While Union IT Minister Ashwini Vaishnav launched a new campaign called “Stay Safe Online” as part of India’s chairmanship of G20, a new wave of financial frauds revealed a report by Cyble Research and Intelligence Labs (CRIL). In which scammers, monitoring Twitter complaints, are targeting IRCTC customers and UPI users.
According to many tech experts, cyber security and online scams have emerged as important concerns in recent years, while the country is witnessing a digital boom. From online payments to online health consultations as well as education, Indians have embraced all kinds of new technology when needed. But at the same time the reports also highlighted a significant rise in online fraud cases.
For example, UPI fraud cases increased from 50,812 in Q4 of 2021 to 1,13,137 in Q1 of 2022, according to cyber flows for Q3 and Q4. Additionally, Internet banking fraud complaints saw a 14% increase from 13,791 in O4. 34,229 in the first quarter of 2022.
The report states that “technological advancements and the COVID-19 pandemic have also accelerated the dependence on digital platforms to perform daily and essential activities, making users more susceptible to cyber threats”.
Additionally, according to Ministry of Home Affairs (MHA) data, UPI fraud contributed significantly to a 15.3% increase in the total number of complaints registered on the National Cyber Crime Reporting Portal (NCRP) between Q1 and Q2 of 2022.
a new wave
CRIL’s latest investigation report has revealed that there is a new scam trend, which targets Indians who post complaints on social media accounts. Several photographs were also shared as evidence of the modus operandi in the report.
The researchers found that scammers are now prowling Twitter and other social media sites, demanding refunds to customers for problems faced with services offered by IRCTC.
In a blog post, CRIL said: “Scammers use Twitter to find potential victims by monitoring user complaint tweets. These tweets, made to draw attention to issues and problems, are used by cyber criminals to target their victims.” We also saw a scam involving IRCTC. Scammers monitor Twitter for complaints about the Indian Railways, and when they get a victim’s contact information, they call to initiate the scam. will do.
The researchers pointed out that when users report complaints on social media, scammers take advantage of the opportunity to conduct phishing attacks and instruct them to register their complaints and download malicious files to steal money from their bank accounts. Let’s give
It was also found that scammers who contacted people through WhatsApp used the IRCTC logo as their profile picture to make victims believe that they were legitimate IRCTC customer support representatives.
However, in one case, after posting a complaint on Twitter, a user was contacted by someone impersonating an IRCTC customer care representative. The scammers call the victim and ask to share personal information like train PNR number, order number, refund amount and payment method. But CRIL said that “even if the victim fails to provide the requested information, the scammers continue their efforts to successfully perpetrate financial fraud using various techniques”.
UPI Fraud
The researchers claim that multiple scammers may target the same victim and use different tactics to gain control of the victim’s bank account through UPI fraud. According to him, “Some examples of UPI fraud that scammers can use are linking the victim’s mobile number or account to the scammer’s device through UPI”.
In one case, the scammers called up the victim and demanded personal information including the UPI payment app she was using. During the call, the scammer sent an SMS with an activation code and when the victim receives the message, the scammer requests that they send an SMS to a specific number. So when the victim forwards the received message, the scammer can link the victim’s mobile number or account to his device through UPI.
In some cases, it was observed that in order to avoid raising suspicion, the scammers asked for basic personal information from the victim and sent a Google form to collect sensitive details like victim’s mobile number, UPI PIN and other personal information.
Phishing links and malicious APK files with names such as “irctccustomer.apk,” “onlinecomplaint.apk,” or “complaint register.apk” provide victims with their net banking credentials, UPI details, credit/debit card information was sent to appear. , and, in some cases, their one-time-passwords (OTPs) are used for two-factor authentication (2FA) implemented by banks.
CRIL researchers also unearthed a phishing website that asked victims to enter basic information such as their name, mobile number and complaint query before prompting them to enter sensitive banking information. It will also request that victims install a malicious application that will allow it to steal incoming text messages from the infected device.
According to the blog post, this fraudulent activity was perpetrated by a group of financially motivated scammers based in India. While it was first observed in late 2020, researchers say it has only recently begun targeting social media complaints to identify potential victims.
Therefore, in view of this new scam trend and potentially more unique cyber threats in the coming months, Union IT Minister has recently launched “Stay Safe Online” along with “G20 Digital Innovation Alliance” (G20-DIA). Has launched campaign – Ek Proper Hai The initiative aims to raise awareness among citizens about the importance of staying safe online in view of the widespread use of social media platforms and increasing adoption of digital payments.
read all Latest Tech News here