Express news service
KOCHI: A Kochi resident says he got a call while ordering food. The caller posing as a bank clerk offered to help him complete his transaction and asked for his card details and PIN. Experts suspect fraudsters using malware to scam ordinary people
Ordering food through online food delivery platforms has become a risky business as many scammers get their hands on vital information, including customer bank details, we learn. The new way scammers operate came to light when a 41-year-old Palarivattom resident placed an order on a well-known food delivery app using his credit card on Friday.
“After entering all the details on the food delivery app, I was waiting for the OTP. However, even after two minutes, I did not receive any. Instead, I got a call from someone who introduced themselves as a bank manager and offered to help me complete the process. Although initially I felt it was a genuine call, I developed some doubts when he asked for the card number and PIN. Also, I felt his approach was unprofessional and his English was terrible. The caller ID and spam blocker app True Caller also identified the number as spam. So I disconnected the call. If I had given my bank details, I might have lost all my money, ”he said, on condition of anonymity.
He did not know how the fraudsters had accessed a transaction made on a food delivery app.
“Banks have already communicated to their customers that they will never ask for OTP and card details through phone calls. If these scammers could extract my number from the food delivery app, it would be easier for them to loot everyone’s money. Fortunately, I was able to escape their trap. I suspect these food delivery apps are sharing customer details with some scammers, ”he said. Meanwhile, cyber experts are also baffled by the new modus operandi. They suspect that it may be a Pegasus attack – a clickless attack that will take over a device without human interaction.
“OTP scams and CVV scams are getting old fashioned. Instead, it’s taken to a new level – screen fraud and screen sharing fraud. Many people are unaware of data leaks between sender and receiver. One of those malicious attackers is Pegasus from the Israeli spy agency which India recently discussed. When downloading apps online, we need to see their logo and rating to make sure they are authentic, ”said Jince T Thomas, Deputy Commander (Honorary) of Kerala Police Cyberdome.
No complaints about the new method used by scammers have been reported in the state, he said.
“Many app-based stores log our card information, which can lead to large-scale cyber fraud. Although application service providers say our data is safe in their hands, the reality is quite the opposite. It’s a fact that there is a big mafia here today that trades and sells data, ”Jince added.
Previously, the same food delivery app warned customers to be more vigilant after a Bengaluru customer lost 4 lakh to a fraudster. “We receive a large number of complaints regarding such crimes online. Most crimes happen after people share their bank details. People should never do that. We are trying to catch fraudsters who operate from other states. Soon an interstate coordinating committee will be formed to investigate such cases, ”said P Prakash, deputy node officer, Kerala Police Cyberdome.
Many suspicious malware like Pegasus helps crooks and advises users to only download genuine apps