Trust & Safety
Stay Safe from Social Engineering Fraud
PhonePe Team|2 min read|26 September, 2017
Social media has brought customer support one step closer to you. Whenever you need a solution to a problem, you can easily login and interact directly with a customer care representative.
Sometimes during these interactions, you might end up posting personal details on social media forums instead of using secure means of sharing them. These details can easily get misused by fraudsters.
Important reminder- PhonePe never asks for confidential or personal details. Ignore all mails claiming to be from PhonePe if they are not from the phonepe.com domain. If you suspect fraud, please contact your bank immediately.
What is social engineering?
Social engineering is when fraudsters use your personal details to trick you into trusting them. Often fraudsters build trust by pretending to help you with an issue. In reality, they’re just using your personal details to con you out of your money.
How does social engineering work?
- The fraudsters call you claiming to be customer support representatives from your bank. They use details you have shared on social media to gain your trust and ask you to share your Debit Card details.
- The fraudsters then ask you to provide the OTP to complete the transaction and top up their wallet using your Debit Card.
- Once the transaction is complete, the fraudsters withdraw money from the wallet to their bank account.
Please remember: An actual customer representative will never ask you to share your full Credit/Debit Card details or OTP. They will only contact you from authorized landline numbers and not from a mobile number. Emails that are not sent from the same official domain as your bank should be ignored.
Here’s how you can stay safe:
- Never share OTPs, PIN numbers or any other codes that you receive via SMS or other channels.
- Never share your Account Number or Credit and Debit Card details on a public platform.
- If you get a call from an unknown number claiming to be from a bank and asking for your personal details, do not entertain the call and just disconnect it.
- Check the sender domain of the email. If it is [XYZ]@gmail.com or any other email provider domain, ignore the mail. Ensure that the email domain matches the bank’s actual domain. All bank emails come from a secure https domain only.
Watch a video on transacting safely: https://youtu.be/rHZ57O9X8kk