Paytm, one of the most widely accepted modes of digital payments in India, is being used by scores of people as a replacement for cash transactions.
But with its rising popularity, Paytm has been exposed to a litany of scams as fake websites use the online portal’s name for offering deals to unsuspecting users.
One such scam that’s been doing the rounds recently is a simple four-question quiz that claims that you can earn Rs 1,000 as Paytm cash.
The website used Paytm in its domain name (http://paytm.quiz-reward-offers.in/) and can easily be confused for a real rewards program.
The Quint reached out to Paytm on Friday afternoon, 16 November, regarding the URL. The fake website was taken down later in the day after an internal investigation, the company said in a response issued on Saturday.
The company also issued a statement: “Paytm has a robust security infrastructure that continuously scans the internet for all owned domains/websites of the brand. It immediately flags and alerts the security teams in case of any suspicious/fake/phishing/vishing websites are observed on the internet. This is a continuous activity where strict control, monitoring of alerts and relevant actions are performed.”
HOW DOES THE SCAM WORK?
The URL directs a user to a simple quiz. After answering the four questions, you are directed to a portal asking you to share the link to the quiz with ten of your friends on WhatsApp. In the next step, the end goal of the scam, you are asked to download an app from the Google Play Store.
The assumption is that the end goal of this quiz was to boost the number of downloads of an app. Developers and creators can purchase a service online to boost the sales of an app.
Notice all the spelling mistakes (marked in red) in the pictures below:
NOT THE FIRST TIME PAYTM HAS BEEN MISUSED
Recently, the Hyderabad Task Force had said that some cyber attackers used a ‘Prank Paytm’ app from the Google Play Store to dupe shopkeepers by claiming that they had purchased the product through the app. The scam worked unless the cashier instantly looked for a receipt.
Similarly, Shobhit Bakliwal from Jaipur alleged that a man pretending to be a Paytm employee tried to unsuccessfully gather his Paytm account password. Bakliwal detailed the incident on and cautioned users to be alert while dealing with sensitive information.
HOW TO SPOT A FAKE WEBSITE/SCAM
There are some easy steps you can take to check the authenticity of the website:
- HTTP = Bad, HTTPS = Good: Never trust an HTTP website with your personal information. The ‘S’ in https:// stands for secure and indicates that the website uses encryption to transfer data, protecting it from hackers.
- Check for easy markers such as spelling mistakes, typos or broken links and site loops.
- Look for the copyright information at the bottom of the page. That usually helps. For instance, in the fake Paytm website, the copyright stamp said “Copyright © 2018 Pay-tm Cash” (Note the hyphen in Paytm).
- Look up the domain age: Fake websites usually don’t last long and have fairly new domains. You can look up more information about the domain using Domain Big Data. For instance, the Paytm quiz domain was just three days old.
- Look for reliable contact information: Look for several ways to contact the company (phone, email, live chat, address) and try them out.
- Walk away from deals that are too good to be true: And last but not the least, know that nobody will hand you cash or deals that are too good to be true. Just walk away.
Paytm also said that users can reach out to their cybercell and register a complaint at firstname.lastname@example.org.
(This copy has been updated with Paytm’s response.)