SBI Jumped Deposit Scam 2026: the UPI collect-request trap that empties your account
On June 3, 2026, the State Bank of India warned customers about the "jumped deposit scam." A tiny credit of Rs 10 to Rs 50 lands in your account. You open your UPI app to check. While you are looking, a disguised collect request fires, and one reflexive PIN entry sends a far larger amount straight to the fraudster.
The verdict
Scam. The "jumped deposit" scam is real and was flagged by SBI to customers on June 3, 2026. Fraudsters drop a small credit (Rs 10 to Rs 50) into your account, then fire a disguised UPI collect request for a much larger amount. The act of opening the app to check the surprise balance is the trap: you mistake the request for a balance prompt or a "return the deposit" step, you enter your UPI PIN, and the bigger amount leaves your account. The one rule that defeats it: you never enter a UPI PIN to receive money, only to pay. If a screen asks for your PIN, money is leaving you. If you lost money, call 1930 and file at cybercrime.gov.in.
Paste a suspicious link here to check it
Got a "tap to verify the refund" or "dispute the deposit" link in the message? Paste it below. Our 3-layer engine (Local + APIs + AI) returns a verdict in about 3 seconds. Free, no signup.
What SBI actually warned about on June 3, 2026
The warning came from the State Bank of India, the country's largest bank, and it is unusual in one way. Most UPI fraud alerts are about stolen OTPs, leaked passwords, or fake KYC apps. The jumped deposit scam steals nothing technical. There is no breach of UPI, no malware, no OTP theft. It works purely by hijacking a reflex you do not even think about: when money lands unexpectedly, you open the app to look.
SBI's framing is precise. A small deposit you did not expect is the bait. The bank reminded customers that a UPI PIN is required only when money is being debited from an account, and that they should respond only to calls from numbers prefixed with 1600, the series reserved for genuine bank communication. Any caller pressing you to "return the money you got by mistake" is the second half of the same trap.
The official, real sources to bookmark for SBI and UPI are onlinesbi.sbi and sbi.co.in for the bank, npci.org.in for the National Payments Corporation of India that runs UPI and BHIM, and cybercrime.gov.in for reporting. Anything that looks close to those but is not exactly those is hostile.
How the jumped deposit scam actually works
Walk through it step by step, because the trap is in the sequence, not in any one screen.
- The drop. A stranger pushes a tiny credit into your account over UPI. Rs 10, Rs 20, Rs 50. Small enough that you do not panic, large enough that you notice.
- The reflex. Your phone buzzes "credited." You open your UPI or banking app to see who sent it and confirm your balance. This is the moment the scam is built around. Checking the balance is the trap.
- The disguise. While the app is open, the fraudster fires a UPI collect request for a much larger amount. It surfaces as a pending prompt. Because your attention is already on the surprise credit, the request reads like a balance step, a confirmation, or a way to "return" what just landed.
- The PIN. You tap approve and enter your UPI PIN, believing you are confirming the deposit or sending back Rs 50. You are not. You are authorizing the much larger amount to leave your account.
- Gone. The transfer is instant and final. UPI is a real-time push, so there is no chargeback to undo it.
Sometimes the lure arrives with a message too: "Tap to verify the refund," or "Click to dispute the deposit," with a link or a fake-app download. That link is the part SafeBrowz can catch. The in-app PIN approval is the part only you can refuse.
Why checking your balance is the trap
This is the counterintuitive heart of it. Your instinct says: money showed up, let me verify it is real and see who sent it. That instinct is exactly what the fraudster is counting on. They time the collect request to land while you are inside the app, attention split, half-expecting another notification about the deposit. The request piggybacks on that expectation.
Officials advise a simple delay. If an unexpected deposit lands, wait 15 to 30 minutes before opening the app to check, because a fraudulent collect request often expires after that window. The urge to immediately verify is the vulnerability. Patience neutralizes it.
The one rule: never enter a PIN to receive money
This is the single fact that defeats the entire scam, and it is worth memorizing.
A UPI PIN only ever debits your account. It is never required to receive money. Not for a refund. Not for cashback. Not for a gift. Not to "return" a mistaken transfer. Not to "verify" a deposit. If any screen, in any UPI app, asks you for your PIN, money is about to leave you. That is the only thing a PIN does.
