A few days ago, a cousin of mine called me. He had just had INR 9000 (~$125) wiped from his account to a telephone banking scam. So how did this educated and tech savvy guy in his 20s, well aware of such scams end up in this situation?
He had fallen prey to an innovative type of scam that is plaguing multiple businesses listed on Google. Often when you search for a business on Google, you will see a card for it. It contains details like address, timings, and a phone number with the option to call them directly from the browser/app itself. This is similar to what my cousin saw when he searched for his local bank branch on Google.
Business card of the bank visible on Google
Pay close attention to the phone number listed on the screen. (Do not call it! It belongs to a scammer.) Upon calling that number for help regarding a failed online transaction, my cousin was greeted by a person pretending to be a bank employee. After a short conversation where my cousin explained his issue, he was asked for his card number and CVV. Trusting the scammer, he ended up giving the details and subsequently lost the entire sum in his account.
Now I do understand that most would blame the person giving out his card details for being foolish enough to do so. I concur. However, in this the victim is not as much to blame for trusting the scammer as he is for trusting Google to provide him accurate information.
As we grow ever more reliant on technology, there is a subtext of trust that underlies every interaction we make via any app or website. When you see any information listed on a website, your first reaction isn’t to immediately question whether or not that information is accurate. It is to blindly trust the technology that has helped you unfailingly countless times in the past. That is precisely why this scam is so potent.
On further investigation we realised that the same scammer had his phone number registered for multiple bank branches in the same region. This is partly because of how easy it is to claim a business on Google. I did not want to do anything illegal or harmful for the sake of an article so I did not try it out myself. But as explained in this video, it is fairly easy and there seems to be little to no verification. I am sure Google has resolved such conflicts in the past where an original business owner had his/her business falsely claimed by someone else. However their method seems to be to appeal to the current owner to add you as an admin / transfer ownership. In case that doesn’t work, you appeal directly to Google to transfer ownership to you. It does seem to be a mess but I hope it works in most cases. Again, there is a lot of trust even from Google’s side that people won’t claim businesses they don’t own. There does not seem to be channel to report fraudsters such as these - you can only request ownership transfer if you own the business.
What can be said of an Indian public sector bank though? Technically they cannot be held liable for any incorrect information that does not appear on their own website. I doubt they’d care enough to go through Google’s appeal process. My fears were further confirmed when I decided to look up my local SBI branch on Google. Business card of my local bank on Google
There are multiple reviews claiming the listed number is fake. As of now, both fake numbers are still listed. A lot of information you see on Google is user contributed and often not vetted by any human. So do think twice next time you trust any information listed on Google. And if it’s a bank phone number, definitely don’t.
Know of any other such deceptive scam methods? Tell me about it.
EDIT (26/11/2018) : Since the time of publishing of this post, reports of this scam have been published by multiple news outlets-