnyDesk on their phone
- These apps let scammers see everything on victim’s phone remotely
- Victim is asked to log out of Paytm app and then login again — Paytm user ID and password revealed to scammer
- Scammer tells the victim to top up their Paytm account (via debit card, credit card, netbanking) — card PIN/ netbanking password revealed to scammer
- Victim asked to transfer Re 1 to confirm that KYC process is complete — this step reveals Paytm PIN
- With all the relevant user IDs and PIN/passwords seen by the scammer, money is stolen from the victim’s bank account
The best way to safeguard yourself from such a scam is to not trust SMSs or calls that claim to block your account if you don’t update your KYC. Moreover, KYC can only be conducted at official KYC points mentioned in the Paytm app or if Paytm sends an official representative to our home. In fact, as a measure to safeguard its customers, Paytm announced earlier this year that its app won’t work if the users’ phone has AnyDesk or Team Viewer installed.
2. Request Money scam
Paytm has its own wallet, but it also operates as a UPI app to let users transfer money directly from their bank account. This means Paytm app’s users can use the Request Money option to ask others to pay them and vice versa. A lot of times, fraudsters will use this feature to trick victims into transferring them money. This usually happens to people try to sell items on platforms like OLX or Facebook and a potential buyer offers to purchase the item from you, but ends up stealing your money instead. One way scammers do this is by requesting money on apps like Paytm instead of paying. The buyer tells the victim that they make a request for money. The fraudster then asks the victim for an OTP, following which the money gets debited from the victim’s bank account.
How Paytm Request Money scam works
- Paytm’s UPI functionality includes a Request Money option
- Scammer sends a payment request and asks victim to enter PIN to accept the money
- The payment request is actually the Request Money scam at work, i.e. the scammer is asking the victim to pay them, disguised as a request to pay the victim
- Once the victim enters their PIN, money is deducted from their bank account
This scam is highly effective on people who are unaware that receiving money does not require any OTP or UPI PIN. The buyer only needs your phone number to transfer money to your account. If you are asked to provide an OTP, it means the buyer is asking you to give them money.
3. SIM cloning
One of the ways someone can hack into your Paytm account is through SIM cloning. The process requires the fraudster to know your personal details like date of birth, address etc, so that they can trick a network provider into issuing a duplicate SIM number. The hacker can then receive SMSs and OTPs to log into your Paytm account and make transactions.
To avoid this, you should be extremely careful when it comes to divulging personal details to a caller on the phone. Verify that the person calling is an official representative before answering questions and always keep in mind that a representative will never ask you to download a third-party app or OTP.