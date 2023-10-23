How the fraudsters set up online shopping scams and dupe people.
(Made using Midjourney, directed by Kamran Akhter / The Quint)
Around 62 percent of Indian consumers are likely to face online shopping scams during the holiday season, as per a survey conducted in 2022 by Harris Poll on behalf of Norton LifeLock.
The survey, which included eight countries, found that the United States was the second most liable group at 36 percent.
It further mentioned that 54 percent of the victims in India were targeted on social media platforms, while 37 percent were scammed over phone calls and 36 percent on third-party websites.
The Quint's third part of the Scamguard project aims to offer a guide to tackle the most common types of e-commerce scams and help you escape the trap of such fraudsters.
Before moving on to the different kinds of scams, let's understand how the fraudsters set up their elaborate scams and dupe people. We spoke to Sandeep Kumar Shukla, a Computer Science and Engineering professor of IIT Kanpur, who said that the trap is laid in four stages.
1. Reconnaissance: It is the first stage where scammers find information about a potential victim, their contact details, and other details. These data can be leaked through various data breaches and details like phone numbers can be found by crawling social media platforms.
2. Weaponisation: Scammers identify the things a particular person falls for. This process usually entails the fraudsters looking through the person's social media activities and their online presence. The scammers also look at people's buying habits and then approach them through social media or phone calls.
3. Initial access: The victim receives an offer that is too hard to resist. People usually believe that they are being provided these offers by some store they recently visited, but that is not the case.
4. Execution: Scammers ask the victim to download some third-party applications or click on a link to avail the offer. This leads to the victim being duped of their money.
"About three months ago, I got a call early in the morning saying that my delivery was stuck and they [person posing as FedEx executive] need some information from me to make sure that the delivery belongs to me...The guy on the call said that the parcel delivery is stuck at Taiwan Airport customs because it carried some illegal stuff," said Glenissa Pereira, a media professional.
She was then asked to get in touch with the cyber cell. When Pereira asked how the caller offered to connect the call directly to the cyber cell. This is where she first got suspicious of the caller.
However, she continued speaking to the person and got connected to a lady who asked for all the details. Pereira was asked to share reference IDs and other details, and then the lady said that they would need to file an First Information Report (FIR). When Pereira questioned a few things, the scammers said they would call back but they didn't.
A report in The Indian Express said that a doctor was cheated of Rs 4.47 crore by scammers who posed as employees of FedEx and Mumbai Police officers.
Similarly, the doctor's call was transferred to a woman who claimed to be an officer in Andheri police station. The "police officer" asked the victim to download Skype on her mobile to file a complaint online.
The victim received a call on Skype from a person who was supposedly an officer from Mumbai Police Crime Branch. The doctor was asked to produce screenshots of her bank balance for verification or she would be arrested.
The victim was directed to transfer the amount to an RBI stipulated account and was informed that the amount shall be returned after verification.
According to Deccan Herald, Bengaluru police registered around 163 cases of FedEx courier scams in 2023. More than Rs 5 crore have been lost in these scams.
FedEx has also warned people not to share personal information when they are being connected to law officials by some posing as the company's customer care executive.
A Facebook user named 'Deelip Menezes' explained how a scammer tried to dupe them of money while trying to buy some gym equipment which Menezes advertised.
The potential buyer did not bargain and agreed to send Rs 2 on Google Pay to do a transaction check.
When Menezes did not receive money, the scammer shared a QR code and asked the former to scan the code.
Menezes scanned the code and received Rs 2 on his account. Soon, the scammer another QR code to settle the balance amount.
However, Menezes realised that the code was for sending payment and not receiving.
Posing as Army officers: Rakshat Tandon, a cybersecurity expert, told The Quint that there have been a lot of cases on OLX where scammers used fake identification cards of uniformed officers to create a small trust value with the victim.
He said the scammers usually send a small amount to check with the victim if they received the money.
When the victim replies they have received the amount, the scammer sends a QR code saying that this is a special account as we work in the army forces.
The scammer, pretending to be an army officer, asks the victim to scan the code and receive the money. However, when the victim scans the code, they end up losing and not receiving money.
Several versions of the scam: Scammers impersonating army personnel and duping people of their money on OLX is not new.
The Quint published a report in 2018 where Talha, a dentist in Hyderabad, was cheated of Rs 21,000 by a seller who identified himself as an army personnel.
The scammer used a leaked AADHAR card and an Army identification card to gain the trust and then dupe people.
