Every step of the way, in a highly volatile and rapidly evolving digital landscape, we are faced with numerous cyber threats like identity thefts and economic scams trying to rip us off. Some want to steal our money, some want to use our identities for their illegal activities, some want to gain access to our private data and use it for blackmails. While such threats are not new, in our wild times, they now come in all kinds of colours, shapes and sizes. It’s not going to easy, as it will get harder for us to separate the real from the fake, with powerful artificial intelligence tools right on the horizon. Hence it’s upon us, to secure our digital lives, to arm ourselves, with actionable awareness and keep ourselves updated with all the dangers that might cross our paths. More importantly, we need to discuss solutions and remedies for those who are already affected. This is why we at Team FoneArena have taken up this ask to do a monthly round up, to create awareness and further the cause of a “Cyber Secure Bharat” in the future. Ok then, let’s get into this month’s list of hacks, scams, cyber threats and possible solutions. Do read till the end for a very important solution!
This article is brought to you in partnership with Truetalks Community by Truecaller, a dynamic, interactive network that enhances communication safety and efficiency. https://community.truecaller.com
Threat 1 – Get Rich by just playing Games Scam
This is one of the biggest unchecked scams being run in our country. If one app gets deleted, another one sprouts up the very next day. Here’s the modus operandi. Firstly, this app which is most likely a simple puzzle game or a casino roulette, is free to download and will have advertisements as its main source of revenue. The game will be extremely simple at the beginning, and will offer a lot of “points” or “credits” to make the user play again and again, with a promise of being able to convert it into money when it reaches a certain point. That point, will also seem very reachable at first, with every round of the game giving the player the points in large sums, until it starts getting closer to the optimal amount where the player will be enticed with a “UPI or GPay instant payment” of a meager sum of money. All this while, the player would have watched video ads or static ads of various advertisers, and some times it is of other fake games like these. Progressively the game starts getting tougher and tougher and it becomes literally impossible to reach the amount of points where the game promises a pay out. It just never happens. Worse are games that follow this model and actually ask the player to deposit an amount to their account to proceed to win bigger amounts. Every single day, thousands of such apps and games are being removed from the Apple App Store and the Google Play Store, yet, they keep sprouting like mushrooms the very next day. Somehow, they are able to pose themselves are developers and infiltrate in to the application stores which, due to sheer volume, operate on a nearly automated basis. Hence, our take away must be that such games and apps, if found to be installed in your friend or family’s devices, make sure they are uninstalled, because they tend to seek permissions into private data as well sometimes.
Be very aware of these scams, as exposed by entrepreneur Deepak Shenoy on X, which talks about apps that make you input gambling money and promise returns. Sometimes, they actually let you win! In one such story, Deepak Shenoy was having a conversation with his barber whose uncle “won” Rs. 80,000 in an app. The uncle wanted more, so he did not cash out and eventually ended up losing nearly 1.32 Lakhs. The lesson is clear, once a person falls into this trap of “greed”, the app owner makes a ton on money and then naturally scoots. The app goes bust, the scammers take all the money and run away.
Threat 2 – Fake Trading Apps Scam
Nithin Kamath, of Zerodha, had posted a very important awareness video on his account to make us aware of the “Fake Trading Apps” that are doing the rounds. What is a fake trading app, you ask? Well, it looks just like a real trading app where you can create an account to start buying/selling shares and some even go to extreme lengths and provide you a personal funds advisor who will “help you out” and guide you to buy the shares and stocks in the completely fake stock market inside this completely fake app. Hard to believe right? Well, real people have lost real money.
