Digital scams have witnessed a sudden spike during the lockdown since people are relying on digital services for various activities - be it shopping, banking, payments, groceries and food. But this very reliance on digital platforms is not without risks.
A Paytm user said she lost Rs 98,100 while she was simply trying to contact the leading mobile wallet firm.
The dangerous scam that duped Disha Jolly of nearly Rs 1 lakh is sadly not the first of its kind. It appears many people have fallen for this type of online phishing attack. But it is Disha's unfortunate ordeal that has drawn attention to the fact that the oldest trick in the book still prevails and companies have done little to prevent it.
How Google Search cost dearly?
Disha Jolly, a resident of New Delhi who runs her own health food company under the brand Disha's Functional Foods, was duped of a large sum - at a time when COVID-19 lockdown has taken a toll of many livelihoods. Disha, who had been a Paytm user, was merely trying to get a statement of her account, but little did she know that a great deal of torment was awaited.
After failing to get hold of Paytm executives on the phone and Disha visited the Noida branch to get her request across, but it didn't yield an expected outcome. That is when Disha asked her assistant to get Paytm customer service on phone, which he managed to after retrieving the number from Google Search.
On September 28, after getting one "Paytm executive" on line, Disha was put on the call. Unsuspecting, Disha went ahead with her request and was asked to perform a series of actions.
Disha is told to copy a link sent to her phone and send to an unknown number. Then, the person on the phone told Disha to go to Paytm and send Rs 5 and enter the UPI pin as 000000. The transaction failed as Disha's pin was different, but then a message from Axis Bank arrived saying the bank's UPI PIN was changed. Disha was alarmed, but the person assured her the Axis Bank UPI wasn't changed and to verify the same, Disha used her old PIN in Axis Bank app and it worked. Disha was at ease, after all, she knew getting hold of the Paytm executive was a dreary task.
But the person asked Disha to repeat the same step, but using her phone number instead. Moments later, Rs 98,100 was transferred out of her account, the guy hung up and blocked all numbers. Disha immediately called Axis Bank to secure the account, she even filed a complaint with cyber crime and Paytm, but nothing helped nab the scammer and her money was gone. Disha has been following up regularly with the authorities.
Paytm hasn't responded to Disha's queries or offered any assistance in the matter. Its silence forced the entrepreneur to express her angst on social media, demanding action against Paytm.
Paytm issued an email statement to IBTimes. Here's what it has to say.
"We have been striving to create awareness about cyber frauds that have helped millions of fellow citizens to stay safe while transacting digitally. In case of any dubious transaction, users can contact us through any of our social media handles or our 24x7 customer care helpline numbers mentioned in our app. We are constantly in touch with social media firms and search engine majors to take down any fraudulent customer care numbers posted on their platforms. We have a dedicated cyber-security team that constantly monitors all social media channels and gets over 7000 such fraudulent posts removed every week. We also request our users to never make any advance payments to any stranger or un-verified merchant. We are working with all government agencies including different state police cyber cells, TRAI, etc to tackle such scams. Customer awareness is the most critical aspect to curb such frauds, and we will continue to spread awareness about scams and educate our users on ways to protect themselves from such scenarios."
Oldest trick in the book
Just last year, we warned about scammers' trying to drain bank accounts with a simple trick. All they did was manipulate Google Search result to swap the phone number, so when someone looks up the customer care number for any company, like Paytm in this case, they reach the scammers.
Scammers are taking advantage of a helpful Google tool to scam unsuspecting people of hundreds and thousands. Since you're the one calling the number, it's natural to let the guard down. But that's how this scam works.
Things you should never do
- Never share any banking information over the phone
- Never click on any links sent over email or SMS unless from a verified source
- Always get a company's contact number from official websites with HTTPS prefix
Sadly, it's been a year or possibly even longer since the scam has been in the works and scammers have been able to get away with people's hard-earned money without a trace. No action has been taken by the companies, whose false customer care numbers are available for anyone to find easily with a simple Google Search. This is an opportunity for scammers to skim off money from unsuspecting people as there's an established sense of trust as the victims are the ones calling the scammers here.
Paytm's role in preventing phishing scams
Paytm has taken some initiatives to reduce scams. It was the first payments app to implement screen blackout functionality to prevent Remote Desktop Fraud & blacks out transaction initiation screens if the screen is being shared through leading screen sharing apps. Paytm had even taken the fight to telcos as they carry the responsibility to prevent and punish phishing given that they issue SIM cards in bulk and use deceptive headers in SMS.
This story has been updated with Paytm's response.