Goregaon resident says he was told to download a message forwarding app while ordering food online; expert says advisory needed on the new method
The fraudster withdrew the amount through six transactions
The Powai police have registered a case of cyber fraud where the victim did not share any OTP with anyone but still lost nearly Rs 75,000. Experts said this is a new method in which fraudsters misuse the features of a messaging app to steal money.
As per the complaint filed by Pradeep Prabhakar, 45, he was conned while trying to order breakfast online on June 27. “I found Roma Cafe on Google and called on the number available there, the person picked up the call and said he will call back in a while. Within two minutes I received a callback and he took my order details and later he asked me about the payment mode and I said that I will do a cash payment after receiving the order. The person then told me only an online payment option is available due to the pandemic and he forwarded me the link for the payment,” reads the complaint by Prabhakar.
The police said the caller asked the complainant to get an app. “I just downloaded the SPRING SMS app and didn’t add anyone’s number for SMS forward. The moment the download was completed, I started receiving transaction alerts. I called the bank which blocked the card. I ordered breakfast and it was just R350. The person on the phone gave me full comfort and I didn’t realise it could be a fraud,” Prabhakar told mid-day.
Prabhakar then raised a dispute with his bank and approached the police in Goregaon where he lives. But he was asked to approach the Powai cops since he was at his workplace at the time of the fraud. He then filed an online complaint which was then forwarded to Powai.
According to Ritesh Bhatia, a leading cybercrime investigator and founder of V4WEB Cyber Security, this is something new he has come across and the government must inform the public about this method.
“Users know it by heart not to share OTPs but cyber criminals always find a workaround to succeed in their dirty tricks. This time it’s the use of SMS forwarding apps. The fraudsters convince the users to install an SMS forwarder such as SPRING SMS by which all the messages that are sent to the victim also get forwarded to a number specified by the fraudster who immediately misuses the OTP to complete financial transactions from the victim’s account,” Bhatia said.
The expert said although there are not many such apps on the Play Store and App Store, the platforms must carefully scrutinise the use of such apps. “Users on the other hand need to be aware of such apps and the harm they can cause. CERT-In and all state cyber cells should also issue an advisory at the earliest so as to save more people from becoming victims,” Bhatia added.
‘Will look into the case’
An officer from the cyber police said they would need to check how the fraudster accessed the OTPs since the complainant had not added any number in the message forwarding app.
“Time and again we have been running awareness campaigns as far as cyber frauds are concerned. The first thing to avoid such frauds is people should stop sharing their details specially on the links. We will look into this case and if required will issue a cyber advisory,” said Milind Bharambe, joint commissioner of police, crime.
10% cyber frauds detected this year
According to data compiled by the Mumbai police, 901 cyber frauds were reported in the city in the first five months of this month and just 92 cases were cracked. Of all these cases, 203 were related to credit cards, 19 were about social media profile morphing, emails and text messages. There were 92 cases about obscene emails, SMS and MMS and cases were about phishing, hacking, tempering of source code, spoofing email and Nigerian fraud.