A new trend in online fraud has emerged with miscreants indulging in website spoofing — creating fake webpages — by listing their personal cellphone numbers as the “24X7 customer service helpline” of banks and financial institutions, in order to cheat customers who call with queries.
The most recent case is that of a 49-year-old man who lost Rs 77,000 after he called his bank with a query. The fraudster used his details to make three fraudulent transactions. Besides, the Employees’ Provident Fund Organisation (EPFO) has also filed a complaint with the Mumbai Police alleging that that fraudsters had inserted their mobile numbers online as that of the EPFO to cheat members.
Narayan Rathod (47), the complainant in the first case, approached the Mankhurd police earlier this week alleging that on October 9, he called up a public sector bank where he has an account. “I wanted a mini-statement and hence, searched on Google for the bank’s customer service number. One of the first web pages that popped up had a mobile number listed as the 24X7 customer service number. The person who answered the call identified himself as one Mr Agarwal from the bank’s support team,” Rathod said in his complaint.
“I told him I wanted a mini-statement, following which, he sought my account details. I provided him with the bank account details and the mobile number linked to the account. He then told me that he was linking my number to my bank account and would send me the statement soon. Later, he asked me for the last six digits of my debit card number. He then told me that I will receive a message on my mobile and that I should forward it to two cellphone numbers he provided,” the complaint added.
Within minutes, Rathod received a message that he forwarded to the two numbers. Soon, he got a message that Rs 50,000 had been debited from his account.
“I immediately called up the ‘customer service number’. Mr Agarwal told me that it was an error and they will credit the amount soon. He then asked me to give my entire 16 digit debit card number to rectify the error. At this point, I realised it was a fraud and immediately disconnected the phone,” the complainant mentioned.
He then approached the bank and got his debit card blocked. The bank officials advised Rathod to register a complaint with the police. Rathod then gave a written complaint to the Mankhurd police and BKC cyber police stations.
However, the next day again, he received messages about two transactions of Rs 20,000 and Rs 7,500 from his account. He informed the bank and approached the police again, following which, an FIR was registered at the Mankhurd police station. “We have registered an FIR under the IPC and the Information Technology Act against unidentified persons. No arrests have been made yet,” said a police officer.
The EPFO, which had registered a complaint with the Nirmal Nagar police, also issued a public notice in newspapers stating: “Immediate attention has been drawn in respect of EPFO subscribers/members and pensioners that instances have come to notice of EPFO, Bandra… that in Google search, when contact details of EPFO Bandra is searched, it gives the result of office name, address, timings. However, the cell number 091021XXXXX is reflected as contact number. It is clarified that the said contact number does not belong to EPFO Bandra…. the person is asking for… ATM card number from EPFO subscribers/ members for processing of withdrawal of Provident Fund…”
An officer from the cyber police station said, “While we don’t have specific data… we have received several complaints where a similar modus operandi has been used over the past few months. Last month, a student from Andheri lost Rs 10,000 in a similar way after looking for the customer service number of a bank online.”
“This modus operandi is called ‘website spoofing’, where you create a webpage that looks similar to that of a bank so that it shows up on the very first page of Google search. One of the best and easiest ways to find out if the site is spoofed is to look for the HTTPS protocol before the website address, which is safer than HTTP. Most banks will use HTTPS protocol while the fake sites will have HTTP,” the officer added.