In a disturbing new trend, cyber fraudsters are now exploiting genuine online shopping orders to cheat customers. In a recent such incident, a 27-year-old woman from Sion was duped of `2.07 lakh after she was tricked into believing she had to cancel and reorder her purchase to get faster delivery and an instant refund.
According to the police, the woman had placed an online order for garments. Days later, she received a call from a person claiming to be from the company’s dispatch centre. To gain her confidence, he quoted her exact order details and then told her that delivery would take months unless she cancelled it and placed a fresh order. He assured her that the refund for the first order would reflect in her bank account immediately.
Trusting him, she followed instructions and made a series of online payments through a digital wallet app — first a few thousand, then repeated transactions after the caller claimed there were “system errors” and “failed refund attempts.” He even persuaded her to enter her bank account number, IFSC code, and OTPs into the app’s refund section, each time insisting it was necessary to process the refund. Over a span of hours, she ended up transferring a total of `2.07 lakh.
When the refund did not come and the caller’s number went out of service, she realised she had been cheated. She reported the matter to the national cyber helpline 1930 before approaching the Sion police, who registered an FIR under sections 66C and 66D of the IT Act and sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita.
Cyber officials said the case shows how fraudsters are innovating by piggybacking on real shopping transactions to make their schemes look genuine.
Explaining the new modus, a police officer said, “The fraudster in this case already knew the victim’s exact order number and the items she had purchased. It looks like there was a data leak at some point in the chain, which the fraudsters managed to access through a breach in a third-party delivery or logistics system or the seller`s databases. Or it can be phishing malware or compromised apps!”
The police have urged citizens to never share OTPs or transfer money outside official app gateways, even if callers appear to know accurate order details. “Even if someone provides real order information, never process refunds or share OTPs outside the official app. And no app will directly contact the customer for refunds, OTPs, or new offers,” the officer added.
Leave a Reply