The contact details of a city eatery belonging to a well-known chain of restaurants was allegedly altered on the Google search engine and customers were lured into reserving tables by an offer paying only Rs 10.
The alleged fraudsters had inserted their contact details as that of the restaurant and asked customers to book a table by contacting that number.
On being contacted, the customers were told that they would get free beer and an additional discount on their bill if they fill up an online form, police said. The online form would require the customers to share their credit card details and also prompted for the one time password (OTP) generated in the mobile phone of the customers to complete the “procedure” of availing the discount.
It was only later that the customers had realised the fraud and reported it to the restaurant. At least five people have been duped in a similar way while trying to reserve tables in the restaurant, police said.
As the matter was reported to the police from the Ballygunge head office of the chain of hotels, cops traced the mobile number linked to a Paytm account of a youth in Jamtara, Jharkhand. Three people have been arrested in connection with the case.
“The fraudsters had misused this facility on Google to insert details on a particular address. We have arrested three persons in this case, including the mastermind,” said joint commissioner (crime) Murlidhar Sharma.
Police officers said it was not very difficult to insert any contact details on a particular address of one’s choice.
“All you need to know is the basics of using Google search engine. Although only five cases have surfaced but we suspect that the number of people who have been cheated in this way could be higher than this,” the officer said.
The officer said if we type an address on the search engine, apart from several links about the place, a map will also appear on the computer screen.
“If we click on the map, and then right click with the cursor on the address, a new box will pop up with a list of questions. If someone proceeds by clicking on the option ‘add your business’ there will be an option to give the contact details of your choice,” the source explained.
However, what the cops found alarming was that the customers shared not just their credit card details but also the OTP that generated in their phone.
Thousands of people use the Internet and various search engines for making online purchases or transferring money at a finger-touch. Be it online shopping, purchasing movie tickets or reserving a table in a restaurant, everything that earlier needed a physical visit to the spot, has now been replaced by online transactions.
A senior officer said, an online transaction could be completed only by inserting the OTP that was the final security layer for the customers.
“If someone finds that an OTP message is generated in his or her phone without he or she making any online transaction, it means, someone else has accessed the card details,” a senior officer said.
During investigation it was found that the maximum amount was transferred into the Kuruwa branch (Jamtara, Jharkhand) of a nationalised bank belonging to Mohammad Rahim Ansari, 31, of Jamtara. A team of officers of the cyber cell of the Calcutta police arrested Ansari from Jamtara on Friday and also picked up co-accused Nasrul Ansari, 30 and Mohammad Azharuddin, 30, from the same place.
According to cyber experts, the only way to remain alert against such spurious activities is to remember the basic thumb rule for any online transaction — not to give away any detail pertaining to a person’s bank account or card.
“While making any online transaction, the payment gateway asks for the details of the card, including the card holder’s name, number, expiry date and year of the card and the CVV. Once these details are inserted, an OTP is sent to the mobile number registered with the card. If the person making the transaction does not have access to the registered mobile phone, he or she will not be able to complete the transaction,” said an officer.
The feature of an OTP was developed to prevent misuse of card details in case the card is stolen or misplaced.
“There is no way one could have prevented fraudsters from using this feature of a search engine. But the moment the customers were asked for the OTP, they should have realised that it was a fraud,” a senior officer said.
Police said five mobile phones, SIM Cards, bank account passbooks, cheque books, PAN Card, Aadhaar card were seized from their possession. On being produced at a court in Jharkhand, they were granted a transit remand for a day.