While Union IT Minister Ashwini Vaishnaw launched a new campaign called “Stay Safe Online” as part of India’s presidency of the G20, a report by Cyble Research and Intelligence Labs (CRIL) revealed that there is a new wave of financial fraud in which scammers, monitoring Twitter complaints, are targeting IRCTC customers and UPI users.
Cybersecurity and online scams have emerged as significant concerns in recent years according to several tech experts, while the country is seeing a digital boom. From online payments to online healthcare consultation as well as education, Indians have embraced all types of new technology when needed. But at the same time reports highlighted a significant increase in online fraud cases too.
For example, as per Cyber Pravah, the third and fourth quarterly issue, UPI fraud cases have increased from 50,812 in Q4 2021 to 1,13,137 in Q1 2022. Additionally, internet banking fraud complaints saw a rise of 14% from 13,791 in O4 to 34,229 in Q1 of 2022.
It is said in the report that “technological advancements and the COVID-19 pandemic have also accelerated the reliance on digital platforms to perform daily and essential activities, making users increasingly susceptible to cyber threats”.
Additionally, according to data from the Ministry of Home Affairs (MHA), UPI frauds contributed significantly to a 15.3% increase in the overall number of complaints reported on the National Cybercrime Reporting Portal (NCRP) between the first and second quarters of 2022.
A new wave
The latest investigative report by CRIL has shown that there is a new scam trend, targeting Indians who post complaints on social media accounts. The report also shared several pictures as proof of the modus operandi.
The researchers found that scammers are now keeping an eye out on Twitter and other social media sites for customers asking for refunds for problems they may have had with services offered by IRCTC.
In the blog post, CRIL noted: “The scammers use Twitter to find potential victims by monitoring user complaint tweets. These tweets, which are meant to bring attention to issues and problems, are being exploited by cybercriminals to target their victims. We also noticed a scam involving the IRCTC. The scammers seem to monitor Twitter for complaints about the Indian Railway, and when they find a victim’s contact information, they will call to initiate the scam.”
The researchers explained that when users report complaints on social media, scammers take advantage of the opportunity to conduct phishing attacks by instructing them to download malicious files in order to register their complaints and steal money from their bank accounts.
It was also found that the scammers who contacted people via WhatsApp used the IRCTC logo as their profile picture to convince victims that they are legitimate IRCTC customer support representatives.
However, in one case, after posting a complaint on Twitter, a user was contacted by someone impersonating an IRCTC customer service representative. The scammer called the victim and asked to share personal information such as the Train PNR number, order number, refund amount, and payment method. But CRIL said that “even if the victim fails to provide the requested information, the scammer continues their efforts to successfully carried out financial fraud using various techniques”.
UPI fraud
The researchers claim that multiple scammers may target the same victim and use different tactics to gain control of the victim’s bank account through UPI fraud. According to them, “some examples of UPI frauds that scammers may use are linking victim’s mobile number or account through UPI to scammer device”.
In one case, the scammer called the victim and demanded personal information, including the UPI payment app they use. During the call, the scammer sent an SMS with an activation code and when the victim receives the message, the scammer requests that they send an SMS to a specific number. So when the victim forwards the received message, the scammer can link the victim’s mobile number or account to their own device via UPI.
In certain instances, it was seen that to avoid arousing suspicion, the scammer asked for basic personal information from the victim and sent a Google form to collect sensitive details, such as the victim’s mobile number, UPI PIN, and other personal information.
Phishing links and malicious APK files with names like “IRCTC customer.apk,” “online complaint.apk,” or “complaint register.apk” were sent to trick victims to reveal their net banking credentials, UPI details, credit/debit card information, and, in some cases, their One-Time-Passwords (OTPs) used for two-factor authentication (2FA) implemented by banks.
CRIL researchers also discovered one phishing website that asked victims to enter basic information such as their name, mobile number, and complaint query before prompting them to enter sensitive banking information. It would also request that the victim install a malicious application that would allow it to steal incoming text messages from the infected device.
As per the blog post, this fraud trend was perpetrated by a group of financially motivated scammers based in India. While it was first observed in late 2020, researchers say it has only recently begun targeting social media complaints to identify potential victims.
So, considering this new scam trend and possibly more unique cyber threats to appear in coming months, the Union IT Minister’s recently launched “Stay Safe Online” campaign—along with the “G20 Digital Innovation Alliance” (G20-DIA)—is a reasonable initiative as aims to raise awareness among citizens about the importance of staying safe online, given the widespread use of social media platforms and the increasing adoption of digital payments.
Read all the Latest Tech News here
