A woman busy at her office got a text message that informed her that her electricity bill was not paid and that the power supply would be disconnected by the night.
Scared, she contacted the phone number mentioned in the text message. The person who received the call convinced her to download an app and made her carry out a transaction of Rs 11.
Seconds later, she received a text message informing her that Rs 50,000 has been debited from her account.
“I was scared as the text message said that my power supply would be cut. I checked on the CESC website but found no pending bills. Still, I called the number mentioned in the text message,” said the Kasba resident who is a senior executive at a private firm.
The person told the woman that her last payment of Rs 5,400 had been “kept on hold”.
“I had indeed made a payment of Rs 5,400. So, I thought there must have been some glitch. The man promised to help me out of the situation,” she said.
First, the man asked her to download an app called “quick support”. “The moment I downloaded the app, a code comprising a few digits was generated. The person asked me for the code. After the code was shared, a pop-up came on my mobile screen saying ‘start now’. I clicked on it as directed by the man,” the woman said.
Then she got a link from another mobile number prompting her to make a payment of Rs 11. “I wanted to make the payment through Google Pay but the man said I must use my debit card. I had to give the card details. Once the payment was made the man cut the call,” she added.
Moments later she received a text message saying an OTP had been generated for debiting Rs 50,000 from her account. Then another message informed her that the money had been debited.
The woman has lodged a complaint with Kasba police station and with the bank where she has an account.
“I lost the money even though I did not share the OTP. Later I learned that the passcode I had shared gave that person access to my phone,” she said.
CESC officials said they have published advisories against frauds in their name.
• A victim is asked to download a legitimate app
• A passcode is generated after the app is downloaded
• The fraudster asks for the passcode that helps him/her gain remote access to the victim’s device
• The victim is then sent a link and asked to pay a nominal amount using their debit or credit card
• The fraudster spying on the victim’s device then uses the card details to make a larger transaction