Scammers often identify themselves as customer care executives and trick people into revealing sensitive information under the guise of offering help and resolving issues. These fake executives ask people to download some third-party screen sharing application or share malicious links on WhatsApp to dupe people of their money.
Sharma said that as soon as she entered her UPI PIN on her screen, as the "customer care executive instructed, " the call was disconnected. Two days later, she lost around Rs 5,000.
For the unversed, the AnyDesk application provides the host (in this case the scammer) remote access to a user's personal computer or any other devices.
How do scammers ensure their fake numbers rank higher on search? Professor Shukla said that the perpetrators use search engine optimisation to put their websites up in the list of when certain keywords or business is searched.
We came across a different version of the scam where fraudsters claim that the company is offering free gifts if they are willing to pay a comparatively small amount.
A user on X named Ravishankar said that he received a call from a person claiming to be from Decathlon and was offering gifts such as Dell Laptop and Voltas air conditioner.
The user received the call after placing an order for shorts and a UV guard on the platform.
The "representative" asked the user to add items worth Rs 5,000 and pay through UPI on the link shared by the former. Then, the gift would reflect in the cart of Decathlon.
This is one of the most popular scams, where fraudsters pose as delivery partners of e-commerce platforms such as Amazon and Flipkart. These fraudsters reach the doorsteps of customers and claim that the order was cash on delivery.
However, when the customers refuse to accept the order, the fraudsters ask for an OTP to "cancel the order." As soon as the customers share the OTP, their accounts are comprised and end up losing money.
The official X account of National Informatics Centre (NIC) had also shared a video to warn users against such scams.
Another variation of this scam is sending a fake order message on a customer's phone number and then asking for the OTP to cancel the order.
An X user named Amit Singh shared his experience when he received a link for an order that he didn't place.
The delivery executive then asked the user for an OTP to cancel.
The video shows the user clicking on the link. However, it does not reflect anything on the application.
These types of scams are the most common ones. Fraudsters create fake Instagram pages and upload advertisements at lower prices to lure people into buying products from their pages. However, after the payment is made, the customer never receives the product.
Rahila Anjum, a victim of online shopping fraud, said that they come across one such advertisement on Instagram where the supposed company was offering products at cheaper and affordable prices.
Anjum placed the order and received a text as a confirmation. The link shared in the message did not open and Anjum never received the product.
A user named 'Kaushik Maiti' on X shared several images mentioning that Facebook Marketplace has become "a place for scam and fraudulent activity."
The screenshots shared by the user shows them purchasing a kid's cabinet on Marketplace by paying a sum of Rs 1,600.
However, the user added that the product was not delivered and nobody responded after the payment.
According to a recent report, a 28-year-old man from Rajkot ordered an iPhone for Rs 11,500 after coming across an advertisement on Facebook Marketplace.
However, when he received the parcel, he found a bottle of deodorant. The victim then filed a formal complaint on 20 August, which led to an arrest.
As we saw in the case of FedEx scams, one should remember that no company will directly connect you to a cyber cell official under the pretense of your courier containing some illegal items.
We should be careful of ordering products from unknown websites, or those platforms that have lower reviews.
Do not be in a hurry to make a purchase or sale, because scammers latch on and benefit from the impulse of the victims.
Professor Shukla too listed out few measures one can undertake to escape the elaborate trap laid by the scammers.
Always be on guard and never trust unsolicited calls or texts.
Even if you respond, do not reveal anything about yourself such as your profession, financial conditions, and so on.
Not to fall for lucrative offers or easy money, because in most cases they won't be genuine.
Do not download an application just because the "customer care executive" is instructing you. Always check about the applications before installing them.
Be wary of strangers on social media platforms. Do not click on any link sent to you by people whom you don't know.
The Quint contacted Smriti Joshi, Chief Psychologist at Wysa, to understand people's cognitive biases after their decision-making when contacted by scammers.
Joshi said that cognitive biases such as confirmation bias or authority can significantly influence individuals. While confirmation bias can cause people to favour information that confirms their existing beliefs, the authority bias involves a tendency to trust authority figures like police or customer service representatives.
Why do call scammers call at irregular hours?: Joshi said, "Calling at irregular hours disrupts a person's emotional equilibrium and exploit the vulnerability of being caught off guard. This emotional manipulation impairs clear thinking, and decision-making, and pushes the individual to act impulsively or to resolve the perceived threat issue.
The psychologist said that it is crucial to remain calm and not act in an impulse or act hastily. If one tries to dig out information from the caller and ask several questions about their identity, chances are they might hang up the phone.
