Phishing scams sure have come a long way.
Until a few years ago, phishing scams relied heavily on technology — someone would send an email to steal your password, or pose as a customer service representative on the phone while trying to get you to give up your bank details. But as technology has made inroads into daily lives, phishing scams have moved into the real world.
A Paytm user has alleged that a fake Paytm KYC representative showed up at his house and attempted to steal his Paytm password. “I was at my house, when the door bell rang. My grandma opened the door to find a guy, supposedly from Paytm, asking if someone wants complete their KYC,” said Shobhit Bakliwal on Twitter. “He had an ID card from Paytm, and wore it around his neck, on top of his Shirt. She wanted to complete it so she called him in. She called me up, asking me in case I wanted to get it done too. The guys asked me to fetch documents to show him. I went and brought them,” added Shobhit, who lives in Jaipur.
The KYC reprsentative then asked Bakliwal and his grandmother to enter their usernames and passwords in an app on his phone. “He told us to login to the app to verify our numbers. This is where I felt it was “phishy”,” says Shobhit. “I said I don’t remember the password, so let me use forget password from your app, and he got a bit scared,” he told the KYC representative. This was a clever move from Shobhit’s part — he’s a tech entrepreneur who’d studied BITS Pilani, and realized that had the app on the KYC representative’s phone been genuine, an OTP would’ve been sent to his own registered mobile number. “I entered my number in his phone and waited for an OTP, which obviously never showed up,” he says.
The KYC representative then insisted that Shobhit reset the password on his personal phone, and then enter it on his own device, but Shobhit had wised up by then. “By this point, I had realized he was trying to scam us, and so I told my grandma to take the paper from him on which he had written our details, and our documents away,” he says. “I asked him his name, and that spooked him. He dashed out of our house. I couldn’t go behind him as me and my grandma were alone in the house at the time,” he says.
It’s not hard to see what the scam being pulled was — since March, the Indian government has required that wallet users complete their KYC services to continue using their services. Paytm has been sending its representatives to houses where users request for their KYC to be completed. Someone seems to have forged a Paytm card, and shown up at random houses, hoping people will hand over their Paytm details. “The (man had a) strap with a card holder, where the card looked legit like Paytm’s,” Shobhit told OfficeChai. Once someone has their phone number and Paytm password, the scammers will be able to empty the balance in the Paytm wallets remotely.
This isn’t the first time that Paytm users’ phone numbers and passwords have been targeted. Scammers were earlier calling people up, pretending to be from Paytm, and getting people to give up their passwords. As technology has changed and technical requirements have evolved, scammers clearly are also moving with the times.