In the wake of the Pulwama attacks in February 2019, and subsequently during the Assam floods in July 2019, there were several account numbers and UPI IDs being circulated across social networking sites, soliciting donations for the victims. Among the deluge of UPI IDs, there was only one official UPI handle that belonged to the relief fund.
Social networking sites such as Facebook and Twitter, and crowdfunding sites such as Milaap, are commonly used to raise funds for victims of disasters and tragedies. Scammers leverage these platforms to circulate UPI IDs, that closely resemble official UPI handles, to dupe unwitting donors, and deprive those in need. Also, we often don’t realize that different bank account numbers are listed under the same UPI ID.
The reach of social media and the constantly proliferating fake IDs, was a menace that NPCI found difficult to monitor and restrict. To address this issue, NPCI engaged CloudSEK, to identify and alert them to fraudulent UPI handles that were misleading the public and misappropriating the relief funds.
XVigil’s Social Media Monitor was calibrated to identify UPI handles that were being posted and shared on social networking sites, in an attempt to mimic the official UPI handle and solicit funds. XVigil was able to track down 12 such handles, related to the Assam flood, which were being circulated on Facebook and Twitter. A similar pattern had been identified following the Pulwama attacks was as well.
CloudSEK alerted NPCI to the fake handles and account numbers that were being circulated and also made them aware of the notable use of Milaap to generate most of these UPI IDs.
NPCI being a payments and settlements systems, is especially vulnerable to cyber threats. UPI is one of its most commonly used payment services across India, and fraudulent activities being associated it, will affect the reputation of NPCI, and the trust that consumers and banks have in it.
With XVigil, NCPI is able to detect malicious activities related to fake UPI handles, and take them down before consumers and banks are affected by it. In such situations, time is of the essence. So, with XVigil’s AI powered engine, NPCI receives real-time alerts, making it possible to reduce the risk of exploitation of NPCI instruments.