On 26 November 2019, the General Manager of Ambience Mall, Delhi, received a call from a claimed ‘Paytm Executive’; “He said that the KYC (Know Your Customer) of the Paytm account was not updated and hence he would not be able to carry out any transaction. The caller suggested online updation by following his instructions on mobile phone”. Mr Arvind Kapoor, General Manager of Ambience Mall, found that the caller was able to verify all the information provided and was appearing genuine, also from no perspective the caller seemed suspicious. The Caller also claimed that he is an employee of Paytm, and that he may like to call back on the number to verify the caller’s genuineness. The caller also said that the company has for the convenience of users introduced the “online format”. The caller also said that he will be able to provide assistance by guiding him through the procedure on mobile phone itself. This was followed by the GM, and within a matter of a few minutes, he lost Rs 1.8 Lakhs to the scam, from his e-wallet and from the Bank accounts linked to the Paytm account.
The fraudsters target customers by asking them to download a mobile or desktop app to facilitate the Know-Your-Customer (KYC) process, through which they gain access to the victim’s PIN. They then proceed to empty out the linked bank account in multiple successive transactions. The victim is actually enticed to download a spurious KYC form, and along with the same, the victim unknowingly also install a “Remote Access” Software like: AnyDesk, QuickSupport, Ammyy Admin, Mikogo, ThinVNC, UltraVNC, LogMeIn Pro, Join.me, Splashtop, VNC Connect, pcAnywhere, Android-VNC-Viewer, GPP Remote Control, PocketCloud Remote RDP / VNC, PhoneMyPC, TeamViewer, etc.
In an advisory released to customers, Paytm said that if customers have received any SMS or call asking them to download an app for completing their KYC, then it is a fraudster.
“They have started calling our customers saying that ‘We are calling from Paytm to re-activate your KYC’ and then they ask them to install apps like, AnyDesk, TeamViewer, QuickSupport etc and give certain permissions to these apps which is given to any normal app,” Paytm said in its warning.
“If you are being contacted stating that ‘your KYC has been completed and now to receive cashback or offer, you will receive an SMS with a link, to avail the offer click the link’, then always ensure that you do not click such links and delete such messages,” Paytm stated.
Paytm founder Vijay Shekhar Sharma also cautioned people on Twitter, and said, “These or some SMS with some lucky draw are examples of fraudsters attempting to get your details. Don’t fall for them.”