Clients of the Indian Railways, online shopping platform Flipkart, and multiple Indian banks targeted in "a new wave of financial fraud."
The new scam targets Indian citizens leaving complaint posts on social media accounts belonging to various local companies, according to Cyble Research and Intelligence Labs (CRIL).
Scammers monitor Twitter and other social media platforms for customers looking for refunds over issues they might have experienced with services provided by companies like the Indian Railway Catering and Tourism Corporation.
According to researchers, cybercriminals would initiate a scam upon finding a victim's contact information.
"When users report complaints on social media, scammers take advantage of the opportunity to carry out phishing attacks by asking them to download malicious files to file their complaints and steal their funds from bank accounts," CRIL said.
In addition to the IRCTC, users of other popular Indian brands and organizations, including e-commerce platform Flipkart, payment service provider MobiKwik, budget airline Spicejet, and various banks, were targeted.
In one example, a user was contacted by someone impersonating the IRCTC customer support representative after posting a complaint on the company's Twitter account.
While the user refused to provide their details to the scammer in this case, fraudsters would use different techniques to defraud victims, CRIL said.
For instance, scammers might seek to link a victim's mobile number or account through the Unified Payments Interface (UPI), send a Google form to collect sensitive information or forward a WhatsApp link to a malicious website.
"Scammers have been using Android malware in addition to other fraudulent tactics. They may send a phishing link that downloads a malicious APK file to infect the device, or they may send the malicious file via WhatsApp," CRIL said.
Scammers use malicious APK files with names like "IRCTC customer.apk," "online complaint.apk," or "complaint register.apk" to trick victims into revealing their banking credentials, the researchers said.
They also seek to obtain the victim's UPI details, credit/debit card information, and even their one-time passwords used for two-factor authentication.
One phishing website that CRIL came across included a fake customer support site that would ask victims to enter basic information such as name, mobile number, and complaint query before prompting them to input sensitive banking information. It would also ask the victim to install a malicious application to steal incoming text messages from the infected device.
CRIL said "a group of financially motivated scammers" based in India was responsible for the scheme. While it was first observed in late 2020, it has only recently started targeting social media complaints to identify potential victims, researchers said.
"It is important for users to be aware of these scams and to be cautious when providing personal information or downloading files online," CRIL warned.
More from Cybernews:
Subscribe to our newsletter