Cyber Security Advisory – July 2020

Cyber Crime July 2020 Breakdown

The charts below are a collection of the queries that we have received in the months of July, June, April and May. They are a representation of the main threats that have been targeting large swaths of people, mainly focusing on Indian demographics.

July 2020 Cyber Crime Report

All of these attacks have caused significant monetary losses to innocent people; each attack is carried out in entirely separate ways. More information on these attacks can be found through the following links:

  1. Scams on OLX
  2. Scams through UPI
  3. Scams on Tinder

In the month of July, we saw a marked increase in the number of attacks where the perpetrators pretended to be Army personnel. Around 70 cases had this same modus operandi, leading to losses of upwards of 1,00,000 ₹(approx. 1,330 $) from several unsuspecting individuals.
OLX Query Breakdown July

OLX Cases Breakdown

The queries received here have been broken down into two types:

  1. Scams where the Victim was trying to Buy a product
    • In these scams, most of the times the seller is pretending to be someone from the Army or works at an airport. They use stolen IDs to convince victims that they are legitimate. And the victim then transfers the amount directly through a UPI Id or to a bank account provided by the scammer. This is the most common type of scam across all our queries.
  2. Scams where the victim was trying to Sell something
    • In these scams, the scammer will pretend to be interested in a product and will send a QR code as the means of payment, the QR code when scanned will debit that money from the victim instead of crediting it.
OLX Cases Breakdown June

UPI Query Breakdown

Here the victims are contacted by the scammers first. The scammers pretend to be from GooglePay support ,from a courier(bluedart,DTDC etc) or from a telecom company like Airtel and call the victims. They then convince the victims that a payment is pending and that they need to do it on the call itself. The victim is then sent a Google Form or a [phishing]website link where the victim will enter his UPI PIN under some pretext.

The scammers then send a SMS to the victims telling them to forward that SMS to another number. When this is done, this causes the victims UPi ID to be taken over by the scammers completely. This is the most financially damaging scam we have seen, as soon as the scammer takes over the UPI Id of the victim, they always completely clear out the bank accounts linked to that UPI ID.

Even when victims have contacted the banks about this, the banks have been clueless in a couple of cases and completely failed to secure the bank accounts, leading to even more losses.

Tinder Scams

Here too, we have seen two types of scams occur:

  1. The victim is sent to a phishing site and his card details are compromised.
  2. The scammer pretends to be a girl and across a couple of weeks builds trust with the victim, making him send money to the scammer directly.

In both of these cases we have been able to help the victims in some way. With the phishing websites, we have informed the victims on what details of theirs have been compromised. With the second one we have been able to inform the victims on how to identify and try to verify the details of the scammer.