Connect with us

Cyber Crime

How Cyber Criminals Based Out Of Red Corridor Are Doing Merchant Based Frauds



By Dhaval Chikhaliwala

Cybercrime is rapidly increasing and it’s a global menace. Almost every country is witnessing the growth in cybercrime. As and when there is an evolution of new technology, cybercriminals advances and innovates with their techniques to multiply their illegal income.

In India, what was observed as cybercrime where criminals impersonating as employees of banks or financial institutions by calling citizens and try to acquire their confidential credentials related to their bank accounts or credit cards (mainly OTP) which is then utilised for loading mobile or e-wallets. Once these wallets are loaded with debit/credit card, funds are further transferred to bank accounts opened with the bank branches located in the remote locations of Red Corridor districts.

Red Corridor:

As per Ministry of Home Affairs (MHA), red corridor region is demarcated by the Union Government to notify the districts which are affected by left-wing extremism. It is majorly spanning across the states of Bihar, Jharkhand, Orissa, West Bengal, Chhattisgarh, Maharashtra, Andhra Pradesh & Madhya Pradesh. As per MHA portal, Left Wing Extremism is included in the schedule of Terrorist organizations under the Unlawful Activities (Prevention) Act, 1967.

Typology / Modus Operandi

A relatively new typology has been noticed where cybercriminals operate in an organised manner to increase their illicit income. Below mentioned is the typology:

  • Cybercriminals rolls out a new business firm (mostly a sole proprietorship concern) in small towns based out of red corridor districts and develop a website offering various products (mostly garments, electronic gadgets, etc.) which are sold at a comparatively cheaper price than the market price.
  • Websites managed by these criminals are perfectly developed and shows all the characteristics of a genuine business e-commerce website along with call centre numbers.
  • These business firms then approach payment aggregators to get registered as merchants to expand their online reach.
  • Once these business firms are registered as merchants they start accepting online orders (mainly from domestic buyers).
  • To attract more buyers, the website also offers a discount on placing orders above certain value so that buyers can place large orders.
  • Cash on delivery as a payment option is not available for the products purchased from these websites and then buyers are left out to make payment only through their debit card, credit card, net banking and UPI (Unified Payment Interface).
  • Once a buyer makes the payment, a fake invoice is generated along with order number and expected delivery time of the purchased goods.
  • However, goods are never shipped by the merchant and buyer loses his money.
  • When a buyer tries to enquire about non-receipt of goods through the customer care numbers published on merchant’s website, these criminals impersonate as employees of the merchant firm and asks buyers to provide certain details related to the amount of goods purchased and then guides buyer to open their UPI app and asks to type & share their VPA (Virtual Private Address) to validate and process the refund.
  • Once the buyer shares his VPA, criminals then send a pull request through his UPI handle to the buyer.
  • Fraudster then asks buyer to validate the requests by entering his UPI PIN and once the buyer enter his UPI PIN, funds are once again siphoned off from the buyer’s bank account.

It’s an appeal to the citizens not to fall prey to the frauds perpetrated by criminals and stay alert. Also, pro-actively report such cases to the respective cybercrime agency of the City / State.

Dhaval Chikhaliwala is a qualified professional with over 12 years of experience in the areas of Regulatory Compliance, Risk Management and financial crime prevention. In past he was associated with My Mobile Payments Limited, HSBC India, Vodafone m-Pesa Limited, BNY Mellon India, ICICI Bank Limited and Dun & Bradstreet Information Services India Pvt. Ltd.