How a cybercrime network operates through (fake) electricity bill messages

Published on Sep 22, 2022 08:14 PM IST

When several complaints came from BSES billpayers about them being conned and their money stolen, the police were alerted about a scam. Little did they know, this scam operated beyond the city borders.

Earlier this month, Delhi Police unearthed the scam which involved people posing as electricity officers, tele-callers, bank officials, SIM card sellers, and e-mitras working in different states. (File Photo) PREMIUM
Earlier this month, Delhi Police unearthed the scam which involved people posing as electricity officers, tele-callers, bank officials, SIM card sellers, and e-mitras working in different states. (File Photo)

New Delhi: "Dear Customer Your Electricity Power Bill will be disconnected tonight at 9:30 pm from electricity office because your previous month bill was not update. Please immediately contact with our electricity officer". This is the message which Rajesh Mehta, 62, an East Delhi resident received on his mobile phone a few weeks ago. Scared, he called the number given along with a message, and the moment he did, 10,000 was deducted from his pension account. He only realised later that he had been cheated and that there was nothing wrong with his electricity bill cycle.

On December 1, 2021, BSES put out a message on Twitter after they were made aware of the prevalent fraud in the name of the electricity bills:

Earlier this month, Delhi Police unearthed the scam which involved people posing as electricity officers, tele-callers, bank officials, SIM card sellers, and e-mitras working in different states. With legal action against 65 persons from 22 states, the police said that they have been able to see a decline in the number of such cases.

But in the past few months, the scamsters have been able to cheat people of crores in the name of their BSES bills. And because electricity is a necessity, people fall prey to those cheating them. Not just Delhi, cheating in the name of pending electricity bills, occurs in other states, police officers probing cybercrimes said.

The tricks

An investigator explained that once the message is received, those who do not doubt its authenticity first call the number mentioned in the message. During the call, the fraudster impersonates an electricity department officer. Through social engineering or manipulation skills, the fraudster either takes the bank account details or installs remote-access software. Once the details are shared, the fraudster transfers the amount from the victim's account to their account using the remote-access software, as they can see the one-time passwords (OTPs) and other details.

A complainant said that the scamster asked them to install TeamViewer — a remote access software. Another said that when he called the number, the person sent a link with the message "Bill payment update" and the link opened to a payment gateway and he paid 11,000 only to realise later that he had been cheated.

By August, the police had received more than 200 complaints on the national cybercrime portal from Delhi and more than 1,000 from across the country. While analysing the call details and the financial trail, they found that the network is countrywide. The epicentre, however, was the cheating hub, Jamtara in Jharkhand, infamous for cybercrime across India.

The network

Another police officer dealing with cybercrimes said that the racketeers involved in such frauds are not just based in Jharkhand, but are also spread across areas of Bharatpur and Mewat in Rajasthan and Haryana. The kingpins based in Jamtara, Bharatpur or Mewat have their network of agents and accomplices in other states such as West Bengal, Gujarat, Maharashtra, Punjab, Madhya Pradesh and even in the Northeastern states of Assam and Mizoram, the officer said.

Every member of the syndicate plays a different role in cyber fraud, with the masterminds mostly involved in conning target victims by impersonating electricity department officials and tricking them into paying money or sharing confidential details related to their bank accounts or apps. Once the money is received in a bank account or an e-wallet, the amount is quickly transferred into multiple accounts opened across the country using forged accounts. The money is then withdrawn in minutes, much before the victim can find themselves cheated, the officer said.

Police officers said that fraudsters have a huge database of mobile numbers, which they receive from SIM card providers. The same SIM-card providers help them with SIM cards obtained through fake IDs. The gang also involves account holders and providers who procure bank accounts on fake documents or procure bank accounts from poor people.

“The messages are sent in bulk and the database of the target people are procured by the fraudsters through various means, mostly with the help of employees of telecom service providers or companies that create databases of people in the name of various surveys or schemes, where customers are provided with gifts. The accounts in which the duped money is transferred are purchased on a commission basis. Those who open such accounts in bulk mostly use documents and details of people, who are mostly villagers or labourers,” added the officer.

Explaining the role of e-mitras in this racket, an investigator said that the initiative to help citizens access business-to-consumer services is misused by racketeers. E-mitra is a government scheme that was introduced to help people, who are unsure or unaware of technology, through “e-mitras” who help people through processes such as filling out forms, and paying bills online through debit and credit cards. "They procure credit cards on fraudulent documents and use the same for paying the bills of the general public. They repay the credit card through the cheated money. Further, e-mitras have their associates who swipe the credit cards at petrol pumps or other shops to redeem cash from the same," the officer said.

Tele-callers send bulk messages to random numbers and when people call back, they impersonate an electricity officer and get the remote-access software installed in their mobile phones and transfer the amount from the bank account.

Action and awareness

Police officers are of the view that cybercrimes are preventable but only when more people are made aware of the various tricks through which they could be conned. As a law enforcement agency, the most the police can do apart from identifying and nabbing cyber-criminals is to identify, monitor, and block phone numbers, bank accounts or e-wallet accounts used for illegal activities.

According to the Delhi Police, after they initiated action against fraudsters, the number of complaints reduced significantly.

Cautioning people against the scam, an investigator said, “Firstly, no official of electricity department or any other government department asks you to install any software in your mobile phone to resolve any grievance and never seeks any bank details including account number and other. And secondly, one must always notice the language and grammar used in the message sent and verify the number it has been sent from which is a huge giveaway of this scam.”

Apart from law enforcement agencies, even electricity distribution companies have also taken up the issue and are working in sync with the police to alert people and curb cyber fraud. In Delhi, the power distribution company, BSES, said it has been sensitising its nearly 4.7 million consumers and undertaking an aggressive campaign in the last few months across multiple platforms, including on social media, WhatsApp, SMS, and consumer newsletters (that are sent with bills) to inform consumers to be vigilant of these fraudulent calls and messages.

“Our officials are also educating consumers during in-person interactions and in resident welfare association [RWA] meetings to be alert on fraudulent calls and messages regarding electricity disconnection and bill payment, and not click on unknown links or call on suspicious numbers received through SMS/e-mail,” said a BSES spokesperson.

“We also urge our 47 lakh consumers to be alert and pay electricity bills only through bonafide platforms such as BSES WhatsApp, BSES Website, E-Wallets, and QR Code printed on the electricity bill,” added the spokesperson.

Enjoy unlimited digital access with HT Premium

Subscribe Now to continue reading
freemium
SHARE THIS ARTICLE ON
SHARE
Story Saved
×
Saved Articles
Following
My Reads
My Offers
Sign out
New Delhi 0C
Monday, September 26, 2022
Start 15 Days Free Trial Subscribe Now
Register Free and get Exciting Deals