Sign in

Now, cybercriminals target social media posts

Police and independent cybersecurity agencies are currently tracking a growing trend where cybercriminals are targeting grievances aired by customers on social media. Then, they are posing as representatives of certain establishments to scam the customers.

Published on: Jan 8, 2023, 19:30:36 IST
By
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

Mumbai: Netizens, who use social media to talk about their grievances against commercial or government establishments, should now be extra cautious as cybercriminals are scanning such posts to con the user.

The trend is also being tracked by Cyble – a cybersecurity research firm headquartered in the United States of America. According to Cyble’s research, the modus operandi seems to exclusively focus on Indian victims and employs a variety of tactics to gain the victim’s confidence. (Image for representation)
The trend is also being tracked by Cyble – a cybersecurity research firm headquartered in the United States of America. According to Cyble’s research, the modus operandi seems to exclusively focus on Indian victims and employs a variety of tactics to gain the victim’s confidence. (Image for representation)

Police and independent cybersecurity agencies are currently tracking a growing trend where cybercriminals are targeting grievances aired by customers on social media. Then, they are posing as representatives of certain establishments to scam the customers.

On December 29 2022, a case was reported, when M N Meena – a Vile Parle resident – tweeted to the Indian Railway Catering and Tourism Corporation (IRCTC), stating about her ticket which was yet to be confirmed. In a bid to ease the process, Meena shared the ticket details, along with her mobile number, in the tweet.

Within an hour, she received a call from a fraud, who claimed to be from IRCTC. Under the pretext of getting her ticket confirmed, the accused allegedly siphoned off 64,011 from her account. Meena subsequently registered an FIR with the Vile Parle police on December 31.

“We conducted a technical analysis of the IP address and the location of the number used by the accused, which confirmed that the accused had misused the details shared by the victim on Twitter. This, however, is just one among scores of cases we are seeing right now,” a senior officer with the Mumbai Cyber police said.

Even when contact numbers are not shared, the scamsters send Direct Messages to the victims, using spoofed accounts of establishments like IRCTC, banks, e-commerce portals and restaurant chains, the officer added. Over the last two months, numerous spoof accounts have come up on Twitter and Facebook, and cybercriminals spend their days scanning for posts regarding ticket issues with IRCTC, banking-related complaints and issues with delivery involving platforms like Flipkart, Amazon or Swiggy.

“The advantage of this modus operandi is that the scamsters already have details about the issues being faced by the customer, which they use to win their confidence. Further, no establishment likes to leave a customer’s issue unaddressed on the internet for all to see, and the standing instructions are to immediately respond to the customers so that a redressal process can be initiated. The cybercriminals simply mimic this procedure, and do it before the actual representatives can,” the officer said.

The trend is also being tracked by Cyble – a cybersecurity research firm headquartered in the United States of America. According to Cyble’s research, the modus operandi seems to exclusively focus on Indian victims and employs a variety of tactics to gain the victim’s confidence.

“In certain instances, the scammer may request basic personal information from the victim to avoid arousing suspicion and will send a Google form to collect sensitive details, including the victim’s mobile number, UPI PIN, and other personal information,” Cyble’s research report states.

Sending a Google form instead of verbally asking for sensitive details further seals the scamster’s position of trust in the victim’s mind, lowering the latter’s defences.

Other tactics noted by Cyble in its monitoring of the trend include sending a malicious file via WhatsApp or sending the link to a website hosting malware, which is made to look like a customer support website.

“In addition to targeting IRCTC users, these scammers have also been targeting users of other brands and organisations such as MobiKwik, Spicejet, and Indian banks. When users report complaints on social media, scammers take advantage of the opportunity to carry out phishing attacks by asking them to download malicious files to file their complaints and steal their funds from bank accounts,” Cyble’s report states.

Catch every big hit, every wicket with Crickit, a one stop destination for Live Scores, Match Stats, Infographics & much more. Explore now!

Stay updated with all the Breaking News and Latest News from Mumbai. Click here for comprehensive coverage of top Cities including Bengaluru, Delhi, Hyderabad, and more across India along with Stay informed on the latest happenings in World News.