Social Media Cyber Predators: Customers Beware

Social network cyber predators are those criminals who are looking for any opportunity to defraud people on social networks such as LinkedIn, Facebook, Quora or Twitter, or even on Google. In the recent months, I have encountered several cases, and I thought I should write a short article for those who are likely to fall victim to such predatory cyber crime. I am going to describe several cases – with changes in the identities of the victims for obvious reasons.

Story of Sarthak posting his CV on Linkedin:

Sarthak is a 4th year student at an engineering college. Due to the Covid-19 situation, he did not get placed when most of his friends got a placement during the placement season in December. Sarthak was feeling desperate and depressed. Having not paid much attention to the cyber crime stories in the past, he did not imagine that threats may be lurking in the wide open fields of social networks. Sarthak posts his CV on LinkedIn appealing to his network to connect him to potential recruiters. Within an hour, he receives a call from a well spoken lady who claimed to represent a recruitment firm associated with IBM. After asking some simple questions, the lady says that she has a job offer in IBM for Sarthak. Sarthak is elated and drops his guard. She instructs Sarthak to visit a specific URL (naukrias.com) and fill in a form, upload his Aadhaar card, PAN Card etc. The URL registration process leads Sarthak to a link on the same domain which turns out to be a payment link to pay 2200 INR to register himself with the recruiter. Interestingly, the link leads to a form that requires Sarthak to type in his Bank Debit card details. There is also a box to type in his OTP as he gets it on his phone. He does that faithfully. Once he types in his OTP, he finds out that instead of 2200 INR, his account was debited for 22,000 INR – which is all that Sarthak had in his account. Sarthak tries to call the lady and she does not answer any more – at this point Sarthak realizes he has been taken for a ride.

What did Sarthak do wrong?

First, if he paid attention to the website – he would have noticed that the website was replete with grammatical and spelling mistakes in its narratives. That should have raised an alarm. Usually one easy way to spot a phishing email is that those emails usually have lots of spelling and grammatical errors in them.

Second, he should never have typed in his Debit card number and details, or uploaded his Aadhaar or PAN card copies to unknown sites. Further, he should have never given his OTP to a site that is not his bank’s verified site.

Third, anyone who posts their personal information such as CV on a social network site – even professional networking site such as LinkedIn, should never trust anyone who calls and claims to be a recruiter. In particular, if they ask for money – it is a fraud case with almost 100% certainty.

Gautam victimized on Whatsapp

Gautam is a 2nd year student in one of the Engineering branches. He is from a very poor family, and his bank account always has a meagre sum that his farmer parents try to provide every month so he can pay his mess bills. One fine day, Gautam receives an unexpected message on his Whatsapp – he won a lottery worth 11 lacs of rupees. Gautam being in perpetual difficulty to make ends meet and feeling guilty of the pressure his parents are in for his education -- jumped at this unexpected news. The person on the other end gives him a bank account number and asks him to transfer 11,000 INR so that the lottery company knows his account to be genuine. He faithfully does it. Then the person on the other end, tells him that he would receive an OTP and he has to tell that OTP on whatsapp --- which would complete the transfer of 11 lacs to his account. As soon as he hands over the OTP, his whatsapp account is taken over. That OTP was to change the phone number associated with his whatsapp – which he did not realize. At this point, the perpetrator deletes all past messages (account number and backup of whatsapp messages) from his account. So Gautam can no longer provide a proof to the police that he transferred money on explicit instruction from someone. Further, his whatsapp account being hijacked – his account now becomes under the perpetrator’s control. His name is now being used by them to defraud people in his contact list.

What did Gautam do wrong?

First, no one wins a lottery like a windfall. Any email/message to that effect is likely to be fraud. He should have been alerted when such an unexpected windfall came about.

Second, he should never have transferred money to an account given to him by a complete stranger.

Third, no one should share any OTP with anyone – known or unknown.

Renu loses money trusting Quora Replies

 Renu purchased an air ticket to come back to her institute from her spring break last March. The ticket was purchased through GoIbibo. However, sudden lock down cancelled her plan and she was promised to receive reimbursement for the ticket. Over the next 9 months, she tries to contact GoIbibo customer service, but they never seem to pick up. Desperate Renu posted on Quora a question, and immediately someone posts a customer service number to call. Upon calling, a lady on the other hand, asks her to deposit an amount equal to the price of the ticket -- to a bank account purportedly of GoIbibo – and tells her that the deposit will be returned along with the reimbursement. However, it does not happen. Calling back the same number, she is told that her deposit did not go through, and she has to do it again. This repeated a few times, and eventually not only she does not receive her reimbursement, she goes on depositing 4 times, after which the lady never picks up the phone ever again.

What did Renu do wrong?

First, never trust google search, or any other social media forum to find customer service numbers. Predators have created false records all over the Internet to defraud desperate customers. Always only go by the real website of the company whose customer service you want to call.

Second, never ever deposit money to get back money. That is not a practice followed by any real company.

Third, never trust a person on the other end of a phone number you found on social media.

Many of us also read with horror about an NDTV journalist who was defrauded with an offer of a faculty position at Harvard University. So much elaborate was that fraud that it took this journalist many months to discover that she was being cheated. If someone as smart as a well known journalist can be victimized in such elaborate cyber fraud, it would be much easier for common people to fall victim.

These are just only a few cases, but there are plenty more stories that I have heard in the recent months where predators were found waiting to find people’s desperation – and preying on that on the Internet. One has to develop a very suspicious mind, and very alert mental posture on the Internet. If you are posting CV or any personal information on social networks, please be on your guard else you would fall victim.