One evening, Prasad (name changed) was busy winding up his routine work at the accounts department of Flagwell Pvt Ltd (name changed) when he saw a new WhatsApp message. He had received a message from a US number, but the profile photo was that of the company's managing director (MD). In the message, the MD told Prasad that he was busy at a conference and needed to send their clients some gift cards. Since Prasad knew that his boss was very much in the office, he went to him and showed him the WhatsApp message.
Prasad was not fooled by this message, but this was just the beginning of a targeted onslaught. In the next couple of hours, the MD and senior colleagues began to receive messages and queries from other employees, including some former employees asking about the messages. In all the cases, it was from an overseas number. Some even received calls impersonating the voice of the boss, while few received emails from IDs that were different from the official one.
Flagwell is a tech company that realised what was happening and quickly swung into action and issued a communication to all employees not to respond to such messages, calls or emails. It also asked them to share this in groups where they may have former colleagues.
One more fraud is spreading widely - 'Like it & Earn Money' on WhatsApp. Let me reiterate, every fraud occurs on one of two principles - fear or greed. When coupled with ignorance or gullibility, it is a recipe for losing money to confidence tricksters. According to police officials, many are losing money in this greedy game.
Scammers Impersonating Company Boss
Scammers who impersonate company bosses can use various tactics to siphon money from unsuspecting individuals through WhatsApp messages, emails or even voice calls. It may sound quite easy, but fraudsters spend a lot of time in this modus operandi.
It starts with gathering information about the targeted company and its employees. Fraudsters also use publicly available sources, social media platforms, or even previous data breaches to collect personal details.
Using the information obtained, scammers create a fake WhatsApp profile resembling that of the company boss. They use the boss's name and picture to make it appear legitimate. In Flagwell's case, the MD's image was picked up from his LinkedIn profile.
The scammer then contacts an employee within the company, typically someone who has access to the accounts department or can authorise payments. They send a message from the fake profile, pretending to be the boss and initiate a conversation. In Flagwell's case, Prasad received a message asking if "we can make a purchase. The other line was switched off, so you talk to me here."
The scammer employs various techniques to build trust and credibility with the targeted employee. They may reference recent company events, projects, or confidential information to convince the employee that they are indeed the boss.
Once the scammer establishes trust, they create a sense of urgency. They claim that there is an urgent situation, such as a business opportunity, legal issue, or time-sensitive payment, that requires immediate attention. They instruct the employee to transfer a significant amount of money to a specified account, providing plausible reasons for the request.
For Flagwell, it ended here. However, in similar cases, the scammers try to manipulate the employee with pressure or psychological tactics and use terms like 'confidential nature', 'importance of maintaining secrecy' and why the transaction is essential for the company's interests.
If an employee raises doubts, the scammers provide false assurance or explanations to alleviate any doubts. They may claim that the request is part of a highly confidential project or that other high-level executives know and support the transaction.
In most cases, money transfer takes place through short URLs that hide the original web address. In Flagwell's case, the 'boss' told Prasad to download Paytm and purchase the gift cards for himself to provide the claiming code.
To avoid suspicion, scammers often use money mules or money laundering techniques to obscure the origin and destination of the funds. This further complicates the tracking and recovery process.
Eventually, the scam is discovered when the legitimate company boss or the victim realises they have been defrauded. By this point, the scammers have likely withdrawn or moved the money to other accounts, making it challenging to recover the funds.
It is crucial for individuals and organisations to remain vigilant and implement security measures such as two-factor authentication, secure communication channels, and strict verification processes to protect themselves from such scams.
Also, remember, deep fake audios, or even videos, are being created at an alarming speed and are used for contacting gullible users and requesting them to transfer funds or to accompany strangers by faking an emergency.
If you receive such a message from anyone seeking money, or a gift, try and reach the person whose name is used in the message. It would save you money and a lot more trouble. Being vigilant and verifying who you engage with is imperative.
'Like It' Scam Spreading from WhatsApp to Telegram
A software engineer in Gurugram lost over Rs42 lakh after scammers tempted him with promises of huge earnings for simply liking videos on YouTube. He was first contacted via WhatsApp and then added to a group on Telegram.
A senior official from the Delhi police told IANS that, in the past six months, several cases of fraud, ultimately connected to Chinese cyber gangs using WhatsApp to connect and lure people, have come to light.
"They lure people on the pretext of small earnings just for a 'like' and then dupe them of their hard-earned money from banks. Several Chinese gangs have been identified behind such rackets operating across the country and rotating money through hawala channels," the official says.
According to the police, a woman in her recent complaint said she was searching for a job online when she received a WhatsApp message from an unknown number. She was offered Rs50 per like for any link on social media accounts sent on WhatsApp. After three likes, she was asked by the sender Xarina to open a link on Telegram to receive the money.
"She joined the Telegram channel, and Rs150 was credited to her bank account. Xarina then instructed her to join another Telegram channel and like some YouTube videos, which she completed and received Rs200 in return," Sanjay Kumar Sain, deputy commissioner of police (DCP), told the newswire.
Later, Xarina convinced her to invest in cryptocurrency with the promise of significant profits. The woman initially invested Rs1,000, and Xarina lured her with the prospect of even more profit. However, the woman lost around Rs22 lakh in a single day and requested legal action against Xarina for her actions.
According to police, these Chinese cyber-criminals have developed a module to cheat people looking for online work from home or part-time jobs as Chinese loan fraud is now declining due to action by agencies and awareness among people.
A few days ago, a 55-year-old from Thane fell victim to a 'like and earn' fraud where scammers lured him with handsome returns for his efforts and drained his account of over Rs14 lakh.
Police told the Times of India
that the resident of Ghodbunder Road was approached last month by scammers through a social networking app, where they lured him with good returns for various tasks, which included giving likes and good ratings to certain products online.
Initially, the scammers paid him good money, after which they gained his confidence and later offered to increase the returns only to dupe him with Rs14 lakh, the report says.
Recently a retired officer from the government shared his experience with this 'like it' fraud. He says, "I narrowly escaped from a similar trap recently wherein the anonymous caller asked me to rate 'hotels' and offered to pay me Rs3,000! Just before clicking on the links he sent on my WhatsApp number, I asked him how he got my number. He said he got it from his human resources (HR). Then, I asked him to send me the link to how he received it. That alerted him, and he dropped the call cursing me!"
All these incidents keep hammering the message that there is no alternative to remaining alert to safeguard our hard-earned money!
How To Report Cyber Fraud?
Do report cyber crimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in
or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.