To receive money, you do nothing. UPI credits are passive. A genuine incoming payment simply appears, with no action required from you and no PIN. So the logic is clean: the moment a "deposit," "refund," or "return the extra" flow asks for your PIN, you have caught the scam mid-act. Decline, close the prompt, and walk away.
The collect-request red flag
A UPI collect request is someone asking you to pay them. It is the opposite of receiving money. Scammers exploit the confusion between a payment notification (someone paid you, no action) and a collect request (you are being asked to pay).
- It says "Request" or "Pay," not "Received." A real incoming credit never asks you to approve anything. If there is an approve-and-enter-PIN step, it is a request, and approving it sends money out.
- It is from an unknown VPA or number. Decline any collect request from someone you did not just transact with. Person-to-person collect requests from strangers are almost always fraud probes.
- It arrives right after a surprise credit. The timing is the tell. A small deposit followed within minutes by a larger collect request is the jumped deposit signature.
- The amount does not match the story. They "accidentally sent Rs 50" but the request on screen is for thousands. Read the amount and direction before your thumb moves.
- Someone is rushing you. "Please return it now, it is urgent, my mother's hospital bill." Real situations survive a five-minute pause. Scams die in it.
The phishing link and fake-app twist
The jumped deposit lure does not always stop at a collect request. Often it travels with a message: an SMS or WhatsApp text saying "Tap to verify the refund," "Dispute this deposit here," or "Confirm your account to receive the credit," with a shortened link or an APK to download. The page it opens is a spoofed SBI or NPCI login, or a fake "UPI verification" app that harvests your credentials or asks you to install screen-sharing software.
Indian banks do not send bit.ly or tinyurl links over SMS. SBI's real domains are onlinesbi.sbi and sbi.co.in; NPCI's is npci.org.in. A link styled to look almost right, like sbi-upi-refund.in, onlinesbi-verify.xyz, or npci-deposit-dispute.com, is the phishing leg of the attack. Those are illustrative scam patterns, not real sites, and you should never tap anything resembling them.
What to do if you get an unexpected deposit and a collect request
- Do not rush to check. An unexpected small credit is not an emergency. Wait 15 to 30 minutes before opening the app. A fraudulent collect request often expires in that window.
- Never approve a collect request you did not initiate. If a pending request appears, decline it. You lose nothing by declining a genuine one; you can always send money deliberately later.
- Remember the rule. If any screen asks for your UPI PIN around a "deposit," "refund," or "return," money is leaving you. Stop.
- Ignore the callback. If someone calls insisting you "return the mistaken money," do not. A genuine wrong transfer is resolved by the sender's bank, not by you pushing money to a stranger. Real bank calls come from numbers prefixed 1600.
- Do not tap the link. "Verify the refund" or "dispute the deposit" links lead to spoofed pages. Go to onlinesbi.sbi or your bank app directly instead.
If you already entered your PIN and money left
Speed is everything. Indian banks can sometimes freeze the receiving account if you report fast enough.
- Call 1930 immediately. This is the national cybercrime helpline run by the Indian Cyber Crime Coordination Centre. The sooner you call, the better the chance the receiving bank can freeze the funds before withdrawal. Keep the transaction ID, UPI reference number, the receiver VPA or number, and screenshots ready.
- File at cybercrime.gov.in within 24 hours. This is the official National Cyber Crime Reporting Portal. Attach the message trail and any caller numbers.
- Notify your bank in writing within 3 working days. Reporting an unauthorized transaction within three working days limits your liability to zero under the RBI customer-protection framework, provided the loss is not due to your own sharing of credentials.
- Raise an in-app dispute. Your UPI app (SBI, BHIM, or others) has a report-fraud option under the disputed transaction that routes the case to the receiving bank.
- Change your UPI PIN and review autopay mandates. If you also tapped a link or installed anything, treat the device as compromised and check for any new recurring mandates you do not recognize.
One hard truth: UPI has no true chargeback. It is a real-time bank-to-bank push. Recovery depends entirely on whether the receiving bank can freeze the money before the attacker pulls it out. Hours matter. Days rarely succeed.
How SafeBrowz helps against this scam
Be precise about what a browser tool can and cannot do here. The jumped deposit scam has two legs. The in-app collect-request approval is your action to refuse, and the core rule covers it: never approve or enter a PIN to receive money. SafeBrowz cannot stop you from approving a UPI request inside your banking app, and no browser extension can. What it does cover is the other leg: the phishing link and fake-app page that so often ride along with the lure.
