A new e-commerce scam has come to light in Lucknow, the capital of the Indian state of Uttar Pradesh, involving Amazon customers. The scam involves the hacking of customer accounts to divert refunds issued by Amazon to Airtel e-wallets run by the hackers. According to a report by the Times of India, the scam has affected 1,500 Amazon India customers in Lucknow.
The matter came to light after some customers complained that they had not received their refunds in their bank accounts. Amazon India then investigated and found that the money had been diverted to the accounts of the hackers, particularly using Airtel e-wallets to receive the funds. The matter affected customers who paid cash on delivery for their purchases. Since a refund must be paid to a bank account in this case, it was the chosen method by the hackers.
However, the hack involved a simple method which we’re surprised customers still fall for: giving away an OTP to someone on the phone. The attackers called these customers pretending to be Amazon officials processing the refund, asked for the OTP, and then used it to add their own e-wallet details to the customer’s account. The refund would then be paid to them, instead of the customer’s bank account.
WATCH: Amazon Prime Video Review
Amazon India has filed a police complaint in this matter, and although the amount of money siphoned off hasn’t been calculated yet, it is believed to run into several crores of rupees. The likelihood of involvement of company officials is high, since that would be the way that the scamsters gained access to the mobile numbers of those customers who had returned a product purchased with cash-on-delivery as a payment method.
Notably, such a scam wouldn’t work with any other payment method, since the refund would be paid to the same medium; for example, a credit card refund would be paid back to the customer’s same credit card as a reversal. Investigations are on in the matter.