A 78-year-old man’s attempt to cancel train tickets through the IRCTC website turned into a devastating online scam, resulting in the loss of Rs 4 lakh. The scam involved a counterfeit website and an imposter posing as a railway employee who cunningly acquired access to the victim’s personal information and device. Employing a range of malicious tools like Remote Access Trojans (RATs), keyloggers, and spyware, the scammers took control of the victim’s device, leading to unauthorized withdrawals from his bank accounts.
The victim, identified as M. Mohammed Basheer from Kozhikode Vandipetta, fell into the trap when trying to cancel his train ticket on the IRCTC website. Upon attempting the cancellation, Basheer unwittingly landed on a fraudulent website. Subsequently, an individual claiming to be a railway employee contacted him, communicating in both English and Hindi, and provided deceptive instructions. Following these directions, a blue emblem appeared on Basheer’s screen, granting the scammer control over his device. In addition, Basheer was coerced into divulging his bank account details and ATM card number.
The appearance of the blue emblem possibly indicated the installation of malware on Basheer’s device. Scammers frequently deploy various forms of malware to hijack victims’ devices. Among these, Remote Access Trojans (RATs) are commonly used to manipulate systems remotely. This might have allowed the scammer to seize full control of Basheer’s device. Another potential tool in the scammer’s arsenal could have been keyloggers, which discreetly record all keystrokes made on the victim’s device, thereby capturing sensitive data like passwords and banking credentials. Furthermore, spyware, a stealthy type of malware, could have been employed to clandestinely monitor Basheer’s activities and collect data.
The realization of the scam’s magnitude dawned on Basheer when he received a notification of money being withdrawn from his savings account. In haste, he rushed to his bank’s YMCA branch, only to discover that Rs 4 lakh had also been withdrawn from his fixed deposit.
The scammers relentlessly communicated with Basheer through three different phone numbers. Despite his attempts to reach out to the bank after the initial withdrawal, the scammers thwarted his efforts. In a desperate move, Basheer formatted his phone to prevent further breaches. He promptly reported the incident to both the bank and the police’s cyber cell.
Subsequent investigations by the police’s cyber cell uncovered that the scammers gained access to Basheer’s phone by convincing him to download an app called ‘Rest Desk.’ The ill-gotten money was withdrawn in four separate transactions, with Rs 4,05,919 being debited from Kolkata. The police suspect the phone numbers used by the scammers are linked to individuals from Bengal and Bihar.
Basheer, a retired Senior Engineer who had worked in Muscat, expressed his dismay at the swiftness with which the scammers depleted his funds. Despite spending hours at the bank attempting to close his fixed deposit, the scammers managed to execute their fraudulent scheme in a remarkably short timeframe.
