Introduction
Online financial fraud has become one of the most common forms of cybercrime in India. With the rapid digitization of banking services and the widespread adoption of UPI (Unified Payments Interface), criminals have developed sophisticated methods to defraud unsuspecting users. This part covers the major types of online financial fraud and investigation techniques.
By the end of this part, you will be able to identify different types of online financial fraud, understand their modus operandi, learn investigation techniques, and know the relevant legal provisions.
UPI Fraud
UPI (Unified Payments Interface) has revolutionized digital payments in India. However, it has also become a major target for fraudsters. India processes over 10 billion UPI transactions monthly, making it one of the largest digital payment ecosystems in the world.
Common UPI Fraud Types
Fake UPI App
Fraudsters create fake UPI apps or payment screenshots to deceive sellers into believing payment has been made.
Collect Request Scam
Criminals send collect requests instead of payments, tricking victims into authorizing money transfers.
Vishing (Voice Phishing)
Fraudsters call pretending to be bank officials and trick victims into sharing UPI PINs or approving transactions.
QR Code Scam
Victims are asked to scan QR codes to "receive" money, but instead money is debited from their accounts.
UPI Fraud Modus Operandi
- Research Phase: Fraudster identifies potential victims (often from OLX, classifieds, or social media)
- Contact: Approaches victim as interested buyer or customer support
- Building Trust: Sends fake ID proofs or references
- Execution: Tricks victim into sharing OTP, UPI PIN, or approving collect request
- Money Trail: Funds quickly transferred through multiple accounts
UPI PIN is never required to receive money. This is a critical awareness point. Any request for PIN while receiving money is fraudulent.
Investigation Steps
- Obtain complete transaction details from victim's bank statement
- Request UPI transaction details from NPCI
- Trace beneficiary account details through receiving bank
- Analyze call records if vishing was involved
- Check IP logs and device information from UPI app provider
- Follow money trail through multiple account hops
Credit/Debit Card Fraud
Card fraud remains a significant threat despite chip-based cards and 2FA requirements. India has over 1 billion debit cards and 80+ million credit cards in circulation.
Types of Card Fraud
| Type | Method | Prevention |
|---|---|---|
| Card Skimming | Physical device on ATM captures card data | Check ATM for devices, cover PIN |
| Card Cloning | Duplicate card created from stolen data | Use EMV chip cards, enable alerts |
| CNP Fraud | Card Not Present - online transactions with stolen details | Enable OTP, use virtual cards |
| Phishing | Fake websites capture card details | Verify URLs, don't click links |
| Shoulder Surfing | Observing PIN entry at ATM/POS | Cover keypad while entering PIN |
Card Fraud Investigation
- Obtain complete card transaction history from issuing bank
- Request CCTV footage from ATM/POS location (within 30-90 days)
- For online fraud, get merchant details and IP addresses
- Analyze magnetic stripe vs chip transaction patterns
- Coordinate with card networks (Visa/Mastercard) for cross-border fraud
In 2023, a gang was arrested in Delhi for installing skimming devices at multiple ATMs. They collected data from over 500 cards and caused losses of Rs. 1.5 crore. Investigation revealed they operated in shifts, with one team installing devices and another retrieving them after 48-72 hours.
Investigation Key: CCTV analysis from multiple ATMs revealed common suspects, leading to identification through facial recognition.
Internet Banking Fraud
Internet banking fraud exploits vulnerabilities in online banking systems or user behavior to gain unauthorized access to bank accounts.
Common Attack Vectors
Phishing Emails
Fake emails appearing to be from banks, directing users to fraudulent login pages.
Malware/Keyloggers
Software that captures keystrokes and steals login credentials.
Man-in-the-Browser
Trojan that modifies web pages in real-time to capture or alter transactions.
Session Hijacking
Attacker takes over an authenticated session to perform unauthorized transactions.
Investigation Techniques
- Analyze bank's server logs for unauthorized access attempts
- Examine victim's device for malware (memory forensics)
- Review email headers for phishing emails
- Track IP addresses and geolocation data
- Analyze browser history and cached data
- Check for DNS poisoning or hosts file modification
When investigating internet banking fraud, always check if the victim's system has any unauthorized remote access tools (TeamViewer, AnyDesk, etc.) installed. Many frauds involve convincing victims to install these tools.
SIM Swap Fraud
SIM swap fraud is one of the most sophisticated forms of financial fraud. Criminals convince mobile operators to transfer a victim's phone number to a new SIM, gaining access to OTPs and 2FA codes.
SIM Swap Process (Criminal's Perspective)
- Data Gathering: Collect victim's personal information (name, address, date of birth, ID numbers)
- Social Engineering: Visit telecom store with fake ID or bribe store employee
- SIM Deactivation: Original SIM is deactivated, new SIM activated
- Time Window: Victim's phone shows "No Service" - criminal has limited time
- Account Takeover: Reset passwords, intercept OTPs, transfer funds
Sudden loss of mobile network signal (while others on same network have signal), unexpected "SIM update" or "4G upgrade" calls, and unauthorized password reset emails are key indicators of potential SIM swap attack.
Investigation Approach
- Obtain SIM swap request records from telecom operator
- Get CCTV footage from telecom retail store
- Analyze fake documents submitted for SIM swap
- Check for insider involvement at telecom company
- Correlate timing of SIM swap with fraudulent transactions
- Trace the replacement SIM location via CDR
Legal Provisions
- IT Act Section 66: Computer related offences
- IT Act Section 66C: Identity theft
- IT Act Section 66D: Cheating by personation using computer resource
- BNS Section 318: Cheating
- BNS Section 319: Cheating by personation
OTP Fraud
OTP (One-Time Password) fraud involves tricking victims into sharing OTPs meant for transaction authentication. Despite being a security measure, OTP has become a target for social engineering attacks.
Common OTP Fraud Scenarios
Bank Executive Call
Fraudster poses as bank official, claims account issue, requests OTP for "verification."
Lottery/Prize Scam
Victim told they won a prize; OTP needed to "claim" the reward.
Refund Scam
Claims victim is eligible for refund from company, requests OTP to process it.
KYC Update Scam
Threatens account block unless KYC is updated immediately using OTP.
Investigation Evidence Collection
| Evidence Type | Source | Retention Period |
|---|---|---|
| Call Records | Telecom Operator | 1-2 years |
| SMS Logs | Telecom/Bank | 1 year |
| Transaction Details | Bank | 8 years |
| IP Logs | Bank/App Provider | 6 months - 1 year |
| CCTV (if any) | Various | 30-90 days |
Banks NEVER ask for OTP over phone calls. Any such request is fraudulent. Legitimate bank communications clearly state not to share OTP with anyone, including bank employees.
Reporting and Response
Immediate Steps for Victims
- 1930 Helpline: Call national cybercrime helpline immediately
- Bank Notification: Block card/account through banking app or customer care
- Online Complaint: File report at cybercrime.gov.in within 24 hours
- Police FIR: File FIR at local police station or cyber cell
- Preserve Evidence: Save SMS, call logs, screenshots
Golden Hour Concept
The first few hours after financial fraud are critical for recovery. Quick reporting can help freeze fraudulent accounts and potentially recover funds before they're withdrawn or transferred further.
- UPI fraud is the most prevalent form of digital payment fraud in India
- Never share OTP, UPI PIN, or card details with anyone claiming to be bank officials
- SIM swap attacks require immediate response - report network loss quickly
- Investigation requires coordination between banks, telecom operators, and law enforcement
- Quick reporting (within golden hour) significantly improves fund recovery chances
- Multiple legal provisions under IT Act and BNS apply to financial fraud