Mobile wallets are subject to fraud since most of them use the phone number as user ID and the only authentication required is a one time password (Six-digit PIN) to hack into your account. The fraudsters can completely wipe your wallet even before you realise it.
With the advent of rampant mobile penetration, ease of usage and free listing in ecommerce sites, it’s quite regular that we end up listing an item for sale on OLX, Quikr, Facebook Market place, Facebook pages, e-bay, Sulekha, 99acres, Magic bricks or any such good reputed market place (ours:- www.pilgrimaide.com/ecommerce/ ).
The fraudster (it’s normally a gang) target the seller and positions himself as a very comfortable well to do and a needy buyer. He will study your product, talk to you as a genuine buyer, even praise the quality of the brand and will talk about how easy these sites have become user-friendly.
Later, the fraudster finalises the deal and will say he is busy and his boy will come and pick up the item from your place or share a non-existing address to send the courier.
He will inform you that he will call you back after confirming with his partner and will call you in 10-15 minutes. He will say that his partner is convinced and confirm the courier service you are planning to send. They will also share their feedback and all such details which will make you believe that he is a genuine customer.
The script is well written and these guys even promise a bigger future requirement, which needs to be fulfilled in the near future.
Closing The Deal
After almost 30 minutes, he may call you from a different number (app like Truecaller shows these numbers are mostly registered as spam by earlier victims) and will say that he is making an advance payment so that it becomes easy for the boy to pick up. He also asks for your mobile wallet number for wallet transfer.
The Cheating Part
It’s a two-second decision-making time for the victim's mind.
Naturally, there is nothing abnormal till now and you are waiting for the money to be credited to your account. The fraudster now calls and says that he is doing this from computer and wallet gateway is asking for a PIN which you have received so that this will enable him to send the money from his account to the wallet gateway. He also creates a scenario of urgency.
By that time, you get an SMS with an OTP PIN and if you tell him the caller (fraudster), your wallet ownership is transferred and they can easily clean up your account.
If you notice that only the PIN/OTP number from message preview appears on the phone, then you don’t share the details.
A message from Paytm warns you, but the script is so well narrated you tend to look at only the PIN number in preview and share. Be careful as no payment gateway or company need the PIN for any transfer.
In our case, the incident happened on March 11, 2019, and the wallet was Paytm.
I received calls from two numbers -- 8905101188, 8937964392. Thankfully, we had the presence of mind to say “NO” and we narrowly escaped.Suggested action for mobile wallet companies Paytm, Mobikwik, Phonepe and Olamoney and the Reserve Bank of India:
Delay any such account ownership transfer to a new number/user by 24 hours Call/ e-mail, SMS and confirm with the first owner if such a transaction has been initiated. Anitha Ramachandran is managing director of www.pilgrimaide.com.