[P.S:. I thank Mr Niket Popat, a security professional from Gujarat for bringing this potential scam to my notice.]
Some time back, we had brought to the notice of the public through our article: “Jio upgrade Phishing..Jio and Hyderabad Police should act” , an attempt to impersonate Jio and cheat public through a phishing site. In the article, I had provided an e-mail and mobile to be investigated.
I am reasonably certain that neither the Police nor the Jio itself took any action in this regard as “complacency” and “”Irresponsibility” is a common trait and it is one reason that India is always moving from one crisis to another. If WannaCry has passed over, there will be other malware that will soon attack us because some body somewhere is negligent and release a software with a bug, or keep the software unpatched or click on a poisoned hyper link.
However, it is one of the duties of security professionals not to lose hope and be optimistic that at least after repeated reminders, some effective action will follow.
Now it is the time of Flipkart and Bangalore Police to take suomoto action on what is being presented here so that possible frauds in the name of Flipkart can be prevented.
We have here an evidence of a preparation by some fraudsters to commit a fraud by impersonating themselves as “Flipkart”. We also have a proof that this is a case of impersonation which is punishable under ITA 2000/8 as a cognizable offence under Sections 66C and 66D with 3 years imprisonment. Also it is business prudence that if some of these frauds go through, it will hurt the image of Flipkart and therefore it is PR issue for the company. Also, if the frauds go through because Flipkart allowed it to go through, we can allege Flipkart to be complicit in the successful perpetration of the fraud by its “Passive assistance” which could be considered as an offence under Section 43 of ITA 2000/8.
A Fake website in the name of www.flipkart-big-sale.com has been registered and hosted by a fraudster with a message indicating sale of a number of popular items at throw away prices just like the 97% discount sale in Amazon reported here some time back.
The victims may make payment of the money and either not get any response, or get fake products or get some junk. The exact manner in which the fraud may take place is not known.
It is also possible that the site may use this offer to get the credit card details with CVV number and then simply reject the payment and sell the information to another fraudster who uses the credit card credentials to fraudulently withdraw the money. Then the victim may not even be able to connect the attempted purchase attempt that has failed to the credit card fraud and find it difficult to recover the amount.
It is possible that the fraud has already started from 17th May 2017 because the website has been registered on that day and there may be already some victims. Soon there will be a number of WhatsApp messages that will go viral and try to make people try this sale offer.
Many may think that Flipkart has just concluded a Big Sale and hence many may think that the the Big sale must still be open and respond to this advertisement.
The website has been registered with GODADDY.COM.LLC who is a registrar accredited by ICANN. If the fraud is successful, both GODADDY and ICANN will be accomplices.
According to the details of registration the website has been registered by a person by name Abhay Shanka, New Delhi with an email address hx90214@yandex.ru. In all probability the address and the phone number may be wrong.
According to the domain name registration rules, GODADDY cannot register domain names when the registration particulars are false.
Registration of a domain name with false particulars is itself a fraud which GODADDY should not condone. We remember that GODADDY is a beneficiary of this domain name registration and hence their hands are not clean.
It may be recalled that in the celebrated “Baazee.com” case where the company and the CEO faced criminal trial for a Section 67 (ITA 2000) offence committed by one of their customers, the fact that Baazee.com was a commercial beneficiary of the transaction was an important point that weighed against the Company.
Though apparently there is a false information, if Police is interested, it is possible to investigate and identify the registrants.
We are aware that recently, Republic TV brought out some information on ISIS activities in Hyderabad at great risk to the life of its reporters which constituted credible evidence. But the Police were reluctant to act. They registered the case and questioned the suspects but did not secure them though the alleged offences were all serious offences where life imprisonment was possible.
At the same time Police in Karnataka are known to have recently arrested an Auto driver for being an administrator of a WhatsApp group in which some objectionable content was posted.
So it all depends on the intentions of a particular police officer. If he is interested, the case is pursued. Otherwise, it is not of interest.
It is however necessary for Flipkart to take action including immediately getting the domain name blocked immediately by sending a notice to GODADDY. It would be better if they file a complaint with the Police so that the matter cannot be ignored.
If Flipkart can make an example of this case and gets the persons involved in the fraud punished, then such fraudsters may think twice before tarnishing the Flipkart name again.
Will Flipkart and Bangalore Police Act? and try to prevent the crime?… Let’s wait and watch.
Naavi