The charts below are a collection of the queries that we have received in the months of July, June, April and May. They are a representation of the main threats that have been targeting large swaths of people, mainly focusing on Indian demographics.
All of these attacks have caused significant monetary losses to innocent people; each attack is carried out in entirely separate ways. More information on these attacks can be found through the following links:
In the month of July, we saw a marked increase in the number of attacks where the perpetrators pretended to be Army personnel. Around 70 cases had this same modus operandi, leading to losses of upwards of 1,00,000 ₹(approx. 1,330 $) from several unsuspecting individuals.
The queries received here have been broken down into two types:
Here the victims are contacted by the scammers ﬁrst. The scammers pretend to be from GooglePay support ,from a courier(bluedart,DTDC etc) or from a telecom company like Airtel and call the victims. They then convince the victims that a payment is pending and that they need to do it on the call itself. The victim is then sent a Google Form or a [phishing]website link where the victim will enter his UPI PIN under some pretext.
The scammers then send a SMS to the victims telling them to forward that SMS to another number. When this is done, this causes the victims UPi ID to be taken over by the scammers completely. This is the most ﬁnancially damaging scam we have seen, as soon as the scammer takes over the UPI Id of the victim, they always completely clear out the bank accounts linked to that UPI ID.
Even when victims have contacted the banks about this, the banks have been clueless in a couple of cases and completely failed to secure the bank accounts, leading to even more losses.
Here too, we have seen two types of scams occur:
In both of these cases we have been able to help the victims in some way. With the phishing websites, we have informed the victims on what details of theirs have been compromised. With the second one we have been able to inform the victims on how to identify and try to verify the details of the scammer.