KOCHI: A Kochi resident says he got a call while ordering food. The caller posing as a bank employee offered help to complete his transaction and asked for his card details and PIN. Experts suspect fraudsters use malware to scam common people
Ordering food through online food delivery platforms has become a risky business as many fraudsters are getting their hands on vital information, including customers’ bank details, it is learnt. The fraudsters’ new operation method came to light when a 41-year-old resident from Palarivattom placed an order on a well-known food delivery app using his credit card on Friday.
“After entering all details on the food delivery app, I was waiting for the OTP. However, even after two minutes, I didn’t receive one. Instead, I got a call from a person who introduced himself as a bank official and offered assistance to complete the process. Though, initially, I felt it was a genuine call, I developed some doubts when he asked for the card number and PIN. Also, I felt his approach was not professional and his English was horrible. Caller ID and spam blocking app True Caller also identified the number as spam. So, I disconnected the call. Had I given my bank details, I might have lost my entire money,” he said, requesting anonymity.
He was clueless about how the fraudsters accessed a transaction made on a food delivery app.
“The banks have already communicated to their customers that they will never ask for OTP and card details through phone calls. If these fraudsters could extract my number from the food delivery app, it would be easier for them to loot everyone’s money. Luckily, I was able to escape from their trap. I suspect that these food delivery apps are sharing customer details with some fraudsters,” he said. Meanwhile, cyber experts are also baffled by the new modus operandi. They suspect it may be a case of Pegasus attack — a zero-click attack that will take control of a device without human interaction.
“The OTP scams and CVV scams are becoming old-fashioned. Instead, it has reached a new level — screen fraud and screen share fraud. Many people are unaware of data leaks between the sender and the receiver. One such malware attacker is Pegasus of the Israeli spy agency that India has been discussing of late. When downloading online applications, we need to see their logo and rating to make sure they are the authentic ones,” said Jince T Thomas, assistant commander (honorary) to Kerala Police Cyberdome.
No complaint regarding the new method used by fraudsters has been reported in the state, he said.
“Many app-based stores are saving our card information and this can lead to large-scale cyber fraud. Though the app service providers say our data is safe in their hands, the reality is just the opposite. It is a fact that there is a big mafia here today exchanging and selling data,” added Jince.
Earlier, the same food delivery application issued a warning to customers to be more vigilant after a customer in Bengaluru lost `4 lakh to a fraudster. “We are getting a large number of complaints about such online crimes. Most of the crimes happen after people share their bank details. People should never do this. We are trying to nab the fraudsters who are operating from other states. Soon, an interstate coordination committee will be formed to investigate such cases,” said P Prakash, deputy nodal officer, Kerala Police Cyberdome.
experts speak
Many suspect malwares like Pegasus are aiding scammers and advise users download only authentic apps