In the video shared by Nithin Kamath, some of the scenarios are downright shocking, because we all know that retail investor boom is currently experiencing a digital adoption in our nation, and naturally, ignorance is widespread. Taking advantage of this situation, and the lack of proper safeguards, a gang of scammers were caught swindling a number of people in the city of Hyderabad. The top loser, a 41-year old man in this city almost lost 1 lakh USD to a Whatsapp scammer. In Pune, nearly 110 people lost a whopping 18 crores to multiple scams in just two months. Two people in Mumbai lost 7 Crores to a stock market cyber fraud scammer. The modus operandi is really simple, it starts with a Whatsapp message from a random person claiming that once you join a particular group, you can start earning 20x more from a single stock trade. Once a person joins this group, there will already be a hundred or so people talking about stocks, which to buy, how much they made that week etc. to entice the new joinee. The next step would be to share a link in that group, for an app on the Google Play Store or App Store which will be of a legitimate-looking trading app. This app will mimic the registration process of a normal trading app, which will require your Aadhar and PAN details as well. Right at this point, there will also be “help” from the admin of the Whatsapp group to guide you through this process. The “customer support” of this Whatsapp group will also push you to make the first investment in this fake trading app. Until you make the purchase, it will be pushed to the maximum and the amount will definitely not be small, with other fake users constantly motivating you in the group. Most likely, the transaction will be asked to be made via IMPS service, as UPI is more likely to be caught by the security agencies. This will be a huge red flag. Even then, because others are already using it, we will be tempted to transfer the money and sure enough, it will start reflecting inside the fake trading app. From here on, the so-called “customer support” will regularly suggest “stocks” to buy and predict the swings of it openly. From here on, the user is now in the net of the scammers. The fake trading app will keep rewarding and keep asking for more money to invest. The trick here, is when the user wants to cash out, the process will be so convoluted that they will ask for more money as tax and commission for withdrawals and eventually, block your number and run away. To secure ourselves from these kind of scams, we need to keenly verify the app developer, their website, their background and only then invest. It’s once again, greed that gives way to these fake trading apps.
Threat 3 – E-Commerce Insiders Delivery Fraud
Here’s a startling scam revealed by X user Ayush Chourasia on how his friend got scammed on Amazon E-Commerce. The scam looks so nicely thought out because, as the claim goes, it might involve insiders as well. The story begins with Ayush’s friend ordering a “LaCie Mobile Drive 5TB External Hard Drive” on Amazon. When it was time for delivery, instead of receiving a message on SMS, the buyer received messages on Whatsapp. This is the first red flag. The next step was messages that said “Product delivery was attempted, but not delivered” because apparently the delivery agent couldn’t reach the customer. Instantly the next moment, the update says that product was delivered. This left the customer of the product baffled because he never got contacted nor did he receive the product, so promptly, the buyer contacted the customer care support and tried to file a complaint. The customer care agent promises to solve this issue in the “next 2-3 days”, and then the communications stop once again, as the buyer receives no updates thereafter. 3 days later, when the buyer tries to contact the customer care again, he is told that there was no complaint registered in the first place, which, once again, leaves the buyer baffled because he did register it. Then, he is told that he will receive the final update soon, and soon enough, when he calls again, the customer care tells him that his complaint was already “closed” and that the issue was already solved. The buyer doesn’t stop there and he tries to contact Amazon Support on Twitter, only to be responded to again by saying that the issue was already “closed” and that the agents are not able to do anything further. The end result was that the buyer lost 10,000 rupees on a product that never got delivered, but it did get delivered to someone. As he realized this, the buyer then contacted the delivery service responsible for this package, which was Blue Dart. Since the buyer was from Jamshedpur, he went directly to the office and tried to gather some details on the delivery, which Blue Dart finally revealed as delivered to some “Kanju Singh” on a different address than the one the buyer was in. Even posting this proof to Amazon’s Twitter didn’t help the buyer receive his product, and all that was left for him was to expose this to everyone and make us aware of such scams being run on e-commerce websites, even with high reputation, like that of Amazon India. What’s revealing in this scam is, that the customer support executives and the delivery executives might have worked in tandem to enable a different delivery address and the closure of the complaints. The buyer did not click on a wrong link, nor did he make any mistake in the process of buying his product. Still, he was scammed by a motivated group of people who seem to have co-operated very closely as real insiders on a massively used platform like Amazon India. Surely, it is upon Amazon to clear this up, but so far, nothing has been done. It definitely exposes the weakness of big brands in rural India and tier-2, tier-3 cities where the outsourcing of customer support and delivery services have resulted in such a well co-ordinated scam. The first red flag was in not receiving a proper message on SMS, which is a must, if we need to monitor the credibility of the middle-men and increase accountability. This is the lesson we would need to learn, while ordering high value products on e-commerce.
