After Bengaluru, cyber fraudsters have started targeting unsuspecting users of a popular food delivery app in Tamil Nadu to access their payment credentials and place food orders outside the State.
“From January 1 to 12 this year, 30 cyber complaints have been received on the National Cyber Crime Report Portal related to the scam in Tamil Nadu,” said Additional Director General of Police Sanjay Kumar.
According to the police, the fraudsters, operating remotely, are specifically targeting people who have linked the LazyPay app account with their food delivery app Swiggy. LazyPay allows its users to purchase products online and pay later.
One of the victims from Koyambedu in Chennai, said he had recently received an interactive voice response (IVR) call claiming to be from LazyPay stating someone was trying to add his account to make a purchase. The caller told him to enter the One Time Password (OTP) received on his mobile phone, if the remote transaction was not an authorised one.
“As it was an IVR call I thought it was a genuine one. I entered the OTP. After some time I noticed a transaction for ₹4,979 had been made. I called LazyPay customer care and blocked my account. A while later I got a call from a Swiggy delivery boy speaking in Kannada saying I had ordered some items and asked me for the location. I told him I had not placed any order. When I tried to log in to my Swiggy account, I found the access blocked. The fraudster had used my payment credentials to order food in Karnataka,” the complainant said.
Another Swiggy user from Tambaram in Chennai, who was cheated in a similar fashion, said a week ago, he was flooded with more than 100 SMSes and finally some order was placed by an unknown person using Swiggy for a value of ₹9,938 through multiple orders through Lazypay, in Gurgaon.
An officer at the Cyber Crime Wing of Tamil Nadu Police said the fraudsters also used IVR calls to convince the victims to press ‘1’ if the transaction was not being performed by them and then enter the OTP number. Many victims had told the police that they were bombarded by multiple SMSes when the fraud was being executed. “This is a diversionary tactic to keep the victim engaged while their payment credentials are being surreptitiously used,” said the officer.
Those cheated would have to eventually settle the money to LazyPay as they would receive calls from agents saying failure to make the payment would affected their CIBIL score (creditworthiness).
D. Ashok Kumar, Superintendent of Police, Cyber Crime Wing said, “In most cases, the cyber fraudsters swindled the money operating from far off locations. Our investigation has revealed the fraudsters purchased food and mostly alcohol bottles (in Delhi/Gurgaon) using the credentials of the real users. We suspect a security breach had leaked user data. As per provisions of the Information Technology Act, we have sought details on the security breach from Swiggy and Lazypay.”
