Report

The world of WhatsApp impersonation scams, using the identities of the rich and powerful

On September 7, Satish Deshpande received a message that seemed, at the time, perfectly normal.

Deshpande, a director at Pune’s Serum Institute of India, got a WhatsApp text from an unknown number but using the profile photo of his CEO, Adar Poonawala. The message asked him to transfer Rs 1.01 crore to certain bank accounts. It was a lot of money but Deshpande didn’t blink. He asked his finance team to do the needful at once.

Sadly for Deshpande, it was a scam. He’s not the only one to have fallen for it – there’s an entire world of WhatsApp scams, where hackers impersonate the rich and famous on the messaging platform to dupe friends, family members and colleagues.

These scams have spiked in India over the last 10 months, though there’s no clear data on the number. Top cops in Kerala, Goa and Punjab told Newslaundry they estimate it to be around 50 cases across the country. Victims are targeted by crooks posing as police officers, high-profile businessmen and politicians. Some states have also issued advisories warning the public about these scams.

In Telangana, for instance, an IAS officer tweeted in May that someone was posing as him on WhatsApp “asking for money from my staff/others”. Ashok Kumar, special chief secretary of urban development, filed a complaint with the Jubilee Hills police station in Hyderabad.

Station house officer S Rajshekhar Reddy told Newslaundry the messages to Kumar’s staff came from an unknown WhatsApp number that used Kumar’s picture as a profile photo. “The messages stated he was in an urgent meeting and can’t take calls, with a request to transfer money to an account,” Reddy said. “Our investigation is going on but we have not arrested anyone.” No one from Kumar’s staff fell for the scam.

The WhatsApp number used for this purpose was traced to one Mahendra Prajapati in Gujarat. The police said Prajapati’s number was “hacked” by fraudsters using an app and then used to text Kumar’s staff.

Another case in Telangana was reported in June, involving another IAS officer called Divya Devarajan. Devarajan is a special secretary with the department of women, children, disabled and senior citizens. Junior officials in her department received messages – sent from an unknown WhatsApp number using Devarajan’s photo – asking them to recharge her Amazon gift card.

The messages included links (but not to the Amazon website) to multiple cards of differing values. The messages also said Devarajan could not take phone calls due to an “emergency”. Two junior officials ended up “recharging” the card Rs 1.25 lakh.

The Hyderabad police’s cybercrime department arrested two people – Anand Kumar, 21, from Bihar and Raghav Appu from Bengaluru – for the fraud. But Gajurao Bhupal, deputy commissioner of police of Hyderabad’s cybercrime unit, told Newslaundry the “main culprits behind this impersonation scam are operating from Nigeria”.

On the purported recharge of an Amazon gift card lying at the heart of the scam, Bhupal said, “The gift card is sold by these fraudsters through different websites at a discounted rate of 30 percent. In this case, they were selling it through a website called paxful.com. The Indian nationals we arrested used to buy these discounts, sell them at a discount of 10 percent, and make money. They were totally aware that they were dealing with Nigerians indulging in WhatsApp impersonation frauds.”

Bhupal believes “WhatsApp impersonation cases” are now a “countrywide problem” with “prime operators in Nigeria”. He did not provide any data on this and Newslaundry found no data to corroborate this claim.

Independent media plays a critical role in sustaining democracy, telling stories that need to be told and asking questions that demand answers.

Kerala teacher scammed by ‘DGP’

In March, the Kerala police arrested a “gang” of “Nigerian origin” that was behind purported WhatsApp scams. A teacher in Kollam district had received a WhatsApp message from an unknown number, telling her she had won a lottery and had to pay tax charges to collect her prize.

She ignored the message.

Shortly after, the teacher received a WhatsApp message from another unknown number – this time claiming to be from Amit Kant, the director general of the Kerala police and carrying his photo as the contact’s profile picture. “Kant” told her a case would be filed against her if she didn’t pay the charges.

The teacher transferred Rs 14 lakh to a bank account, as instructed by the message.