Threat 4 – Wallet Cashback Investment Scam
Nearly 5,000 crores were swindled by a company called “TalkCharge” which promised huge cashbacks on much smaller investments into the so-called “wallet”. We all know what mobile wallets are, they are places where we can park a particular amount of money for our liking, and they will let us use it for online payments wherever possible, in a fast and easy way. PayTM was and is one of the biggest companies built on this idea, although they have very much moved away from the Wallet model and now adopted an entirely UPI-led path. But wallets still exist, and they are now run on the business model of “Cashbacks”, which entices a lot of users to use a particular app because the cashback on it is very high. One such app that has recently been unearthed is “TalkCharge”.
Until 2023, this company ran as a legit operation, offering cashback amounts much larger than their competition. In January of 2024, the scams seem to have begun, for whatever reasons. Starting June 2023, the company started charging a convenience fees of a whopping 20% and then in August, it promoted a “no fees” option over a deposit of a huge “1.5L”, just to remove that 20% fees. This is the huge red flag that was missed by a lot of users, who once again, fell to the greed of amazing “cashbacks”. In March 2024, the service stopped working and people were not able to retrieve the money that was deposited in their digital wallets. After running away from cops for quite a while, on September 4, the founder of this app, Ankush Katiyar, was arrested by the Delhi Police in the national capital. Katiyar and others have been booked under Sections 120-b, 420 of the IPC and The Haryana Protection of Interest of Depositors in Financial Establishment Act, 2013. Several questions were raised against the other main character in this story, Shivani Maheshwari and several other employees, who seem to have taken part in this operation. According to this video report in CNN News 18, over 800 victims, ranging from a small shop owner to a multi-national company’s CFO, were duped by this app’s extremely crazy levels of cashbacks upon investments. Ever since digital wallets became big, this attractive scheme of cashbacks and “free money” have lured greedy customers to investing in their services with amounts previously thought to be small. An increased trust atmosphere in the digital playground is also becoming a feeding ground for scammers who invent several new ways to dupe customers and inciting them with unbelievable “offers”.
These are the major threats that have been going around in the past month or so, that we felt, must be exposed to our readers. We hope you found it useful. But there’s more. The Government of India is cognizant of these cyber threats and scams because many of them have started to be run from unfriendly nations and have started to become part of cyber operations of enemy nations which want to keep India weak, so a new initiative has begun, as a part of the Home Ministry.
I4C – Indian Cyber Crime Coordination Center
This initiative by Government of India, started on January 10, 2020 has gained a very important update. 5,000 new Cyber Commandos will be trained and deployed to combat the menace of scams and other cyber threats that prey on innocent people and their finances. There will also be a new “Suspect Registry” where previous offenders would be registered and be tracked with more vigour. It’s just like the criminal registries that exist for offline crimes. Going further, a new Cyber Fraud Mitigation Center (CFMC) will be established as a nodal point for collaboration between different verticals like banks, IT intermediaries, telecom providers, and law enforcement. This will enable cross-sharing of data and easier collaboration amongst stake holder who operate in completely different domains. “Cyber Dost” is the official Government handle on X, where all these updates will be shared, as the implementation begins. This initiative, not only provides jobs to ethical-minded cyber-aware netizens, it also takes the efforts from the government side, a step ahead. All these new initiatives were launched yesterday, with a big event, presided by Home Minister Shri Amit Shah himself, on the 1st foundation day of “I4C”, showing the gravity and seriousness of these issues.
The Government of India has openly stated that they are working for a “Cyber Secure Bharat” as the goal, in which, we, the netizens are equally responsible for. To achieve this, a new “Samanvay” platform has been launched, as a “Joint Cyber Crime Investigation Facility System” for all kinds of scams and threats that we face everyday. We appreciate this move from the Government of India, but we also understand that the criminals will always be one step ahead and even more anonymous and fake in the era of artificial intelligence. So, let’s continue to expose ourselves to all kinds of threats and be secure in the digital life that we have inevitably accepted as a valid economic pathway.