BENGALURU: Seven leading internet companies are banding together to save their consumers from the rising menace of cyber frauds being carried out by duping innocent users, where the money is being siphoned off from their accounts.
The companies taking action include travel majors MakeMyTrip Group and Oyo Hotels & Homes, mobile payments firm Paytm, online food delivery aggregators Swiggy & Zomato, besides ride-hailing giant Uber.
Three people aware of the matter said these companies met the Reserve Bank of India (RBI) last week to make a joint representation on the issue and how to curb these online frauds — engineered via fake toll-free numbers and serial bank account generators, among other methods. About 4,000 SIM card numbers and 350-400 bank account numbers have been shared with the RBI, State Bank of India (SBI) and the telecom companies, whose services are used to fool the unsuspecting consumers.
These tech companies have also reached out to Google about how its search engine is used by cybercriminals to make their fake toll-free numbers appear on top of search results. This leads to some of the consumers believing the fake number to be the legitimate number of the company. Some even go on to set up fake websites mimicking the original ones.
Over the past couple of weeks, executives from these internet companies met senior officials of SBI, Airtel and other stakeholders, sources added. Among the companies that are part of this council, MakeMyTrip, Swiggy, Zomato and Paytm have confirmed the development to TOI. Going forward, more online firms are expected to join the group to share their fraud data to counter such online frauds.
In a letter addressed to SBI, the online companies have raised the issue of large-scale fraud being attempted, using accounts in the bank. People involved in the discussion said due to the sheer scale of SBI, most of the miscreants fooling consumers to send money or share their sensitive bank details have accounts with the largest public sector bank. Emails sent to the RBI, SBI, Google India and Airtel did not elicit any response on the matter.
“People from non-urban markets or even senior citizens are common victims. These frauds are typically done by sending SMS from accounts sounding similar to the original company and would have an extra alphabet in the name of the company (say, an extra ‘a’ in MakeMyTrip). This could go unnoticed and people can fall prey to the messages,” a person aware of the modus operandi said. What then typically happens is that these messages would promise attractive rewards. For example, an expensive car or Rs 20-30 lakh cash, with a helpline number mentioned in it. A customer would dial to claim the rewards and that’s where the cyber crooks share their bank details, to which users are supposed to send an amount like Rs 5,000-10,000 to claim the reward.
“Setting a toll-free helpline is not the most complex task if you have a basic structure ready. Then an account in a public sector bank adds another layer of credibility. Following this, based on our trends, there is the success rate of seven out of 100 calls — meaning one can get as much as Rs 70,000 after making 100 such calls,” the person from one of the earlier mentioned companies added. These efforts are followed up on WhatsApp to nudge the consumer to share more details like one-time password (OTP). With more details, the scope of the damage is bigger.
This is why the SIM card database and account numbers often used to scam consumers of the online platforms have been shared with the authorities. As a next step, the council of companies would share this information with the cyber wings of police in Delhi and Mumbai — the two largest cities in India.
“To propagate such fake websites and customer care numbers, fraudsters rampantly bid on the key words for certain brands on Google Ads or do search engine optimisation on such brand names and hence these websites usually come up in the first few search results when any customer searches for the brand on Google. By virtue of their top placement in the search results, customers consider these links to be genuine websites and then the customers eventually get duped through phishing means,” the communication to Google read. Thus, online firms believe they cannot solve the problem on their own through customer education alone.
“While we are taking all necessary steps to educate our customers and spread awareness about these phishing attempts, this fraud can only be contained with pro-active support, viz timely detection, suspension of accounts and expeditious action by telecom companies, banks, social media platforms and search engines,” said a spokesperson of MakeMyTrip group, which also houses Goibibo and redBus.
The companies taking action include travel majors MakeMyTrip Group and Oyo Hotels & Homes, mobile payments firm Paytm, online food delivery aggregators Swiggy & Zomato, besides ride-hailing giant Uber.
Three people aware of the matter said these companies met the Reserve Bank of India (RBI) last week to make a joint representation on the issue and how to curb these online frauds — engineered via fake toll-free numbers and serial bank account generators, among other methods. About 4,000 SIM card numbers and 350-400 bank account numbers have been shared with the RBI, State Bank of India (SBI) and the telecom companies, whose services are used to fool the unsuspecting consumers.
These tech companies have also reached out to Google about how its search engine is used by cybercriminals to make their fake toll-free numbers appear on top of search results. This leads to some of the consumers believing the fake number to be the legitimate number of the company. Some even go on to set up fake websites mimicking the original ones.
Over the past couple of weeks, executives from these internet companies met senior officials of SBI, Airtel and other stakeholders, sources added. Among the companies that are part of this council, MakeMyTrip, Swiggy, Zomato and Paytm have confirmed the development to TOI. Going forward, more online firms are expected to join the group to share their fraud data to counter such online frauds.
In a letter addressed to SBI, the online companies have raised the issue of large-scale fraud being attempted, using accounts in the bank. People involved in the discussion said due to the sheer scale of SBI, most of the miscreants fooling consumers to send money or share their sensitive bank details have accounts with the largest public sector bank. Emails sent to the RBI, SBI, Google India and Airtel did not elicit any response on the matter.
“People from non-urban markets or even senior citizens are common victims. These frauds are typically done by sending SMS from accounts sounding similar to the original company and would have an extra alphabet in the name of the company (say, an extra ‘a’ in MakeMyTrip). This could go unnoticed and people can fall prey to the messages,” a person aware of the modus operandi said. What then typically happens is that these messages would promise attractive rewards. For example, an expensive car or Rs 20-30 lakh cash, with a helpline number mentioned in it. A customer would dial to claim the rewards and that’s where the cyber crooks share their bank details, to which users are supposed to send an amount like Rs 5,000-10,000 to claim the reward.
“Setting a toll-free helpline is not the most complex task if you have a basic structure ready. Then an account in a public sector bank adds another layer of credibility. Following this, based on our trends, there is the success rate of seven out of 100 calls — meaning one can get as much as Rs 70,000 after making 100 such calls,” the person from one of the earlier mentioned companies added. These efforts are followed up on WhatsApp to nudge the consumer to share more details like one-time password (OTP). With more details, the scope of the damage is bigger.
This is why the SIM card database and account numbers often used to scam consumers of the online platforms have been shared with the authorities. As a next step, the council of companies would share this information with the cyber wings of police in Delhi and Mumbai — the two largest cities in India.
“To propagate such fake websites and customer care numbers, fraudsters rampantly bid on the key words for certain brands on Google Ads or do search engine optimisation on such brand names and hence these websites usually come up in the first few search results when any customer searches for the brand on Google. By virtue of their top placement in the search results, customers consider these links to be genuine websites and then the customers eventually get duped through phishing means,” the communication to Google read. Thus, online firms believe they cannot solve the problem on their own through customer education alone.
“While we are taking all necessary steps to educate our customers and spread awareness about these phishing attempts, this fraud can only be contained with pro-active support, viz timely detection, suspension of accounts and expeditious action by telecom companies, banks, social media platforms and search engines,” said a spokesperson of MakeMyTrip group, which also houses Goibibo and redBus.