“The fraudsters intimidated her using the state police chief’s picture and message, using his identity,” said T Shyamlal, deputy superintendent of the Kerala police’s cybercrime cell, who investigated the case. “They said he was in Delhi and that she should pay the amount before he comes back. They also said the DGP is discussing the matter with the Delhi police and that she would be arrested.”

The teacher, alarmed, had called the DGP’s office and was told he was, in fact, in Delhi. Shyamlal said local Delhi papers had carried the news of the DGP’s visit, so whoever was behind the scam used the information to their advantage.

“After getting an affirmative answer, she believed the message to be true,” Shyamlal said. “She got frightened and transferred the amount to the account number sent by them.”

The police arrested a Nigerian man in Delhi, though they believe there is a “whole group” involved too.

“We have observed such cases in the last six months,” Shyamlal added. “Fraudsters use the identities of top police officials, politicians and other officials. In many cases, they have sent messages to colleagues and juniors.” He did not provide data on the specific number of cases reported in Kerala in the last six months.

From Goa to Punjab

In August, the Goa police investigated a series of similar cases. Government employees were receiving WhatsApp messages asking for money, and these messages were sent by people claiming to be chief minister Pramod Sawant, health minister Vishwajeet Rane, and Goa police chief Jaspal Singh.

“They were using the identities of ministers and senior bureaucrats. We alerted the public which helped prevent the fraud,” said Nidhin Valsan, a superintendent of police with the cybercrime unit. “We blocked the WhatsApp numbers being used, tracked them, and found they belonged to common people who don’t use them for WhatsApp. One of them was a truck driver who was unaware of social media.”

Here too, Valsan said, they tracked “IP addresses used to hack these numbers” and found that “most of them belong to Nigeria”.

Last week, the Punjab police’s cybercrime cell got the first prize for “successfully cracking WhatsApp impersonation cases”. This award is instituted by the National Crime Records Bureau.

Deepak Singh, a deputy superintendent with the state cybercrime unit, told Newslaundry that, similar to other states, the cases in Punjab usually play out with a scammer impersonating a senior police officer, IAS officer, or minister to their junior staff.

“A large number of messages were related to pumping money into Amazon gift vouchers,” Singh said. “They managed to dupe their targets of Rs 7-8 lakh. We filed eight FIRs and arrested three people of Nigerian origin from Delhi. There are many more and we are investigating.”

The fraudsters would pay people like rickshaw pullers and labourers to open bank accounts, Singh explained, and then ask the targets of the scam to transfer money into these accounts.

“We arrested the accused on the basis of the number of multiple withdrawals made by them from different accounts,” he said.

Police officers from Kerala, Goa and Punjab told Newslaundry this was fairly common – people from marginal income groups, who did not use social media, were bribed to set up bank accounts or to hand over their WhatsApp numbers to use for scams.

“These impersonation attacks use open source intelligence like TrueCaller,” said Ajit Hatti, who works in cybersecurity. “The address book of TrueCaller’s users is public. Cyber criminals use it to find the owner of a phone number. Once that name is identified, they use a person’s social media accounts to learn more about their personal and professional lives, which helps them target that individual.”

As for victims, Hatti said people often don’t verify WhatsApp messages “under pressure to please their seniors or help their family members”.

“Tricksters play on emotions and fear to target their victims,” he added. “In such cases, the people who own the numbers and accounts used by fraudsters are called ‘mules’. When the police try to track down culprits, they generally only find the mules.”

Cybersecurity investigator Ritesh Bhatia told Newslaundry there’s been a spike in such cases over the last six to eight months. “If a junior or staff member gets a message from a boss or senior, they generally tend to follow it,” he said. “Cyber criminals take advantage of this to dupe their targets who, without verifying, transfer the amount or follow the order, thinking their boss or senior asked them to do it.”

He cautioned, “In the cyber world, one shouldn’t do anything without verifying things. You should not trust anyone on the internet without verifying. You don’t know who you are talking to on social media. So, avoid doing any transaction or following an order without verifying it.”

Also Read: Sachin Agarwal is defrauding people looking for oxygen. Who is he?

Also Read: Booze home delivery: Not pop and pour but new avenue for fraudsters