SafeBrowz runs a 3-layer detection architecture against the spoofed SBI and NPCI pages and the fake "verify the refund" sites that accompany this scam:
- Layer 1 - Local detection: 60+ URL patterns and 550+ brand-specific signatures run inside the extension, including SBI, BHIM, NPCI and other Indian payment brands. Hyphenated lookalikes (sbi-upi-refund, onlinesbi-verify, npci-deposit-dispute), Punycode homographs, and known scam TLDs are flagged before the page renders.
- Layer 2 - API checks: Server-side cross-reference against threat-intelligence feeds catches domains already reported by the wider security community within minutes.
- Layer 3 - AI deep scan (Premium): Content analysis in 100+ languages including Hindi and major Indian languages reads the actual page to spot brand impersonation, fake deposit-dispute flows, and credential-harvesting forms, catching novel domains no feed has seen yet.
Detection signatures come from threat-intelligence research and brand database analysis, not from per-user browsing data. The extension does not store per-user browsing history.
Block the phishing links that ride along with UPI scams
SafeBrowz is a free browser extension for Chrome, Firefox and Edge (Safari pending) that blocks fake bank and UPI login pages automatically. 550+ brands including SBI, BHIM and NPCI are tracked locally inside the extension, with AI content analysis covering Hindi and 100+ other languages on top. Free forever; Premium AI deep scan is $14.99 per year, one key works on three devices.
Add to Chrome
Add to Firefox
Add to Edge
Get it on Google Play
Frequently asked questions
What is the SBI jumped deposit scam?
It is a UPI fraud SBI warned customers about on June 3, 2026. A fraudster drops a small credit (Rs 10 to Rs 50) into your account, then sends a disguised UPI collect request for a much larger amount. When you open the app to check the surprise deposit, the request appears, and if you approve it and enter your UPI PIN believing you are confirming the deposit or returning it, the larger amount leaves your account instead. It exploits the reflex to check your balance, not any technical flaw in UPI.
Do I need to enter my UPI PIN to receive money?
No, never. A UPI PIN only ever debits your account, meaning it is used only to pay. Receiving money is passive: a genuine credit simply appears with no action and no PIN required. So if any screen asks for your PIN in the name of a refund, cashback, gift, deposit verification, or returning a mistaken transfer, money is about to leave you. That request is the scam. Decline it.
I got an unexpected deposit and a collect request - what do I do?
Do not rush. Wait 15 to 30 minutes before checking, because fraudulent collect requests often expire in that window. Decline any collect request you did not initiate; you lose nothing by declining. Never enter your UPI PIN around a deposit or refund flow. Ignore any caller asking you to return the money, and do not tap any verify the refund or dispute the deposit link. Go to onlinesbi.sbi or your bank app directly if you want to confirm your balance.
How do I report a UPI scam in India?
Call the national cybercrime helpline 1930 as fast as possible, ideally within the first hour, so the receiving bank has the best chance to freeze the funds. File a complaint at cybercrime.gov.in within 24 hours with screenshots and the transaction reference. Notify your bank in writing within 3 working days to limit your liability to zero under the RBI customer-protection framework. Raise an in-app dispute on your UPI app for the disputed transaction.
Why does SBI say to trust only 1600-prefixed calls?
SBI told customers that genuine bank communication comes from numbers in the 1600 series. The jumped deposit scam often includes a follow-up call from a fraudster pressing you to "return the money you received by mistake." A call demanding you push money back to a stranger is not how a real wrong transfer is resolved. Treat any such caller as part of the scam and hang up.
Can SafeBrowz stop the jumped deposit scam?
SafeBrowz protects the web layer. It blocks the phishing link and fake-app page that often accompany the lure, such as spoofed SBI or NPCI login sites and fake "verify the refund" pages. It cannot approve or decline a UPI request inside your banking app, and no browser tool can. The in-app collect-request approval is your action to refuse, governed by the core rule: never approve or enter a PIN to receive money. SafeBrowz covers the click; you cover the PIN.
Article published June 23, 2026. The SBI jumped deposit warning of June 3, 2026, the collect-request mechanic, and the "never enter a UPI PIN to receive money" rule are drawn from SBI customer communications, NPCI guidance, and Indian financial-press reporting. Detection signatures derive from threat-intelligence research and brand database analysis, not user browsing data.