Some of the biggest global e-commerce entities operating in India are being scammed through fake websites, causing them reputational damage and financial losses, according to an investigation carried out by a private cybersecurity research firm.
While e-commerce and online shopping has taken off, an entire ecosystem of phishing websites designed to look like the big brands and entice buyers to buy non-existent goods have sprung up.
The investigation report, a copy of which has been obtained by Asia Times, reveals that global e-commerce sites like Amazon and Flipkart bear the brunt of the scam. Paytm Mall, the e-commerce arm of the major financial payment gateway Paytm, is also a target of the scam, according to the report. The report, prepared by the private Singapore-based cybersecurity group CloudSEK, identified several fake operations posing as real websites to attract customers.
Security researchers have identified two phishing sites, wowbuzz4.com/pytm_mall and paytm-megaoffer.com, that are masquerading as the legitimate Paytm Mall website, in an attempt to mislead and defraud Paytm customers, the report states.
“CloudSEK’s analysts have further investigated XVigil’s intel, to unveil the underlying technology contrivances, and the associated scammers. Having unearthed the domain and server details, along with the source codes and Google analytics IDs, we have identified that the phishing sites are not just hosted on the same server but may also be operated by the same scammer/group of scammers,” the report says.
The scammers use an elegant method to target customers of global e-commerce sites.
They register domain names that are similar to popular e-commerce websites. The CloudSEK researchers found that all of them use the same Internet Protocol (IP) address, indicating that the scammers across the sites are the same person or entity. When customers log on to these fake websites, they use Paytm to make payments for their purchases.
However, while their payments get through, they never receive the purchased goods. Reverse engineering links to the fake websites led the investigators to these two entities who had paid for the servers to host them.
Dubious antecedents
When the investigators traced the server that hosts these websites, they located two entities listed as the owners of the sites. One is based out of the city of Nagpur in the state of Maharashtra, and listed as “Parate Traders.” The other is listed as “Pardhi Tea and Kirana Center,” which is also in Maharashtra. Curiously, they even share the hosting infrastructure and are served from the same IP address, “51.89.159.145.”
One of the individuals listed as the contact person for the trading entity Parate Traders (GST: 27AKLPP3621K1ZU) is Satish Parate, whose mobile number is also listed. However, when Asia Times spoke to him on the phone, he denied any knowledge of the sites or the trading firm. “I have never heard of Parate Traders and I have no idea how my number was listed as an owner,” Parate told Asia Times. The owner of the other site has an invalid nine-digit phone number listed on the web.
In either case, CloudSEK has not been able to establish the antecedents of the owners of the fraudulent websites. While the sites have now been closed down, a WHOIS search revealed the same details of the website owners.
“Our monitoring system Xvigil collects and analyzes thousands of domains for phishing and other fraudulent activities. We extract the threat actor information and details such as the phone number; Paytm or United Payment Interface handles and correlates them to prepare a consolidated fraud report,” Bofin Babu, the head of CloudSEK’s machine-learning research team, told Asia Times.
Worryingly, CloudSEK researchers say that merely closing down the sites does not make a difference to the scammer. “We need to understand who hosted these sites and take action against those who have hosted the sites on their servers,” one of the CloudSEK cybersecurity researchers told Asia Times.
Asia Times sent detailed queries to the major e-commerce companies. In their response, a spokesperson for Flipkart said the company has a team of experts working on the issue. “Internally, we also have processes directed at safeguarding our customers’ information. Within Flipkart, we have constituted a dedicated Brand Protection Council, which is a cross-functional team of experts. The role of this group is to assess, monitor, report and take legal action against perpetrators of such fraudulent activities as well as take preventive measures through systems, technologies and customer education.”
The other groups mentioned in the security report did not respond to Asia Times’ queries. This report will be updated if and when the companies respond.