11 July,2022 07:49 AM IST | Mumbai | Shirish Vaktania
mid-day reporter Shirish Vaktania speaks with the fraudster. Pic/Nimesh Dave
As the new electricity bill scam grips the city and innocent citizens continue to lose their hard-earned money in the blink of an eye, mid-day decides to go deeper and understand the operations of these fraudsters. This reporter connected with a scamster who posed as an electricity officer and stayed with him till the end, losing Rs 1,400, so that you don't fall in the trap of the imposters out there.
The imposters manage to scam gullible consumers by threatening to disconnect the electricity supply. There have been hundreds of cases of power bill scam in the city, but the police have managed to crack just a few of them. Between June 7 and July 4, imposters cheated 76 people and looted Rs 1.06 crore from them in Mumbai alone. The Mumbai police made the first arrest of a 37-year-old man, who duped a 53-year-old resident of Nepean Sea Road a few days back.
Also read: Electricity bills to go up from this month in Maharashtra
ALSO READ
CCI slaps Rs 213 cr penalty on Meta in relation to WhatsApp privacy policy; asks co to desist from unfair biz ways
Mumbai: ‘Mom’ robs actor’s wife out of nearly Rs 1 lakh via texts
SC dismisses PIL to ban WhatsApp for failure to comply with govt regulations
UDF demands probe into religion-based WhatsApp groups created by suspended IAS officer
Delhi court discharges man accused of rape, cites contradictory WhatsApp chats
To know exactly how the imposters operate, mid-day reporter Shirish Vaktania trailed their modus operandi and here is what he found: The imposter calls you and introduces himself as an employee of a power distribution company, and asks you to pay the bill or face disconnection. Once he convinces you, he asks you to download an app, such as AnyDesk, QuickSupport or TeamViewer, from Google Play Store. These apps give them remote access to your mobile phone, after you share with them a unique code given in the app.
Once the caller has access to your phone, he sends a link, asking you to fill in your personal information, including details of your credit/debit card. Lastly, the caller guides you to deposit an amount of Rs 10 or less on the pretext of updating the electricity bill that he claims has crossed the due date. Once you make the payment, the caller sees the remaining balance in your bank account through the bank's auto alert message that you receive on your mobile phone. He then cleans your account of all the balance.
Attempt 1 fails
July 8, 2022, at 10.35 am: This reporter receives from a friend a screenshot of a message that read: Dear Consumer your Electricity Power will be disconnected tonight at 9.30 pm from electricity officer previous month bill was not updated. Please immediately contact with electricity officer 9330387188.
mid-day reporter Shirish Vaktani checks AnyDesk app
The reporter calls on the number, and in the evening receives a message: VEVC Your electricity power will be disconnected 10.30 pm because your bill not updated. Contact electricity call 9861237276. Regards IBM He contacted 9861237276, and here's how the conversation proceeded:
Reporter: Hello, I received a message that my electricity bill is not updated, but I had already paid my bill. Don't disconnect my power supply
Fraudster: Hello, I am the electricity officer and I will help you. Your electricity bill is not updated in the system. You can update it through your mobile phone only. If you don't, our electricity officer will disconnect your supply
Reporter: What do I do?
Fraudster: Go to Google Play Store and download AnyDesk
Reporter: It is done.
The reporter then gives him a nine-digit number to the caller, who takes control of his phone. In some time, the caller sends the reporter a text message with a link to pay Rs 2 to update the electricity bill. The link was: https://surveyheart.com/form/62bd42685b6e107a683daf21. The reporter opens the link. However, the fraudster realises the reporter is taking screenshots of the procedure and grows suspicious. The caller goes to the factory settings of the phone and erases all the data.
Attempt 2.0
The reporter gets another contact number from which a similar message for power bill update was sent. He calls the number and the conversation [that happened in Hindi, and was translated to English] starts. The reporter has kept a little over R1,000 in his bank account for the trap.
Reporter: Hello, I received a message saying my power bill has not been updated
Imposter: Yes, it's correct, but I will help you update it. Put your phone on speaker and follow my instructions. Go to Google Play Store and download AnyDesk. I checked my system and I can see that we did not send you any message for update
Reporter: You sent the number on father's phone number, and he asked me to check
Imposter: Okay. You download AnyDesk
Reporter: Yes, It's downloaded.
Imposter: Now, you will be able to see a nine-digit number on the app. Give me that [The reporter gives him the number]
Imposter: Okay, we have accepted your request to update the bill. You should have received a message with a link, open the link
Reporter: I am being asked to pay R10 to update the bill
Imposter: Yes, you have to pay a charge, which will be adjusted against your next month's bill
Reporter: A page with PayU merchant has opened
Imposter: Is âupdate electricity bill' mentioned there?
Reporter: Yes
Imposter: Enter your father's mobile number and email ID
Reporter: It's done. Now there's a payment request
Imposter: Does it mention 'update electricity bill'?
Reporter: Yes
Imposter: Now make the payment using the link I shared earlier. You can pay Rs 10 through your card or via online banking
Reporter: Will the bill be updated after the payment?
Imposter: Most certainly. Now a page will open where you have to enter your card number, expiry date, CVV and name of the card and proceed
Reporter: Done
Imposter: Now you will receive an OTP which you have to enter on a page that opens. Do not share the OTP with me or anyone else
Reporter: Rs 10 is deducted
Imposter: Now, you would have received a message from your bank about the deduction of R10. Please share that with me
Imposter: Your power bill is not getting updated with this card, do you have any other?
Reporter: No
Imposter: Use your dad's card
Reporter: He is not at home
Imposter: Put him on a conference call with us, and ask him to send the photo of his card on WhatsApp
Reporter: Ok, I will do that. [Before adding his father, he asked him to not answer the call]
Reporter: My father's not answering the call
Imposter: Send me his number, I will add him.
Imposter: Your father is not answering. Go back to AnyDesk and click on accept and restart. I will check the payment from your Bank of India card
Shirish: Rs 1,400 has been deducted from my bank account. Return the amount
Imposter: That is a deposit, which you will get back only when your father makes the payment of Rs 10. Call me again when your father returns
The scamster disconnects the call. The reporter calls him again
Reporter: You have cheated me, and taken all the money that I had. Now, I have nothing left
Imposter: We are not a fraud. You will get your money back when your dad pays Rs 10
Reporter: I called the power company and they told me this was a fraud
Imposter: This is wrong (He then disconnects the call)
Cyber Deputy Commissioner of Police, Mumbai, Hemraj Rajput said, "We request the citizens to not get into the trap of these fraudsters. Any electricity company will intimate eight days prior to their customers if they will disconnect the supply. This is the protocol. Always cross-check with genuine websites. Never click on any link or download any apps if a caller asks you to. Electricity companies are also providing advisory notes on their websites and social media platforms." Report such incidents on cybercrime.gov.in and call on 1930, and follow @mumbaipolice on Twitter, YouTube, Facebook, Instagram, Public, Koo and LinkedIn for safety tips, said the police.
. Contact your bank and block your accounts, debit/credit cards
. If payment was made via wallets, report the fraud to them
. After your account gets debited for the first time, do not authenticate any further payments because the criminals will persuade you to make payments to other accounts on various pretext
. Report the crime online at cybercrime.gov.in
. Submit a detailed written complaint to the local police station with the copies of evidence of payments, and obtain an acknowledgment
. Submit the acknowledged copy from police station to the bank or e-wallet firm
. Change relevant passwords of apps and mail accounts for further safety
