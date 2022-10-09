Many users have been receiving messages on WhatsApp and via SMS from unknown numbers which claim that the user’s electricity, telephone or other connections will be disconnected unless they contact a certain number. “I received the first SMS on September 30 and then a second message on October 2. My mother also received a similar message. We have a very high electricity bill so I thought that maybe it is right,” Soumya Sengupta, a 38-year-old Kolkata-based businessman told indianexpress.com.

“So I checked the CESC [Calcutta Electric Supply Corporation] website where I usually pay the bill. But all the dues were paid. That is when I suspected it was a scam,” added Sengupta. “Your Electricity Power will disconnect at 9:30 pm as your last month (sic) bill wasn’t updated Call us [mobile number],” said two separate messages sent to Sengupta.

The scam messages received by Soumya Sengupta.

The scam is also popular on WhatsApp. “I got the message on September 26. I immediately identified it was a scam. I got two houses, one in Kolkata and one in Odisha. I have never gotten a WhatsApp message from either of the distribution companies in the cities. And even when companies use WhatsApp, it will have a logo and it will be from an official account,” said Anthony Khatchaturian, a 41-year-old freelance writer who works out of Kolkata and London, to indianexpress.com.

“My question is if I was not knowledgeable or tech savvy, or maybe I got scared and fell for the scam, who would I call? Do I call the distribution company, do I call the police? Also, in India, you cannot get a number without an Aadhaar card. Imagine the confidence they have to publicly scam so many people with a number linked to an Aadhaar card,” added Khatchaturian.

“Please Update Your Bill. Dear Consumer Your Electricity Power will be disconnected. Tonight at 8.30 PM from(sic) electricity office. Because your previous (sic) month bill was not updated please immediately contact (sic) with our electricity officer [phone number] thank you,” said a WhatsApp image sent to Khatchaturian.

The scam message received on WhatsApp by Anthony Khatchaturian.

While Sengupta and Khatchaturian identified the scam for what it was, it is possible that others have fallen for it. If an unsuspecting victim were to be lured into the scam, the malicious actors could potentially defraud them of money or their sensitive personal information.

“One of our family friends was fleeced of Rs 25000 by cyber fraud. His daughter got an SMS stating that their electric meter will be disconnected today for non-payment of dues. The daughter forwarded the call to her father. Father called that number and he was asked to download an APP to make a payment. On downloading he was asked to make a test payment of Rs. 5. On doing the same he found Rs. 25000 debited to his account,” wrote Twitter user Digamber Karekar (@drkarekar) in a tweet. Indianexpress.com has not been able to independently verify this.

Sengupta and Khatchaturian are Kolkata residents and Karekar’s Twitter profile says he lives in Mumbai but the scam seems to be common in other cities as well. A user in Delhi received a similar message. In another version of the scam, the scammer pretends to be from the telecom company MTNL.

“Using SMS messages as an attack vector may seem rudimentary, but as with email phishing, it’s still disconcertingly effective. These attempts often imitate trusted brands or personal contacts to entice the victim to click on a link or share personal details in confidence,” said Sundar Balasubramanian, Managing Director, India, and SAARC region, Check Point Software Technologies, to indianexpress.com over email.

“This method has proven particularly successful as after one device has been compromised, its entire contact list is up for grabs, creating an endless cycle of possible victims,” added Balasubramanian. Check Point Software, an American-Israeli IT security firm, has observed a continuous increase in such “Smishing” or SMS phishing campaigns.

Balasubramanian recommends that users be careful about downloading applications, making sure that they only download apps from the Google and Apple stores. Also, mobile users should avoid downloading or clicking on unknown links that come in emails, SMS messages or through other messaging applications.