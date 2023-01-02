Mumbai: Cybercriminals continue to adopt new methods to dupe people. In two such cases reported at Malabar Hill police station on Saturday, scamsters replaced the contact numbers of popular establishments— a women’s magazine and a food delivery portal—with their own numbers to dupe victims.

In the first instance that occurred at around 11am on Friday, Amisha Kanoriya, 39, a writer, looked online for a contact number for the Women’s Era magazine as she wanted to check the status of a payment due to her for one of her recent short stories. Of the two numbers she found on Google, there was no response on the first, while her call to the second number was answered.

“The person on the other end confirmed that he was speaking from the magazine and asked her to install an app called ‘Rusk Support’ as part of the ‘payment process’. We suspect that it was a screen sharing app, using which the accused obtained the victim’s net banking or UPI wallet credentials. Within a few minutes, two transactions of ₹40,000 each were made from her account,” a police officer said.

When the victim asked the accused about the transaction, the scamster said it had happened by mistake and that he would revert the amount as soon as she followed the steps as instructed by him. Suspecting something amiss and not wanting to lose any more money, the woman immediately cut the call and deleted the app. She approached the police on Saturday. The police tried finding the app on the Play Store but it was no longer available, the officer added.

In another case, Yazdi Pavri, 57, a Zoroastrian priest, fell prey to a similar modus operandi. On a Google search for food delivery portal Swiggy’s customer care center, Pavri found a phone number and called it at around 6pm on Friday. He was supposed to get a refund on a recent order that was never delivered.

“The person at the other end convinced the victim to install TeamViewer, a known screen sharing app, and log in to his Paytm wallet. Pavri followed his instructions as he had paid for his order via Paytm and thought it was part of the process. As soon as he logged in, a total of ₹1.28 lakh was debited from his two bank accounts linked to his Paytm wallet in four different transactions,” the officer said. Pavri subsequently approached the police on Saturday.

In both the cases, the police have registered offences of cheating and impersonation under the Indian Penal Code along with relevant sections of the Information Technology (IT) Act.

Cyber police are worried about the diversification of the modus operandi, which began with wine shops and has now spread to banks, delivery portals and even clinics and hospitals.

“From customers of commercial establishments, the scamsters moved to targeting people seeking appointments at clinics and hospitals and now people following up on their payments from publications or food delivery apps. If mechanisms like home delivery and telecalling services, which were put into place for the sake of ease of business, lose their credibility, it might cause heavy damage to establishments as well as customers,” a senior cyber police officer said.

The modus operandi

Such cybercrimes hinge on Google Map’s policy of User Generated Content (UGC). Under this policy, Google lets users generate the content on its Maps pages. Hence, any user can tag their own or someone else’s businesses and enter contact details for the same. Other users can then add reviews, which new users tend to check before engaging the services. At the same time, if a contact number or an address is incorrect, any user can correct it.

Cybercriminals started exploiting this feature by replacing contact numbers of wine shops with their own. Every time customers called the number thinking they were calling a local wine shop; the criminals would ask for ‘advance payment’. Soon, they started tricking the customers into revealing their login credentials or into installing screen sharing apps, which let them access their targets’ screens in real time.

From wine shops, the frauds have now moved on to banks, online shopping portals, clinics and hospitals and now publications.