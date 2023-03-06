Mumbai: Customer care number scams – fake contact numbers of customer care helplines of popular institutions on the internet – have been around for years on Google. A recent study by CloudSEK, a Bengaluru-based cybersecurity research firm, has now found that such scamsters are moving away from Google to social messaging platforms to hook victims more effectively.

According to the study, fake customer care numbers are posted on the internet and on social media to lure customers of institutions like banks, e-commerce portals and even hospitals. When the victims call these numbers, they are duped into revealing their netbanking or card details, leading to their bank accounts being cleaned out. The scam, which started with wine shops, has today diversified to banks, hospitals and other commercial establishments.

Earlier this year, CloudSEK identified 31,179 such numbers that are still active, some of them in operation for over two years. The firm analysed 20,000 of these numbers, conducting a deep dive into the locations where the numbers were registered and the online platforms where they were posted to lure victims.

The Platforms

The trend of fake customer care numbers began around five years ago when cybercriminals discovered that they could replace contact numbers of commercial enterprises with their own numbers in Google Maps. Multiple researchers have also confirmed that in recent times, instead of changing numbers on Google Maps, cybercriminals are posting paid ads on Google. A paid ad automatically becomes the top result in any search, and even though Google marks it as an ad, the significance of it is not always clear to the lay user.

The CloudSEK report, authored by Vikas Kundu and Hansika Saxena, however, shows that cybercriminals now prefer social media over Google. Since social media pushes targeted ads on to victims’ screens, scamsters don’t need to rely on the victim running a Google search.

Kundu said that the advantage of using social media as opposed to Google ads was that social media was free and it also offered anonymity. “If you register a domain or purchase a Google ad, you have to spend money and there is a financial trail that can be tracked,” he said. “Moreover, if your ad or your domain gets blocked, you have to spend money all over again. With social media, you just push your ad to the relevant groups and if your profile is flagged, you simply export the same data to a different profile.”

Describing the methodology of their research, Kundu said that he and his co-researchers searched online with several permutations and combinations, including the names of the targeted companies coupled with the words ‘customer care’. “We found scores of web pages with fake customer care numbers against the particular company’s name as opposed to the real numbers,” he said.

The study found that 88 percent of the fake customer care numbers were distributed via Facebook advertisements, posts, profiles and pages. Of the remaining 12 percent, Twitter emerged as the most popular distribution medium, accounting for 53 percent of the traffic or 6.2 percent of the total traffic, followed by Google.

“To create an impression of authenticity, scammers frequently include a brief introduction and links to their social media accounts or posts alongside the counterfeit customer support numbers. However, a closer examination of these links reveals that they typically lead users to fake domains, fraudulent Whatsapp or Telegram accounts, and sometimes even fake email addresses. Scammers leverage social media accounts to lure customers to call fake customer care numbers, visit phishing sites or send emails from their personal accounts, thus compromising their email IDs,” the report states.

The Locations

The researchers also found that the scam relies heavily on SIM cards bought using bogus documents in the name of fake identities. Cyber law enforcement agencies across the country have confirmed the existence of criminal gangs that specialise in selling such SIM cards to cybercriminals.

“An analysis of the area-wise breakdown of fake numbers revealed West Bengal as the most prominent hub, accounting for 23 percent of the total registered fake customer care numbers. Kolkata served as the centre for many large-scale operations. Delhi and Uttar Pradesh tied at second place, accounting for 19 percent of the total registered fake numbers (9.3 percent recorded in each state). A possible reason for this could be the presence of various fake SIM card rackets in West Bengal, Delhi, and Uttar Pradesh. Law enforcement in these regions has time and again busted several groups with SIM cards purchased using stolen or forged identification documents,” states the CloudSEK report.

The Targets

The researchers stress on the fact that while the numbers are registered in these regions, they may be used from different locations to target victims across India. They also found that the banking and finance sector was the most targeted industry, followed by healthcare, telecommunications, and entertainment.

“In an attempt to deceive unsuspecting users, scammers utilised various means to impersonate genuine entities, including their name, logo, and similar-sounding domains. Identifying the entities targeted by these fake numbers proved to be a challenging task. While some could be identified through profile images in Truecaller records, others required a more in-depth analysis of the content on the associated source domains,” the report states.

The Trend

At the outset, cybercriminals identified wine shops as the most lucrative business to impersonate and lure people wishing to order liquor to their doorstep. Such customers ended up calling – and paying – the cybercriminals instead. Within a few months, the scam was known as the ‘wine shop scam’.

The scamsters, however, were just getting started. It didn’t take long for them to figure out that a far larger number of people called their banks than their local wine shops. By the time the common man got wise to the wine shop scam, the cybercriminals had already moved on to replacing customer care numbers of banks with their own and siphoning lakhs of rupees from the customers’ accounts under the pretext of ‘updating their KYC’.

Today, the scamsters have moved on from banks to hospitals, with scores of cases being registered where people trying to get appointments in hospitals ended up calling the cybercriminals instead. Similarly, ads in the name of all such institutions are created and posted on social media with the relevant tags, with the algorithm doing the rest of the work for cybercriminals.

Cyber police officers said that they, too, had been mapping an increasing trend of the shift from Google towards social media. “We collect details of scores of such accounts on a daily basis during our routine threat intelligence sweeps of the internet,” said a senior cyber police officer. “We collect details like contact numbers and IP addresses and check them against the complaints received on the National Cyber Crime Reporting Portal to see whether the numbers figure in any of them. As soon as a hit is received on the portal, we immediately send the details of the concerned account to the social media platform so that the profile can be blocked.”