Weird scammer call? what does this seem like?

[nemo_online]

My father was trying to making an UPI payment of around 35K yesterday via Gpay to a plumber who had come home for some plumbing work. According to him, when he tried to pay via the SBI account linked to his Gpay, he was not allowed to enter the 6th digit of the pass code. After the 5th digit he was not allowed to enter the 6th digit of the pass code. After trying two times and failing, suddenly his phone rang. He initially didn't pick up the first time but the second time he picked. A apparently well-behaved person on the other end asked him if he was trying to make an UPI payment. He confirmed in the affirmative and then the person asked my father his father's name. In the mean time, the person on the other end told my father that this is verification since lot of scams are happening. My father told him that too and after seemingly being satisfied, the call ended there. Right after that, he was able to make the payment and the pass code issue vanished.

What does this mean? I'm pretty sure Google folks don't call you to confirm UPI transaction and neither does SBI (they are too busy with lunch breaks). So what was this call about and from whom? Is my father's phone hacked?
P.S. I don't stay with my father so whatever remedial steps have to be taken, if any, will have to be explained to him or done via third-party and as is obvious he is not at all tech-savvy.

 

[Dhanush]

This sounds almost certainly a scam, as Google Pay and SBI do not make unsolicited verification calls. The timing and request for personal details suggest a phishing attempt, possibly enabled by malware, call spoofing, or a tampered app, with scammer aiming for personal info or a larger financial theft. Verify the caller’s number in his phone log for the country code (e.g., +91 for India, +63 for scams) and search it on Truecaller’s app for spam flags. avoid calling back from his phone, but test it from another device and impersonate as someone looking for help. Please, ask him stop using GPay, check his SBI account for unauthorized transactions, change his UPI PIN, reset mobile. Guide him via phone or video call, or involve a trusted local person, and warn him against sharing sensitive details.

 

[nando]

If android Disable "Install apps from unknown sources", Scammers are sending utility bills like TGSPDCL_Electricity_Bill.apk through whatsapp which are malware or screen capture apps, Check if any such app is installed
Check transaction history and reset all passwords & upi pin

 

[iamX]

Yeah, even if it was UPI by CC, the bank has never called me about UPI txn. It does indeed sound fishy and he should uninstall all his UPI apps and reinstall with PIN resets. Could have been a fake app.

 

[prototype]

Most probably it must be a Scam call. If this happened during a attempt to transfer money by a verified gpay app, the mobile may be malware infected. Check and clean the device, as a precaution, change the UPI pins as well. See for any unauthorized transactions as well in bank statements.

 

[Shayem]

Your instincts are correct — this is highly suspicious and indicative of a likely ongoing or attempted fraud. Here is a detailed breakdown of what likely happened and what needs to be done immediately.

What Likely Happened​

1. Passcode Entry Blocked (5-digit lockout)
   • GPay UPI PINs are 6 digits. If he was not allowed to enter the 6th digit, the app may have been:
     • Interfered with by a malicious accessibility service, OR
     • A fake overlay UI imitating GPay was shown by malware.
2. Suspicious Phone Call
   • No legitimate entity (neither Google nor SBI) will ever call to verify a transaction midway, especially not to ask for personal information like a father’s name.
   • This is social engineering:
     • The fraudster likely had visibility into the transaction in real time — possibly via malware or spyware.
     • They attempted to validate account access or device control by requesting personally identifying information (PII) and ensuring the user is actively engaging with the real app.
     • The fact that after the call the PIN entry worked suggests that the attacker might have dynamically allowed the real GPay screen to resume, indicating malware with accessibility or remote control permissions.

What Needs to Be Done (Simple Steps)​

1. Turn on Airplane Mode.
   • Cuts internet access to stop remote control.
2. Do a Full Factory Reset of the phone.
   • Go to Settings > System > Reset > Erase all data.
   • This will remove hidden apps or malware.
3. Do NOT restore from cloud backup.
   • Reinstall only essential apps from Play Store manually.
4. Check SBI account from another device.
   • Look for unknown transactions or linked devices.
   • Change UPI PIN after logging in.
5. Report the incident:
   • Call SBI: 1800 11 2211
   • Report at: cybercrime.gov.in

 

[technofast]

Looks like a similar scam that I encountered but from bludart courier. I was expecting a document from bludart and this scamster called and told me to call the delivery guy and gave me a call forwarding number. LINK for full details.