Leaked e-commerce site data used to dupe customers

Young graduates were excited about their new job as tellecaller in a call center in Greater Noida. Their work was to call existing customers of leading e-commerce websites and give attractive offers against a pre-payment but neither these callers nor customers knew that they were all being duped by a gang of cybercriminals.
In a recent breakthrough, Uttar Pradesh police have arrested masterminds of the gang — Sudhir Mahto and Kaptan Singh, who had step-up a fake call centre in Greater Noida and had leaked customer data of prominent e-retail websites. Using the leaked data the gang duped their customers by giving the latest gadgets at a dirt-cheap price or offering prizes in lucky draw.
Explaining the modus-operandi, Azamgarh’s superintendent of police Triveni Singh said, “The gang complexly relied on leaked data which had information about customers shopping history and address. The gang with the help of new recruits’ set-up a call centre from where their work was to make calls to customers of e-retail websites. The gang member wrote a script for the callers and based on shopping history of customers they used to offer them the deal.”
The caller insisted the offer is valid only if they make the payment on QR code sent by them on their registered mobile number to sound authentic. They said the payment was part of primary GST and NOC for delivery. These QR codes were liked to gang’s mobile e-wallet, which the gang changed every week, investigation revealed.
During the investigation, cops found that these callers had little idea that they were being misused to dupe thousands of people every day. In fact, the gang members had lured them of incentive if they could sell the deal to maximum people.
“Like a profession call centres they were given a script and data leads. They were given a voice and accent training and based on the shopping behaviour of the customers they used to make an offer, not realising that after making the payment no goods ins ever send or delivered by them,” he said.
The data recovered by them exposes loopholes in data management of e-commerce websites. Police are yet to ascertain how many people have been duped so far and the amount of money made by the gang.
“We are writing to the online portals to explain how their sensitive data was leaked. Their data audit will be held and the responsibility will be fixed. E-commerce sites are mandated to maintain foolproof security for their clients’ credentials. They will be made a party to the crime,” Singh said.
The data leak has become one of the biggest work for the security agencies as a huge amount of data is daily bought and sold on the internet exposing how vulnerable is personal details this includes banking details to other vital information.