Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label IRCTC. Show all posts

Scammers Target Indian Users Posting Complaints on Social Media

 

The latest report from Cyble Research and Intelligence Labs (CRIL) revealed that scammers are targeting Indian residents who submit complaints on social media accounts belonging to various local firms.

Fraudsters keep an eye out on Twitter and other social media sites for customers asking for reimbursements for problems they may have had with services offered by businesses like the Indian Railway Catering and Tourism Corporation. 

Researchers claim that once fraudsters discover a victim's contact details, they would start a scam. 

"When users report complaints on social media, scammers take advantage of the opportunity to carry out phishing attacks by asking them to download malicious files to file their complaints and steal their funds from bank accounts," CRIL stated. 

Users of other popular Indian brands and organisations, including e-commerce platform Flipkart, payment service provider MobiKwik, budget airline Spicejet, and various banks, were targeted in addition to the IRCTC. 

In one case, after posting a complaint on the IRCTC's Twitter account, a user was contacted by someone impersonating an IRCTC customer service representative. While the user in this case refused to provide their information to the scammer, CRIL stated that fraudsters would use a variety of techniques to defraud victims.

Scammers, for example, may attempt to link a victim's mobile number or account via the Unified Payments Interface (UPI), send a Google form to collect sensitive information or forward a WhatsApp link to a malicious website.

"Scammers have been using Android malware in addition to other fraudulent tactics. They may send a phishing link that downloads a malicious APK file to infect the device, or they may send the malicious file via WhatsApp," the researchers added.

Fraudsters, according to the researchers, use malicious APK files with names like "IRCTC customer.apk," "online complaint.apk," or "complaint register.apk" to trick victims into revealing their banking credentials. 

They also want the victim's UPI details, credit/debit card information, and one-time passwords used for two-factor authentication. CRIL discovered one such phishing website that asked victims to enter basic information such as their name, mobile number, and complaint query before prompting them to enter sensitive banking information. It also requested the victim to install a malicious application that would allow it to steal incoming text messages from the infected device. 

According to CRIL, the scheme was perpetrated by "a group of financially motivated scammers" based in India. While it was first observed in late 2020, researchers say it has only recently begun targeting social media complaints to identify potential victims. 

"It is critical that users are aware of these scams and exercise caution when providing personal information or downloading files online," CRIL warned. 

Indian Railways Data Breach: 30 Million User Records up for Sale

 


On Tuesday, December 27, Indian Railways experienced a data breach that compromised the personal information of approximately 30 million people. 

Hackers discovered that 30 million Indian Railway user records were being sold on an online forum by a hacker who used a fake identity. A user known as a "shadow hacker" on the Dark Web was said to have listed user data for sale. However, there is no information regarding the identity of this user. 

According to the hacker, various personal information was compromised, including name, email, phone number, and gender. A user further informed that the data contained several email addresses belonging to government agencies. Research conducted by security researchers has not been able to validate the authenticity of the data or how it was accessed. As of yet, there is no comment from Indian Railways regarding this incident. 

There have been 41.74 million electronic ticket reservations made by the Indian Railway Catering and Tourism Corporation (IRCTC) in the fiscal year 2021-2022, which has resulted in revenue of 38.18 billion Indian rupees from these reservations. 

In this data, you can find your username, email address and verified mobile numbers, gender, city Id, city name, and State Id, as well as your language preference information. The hacker had gathered several records from Indian Railways' databases. These records contained the details of people who had purchased tickets from Indian Railways through emails and phone numbers. 

Additionally, the hacker offered details of the vulnerabilities on the website that he had exploited with the help of the data he had stolen. The website did not specify whether it was the IRCTC booking portal or the website of Indian Railways because this fact was not mentioned. 

Alongside, the hacker alleges that "significant persons" and "government personnel" have been victimized by the theft of their personal information. According to the snapshot of the hacker site where the data was listed for sale, it appears that the hacker site also had the customer's travel and billing records included among the data. 

The hacker claims to have sold only ten copies of the stolen data if his assertions are to be believed. There is still time for more information to emerge regarding the suspected breach as well as professional opinions that are yet to be formed. 

The Indian Railways have not been immune to data breaches in the past, and this is not the first time. Following the data breach that occurred earlier this month in the All India Institute of Medical Sciences (AIIMS) database of patients, there has been another breach reported in the Indian Railways database of customers. 

During the year 2020, nearly nine million Indian railway ticket buyers had their personal information and ID numbers, including their ID numbers, stolen from an online database. In investigating a dark web post by this company, it was discovered that a million users' data had been stolen sometime in 2019.

Railway Protection Force (RPF) bust a multi-crore ticket fraud



Bengaluru: The Railway Protection Force busted a multi crore ticket booking fraud and apprehended two miscreants who hacked the railway booking website and used the ANMS Tatkal software to book tickets.



The ticketing racket seems to have been working all around the nation and the police as well as RPF are making all efforts to snub the fraud and catch all the agents involved in the fraudulent scheme.

The accused arrested by the police are Gulam Mustafa (26),  from Jharkhand, and Hanumantharaju M (37), from Peenya.

Akhilesh Kumar Tiwari, post commander RPF, South Western Railway told that Hanumantharaju was arrested last year and Mustafa on Jan 8th.

Upon questioning, Mustafa said to deccanherald that, "in 2017, he had created an Indian Railway Catering and Tourism Corporation (IRCTC) agent ID to book an e-ticket. He later joined hands with the other accused and hacked the booking portal through ANMS software and created 563 fake IDs and started booking e-tickets illegally."

He even rented out the hacked ANMS software, which led to the department incurring losses up to crores of rupees. He also had in his possession a Pakistan-based DARKNET software and Linux software to hack central government websites, bank accounts etc. He had gained access to government websites and banned websites.( by deccanherald) 


Hanumantharaju worked for Mustafa in selling the e-tickets illegally. The RPF couldn't file the report under IT act, so instead they filed the complaint with the city Police under IPC Section 419 (cheating by personation) and 420 (cheating).

The accused are still under RPF custody but will soon be moved to the city Police station,  Rajagopala Nagar Police Station.
The IRCTC mobile app can be download by anyone and used to book tickets online within two minutes, five tickets per month for personal usage. The accused made hundreds of IRCTC accounts to book several tickets.