Many users have been receiving messages on WhatsApp and via SMS from unknown numbers claiming that the user’s electricity, phone or other connections will be disconnected unless they contact a certain number. “I received the first SMS on September 30 and then a second message on October 2. My mother also received a similar message. We have a very high electricity bill, so I thought maybe it was the right thing to do,” Soumya Sengupta, a 38-year-old businessman from Kolkata, told indianexpress.com.
“So I checked the CESC [Calcutta Electric Supply Corporation] website where I usually pay the bill. But all dues were paid. That’s when I suspected it was a scam,” Sengupta added. “Your electric power will be disconnected at 9:30 pm since your bill for the last month (sic) was not updated Call us [mobile number]”, said two separate messages sent to Sengupta.
The scam is also popular on WhatsApp. “I received the message on September 26. I immediately identified that it was a scam. I have two houses, one in Kolkata and one in Odisha. I have never received a WhatsApp message from any of the distribution companies in the cities. And even when companies use WhatsApp, it will have a logo and it will be from an official account,” Anthony Khatchaturian, a 41-year-old freelance writer who works in Kolkata and London, told indianexpress.com.
“My question is if I wasn’t knowledgeable or tech savvy, or maybe I freaked out and fell for the scam, who would I call? Do I call the distributor, call the police? Also, in India, you cannot get a number without an Aadhaar card. Imagine how confident they are to publicly scam so many people with a number linked to an Aadhaar card,” added Khatchaturian.
“Update your bill. Dear Consumer Your Electric Power will be disconnected. Tonight at 8:30 p.m. from the electricity office. Since your bill from the previous month (sic) was not updated, please immediately contact (sic) our electricity officer [phone number] thank you,” read a WhatsApp image sent to Khatchaturian.
While Sengupta and Khatchaturian identified the scam for what it was, others may have fallen for it. If an unsuspecting victim were lured into the scam, malicious actors could con them out of money or their sensitive personal information.
“One of our family friends was scammed out of Rs 25000 by cyber fraud. His daughter received an SMS indicating that his electric meter will be disconnected today due to non-payment of installments. The daughter forwarded the call to her father. The father called that number and was asked to download an app to make a payment. Upon downloading, you were asked to make a test payment of Rs. 5. By doing the same, he found Rs. 25000 debited from his account,” Twitter user Digamber Karekar (@drkarekar) wrote in a tweet. Indianexpress.com has not been able to independently verify this.
Sengupta and Khatchaturian are residents of Kolkata and Karekar’s Twitter profile says he lives in Mumbai, but the scam appears to be common in other cities as well. A user in Delhi received a similar message. In another version of the scam, the scammer poses as the MTNL telecommunications company.
“Using SMS messages as an attack vector may seem rudimentary, but like email phishing, it’s still disconcertingly effective. These attempts often mimic trusted brands or personal contacts to entice the victim to click on a link or share sensitive personal information,” Sundar Balasubramanian, General Manager, India and SAARC Region, Check Point Software Technologies, told indianexpress. com by email. .
“This method has proven particularly successful as after a device has been compromised, its entire contact list is available, creating an endless cycle of potential victims,” Balasubramanian added. Check Point Software, a US-Israeli IT security company, has seen a steady rise in these types of SMS phishing or “Smishing” campaigns.
Balasubramanian recommends that users be careful about downloading apps, making sure they only download apps from the Google and Apple stores. Also, mobile device users should avoid downloading or clicking on unknown links that come in emails, SMS messages, or other messaging apps.