New method to dupe online customers comes to light

Tribune News Service

Shimla, September 16

Beware while shopping from online sites as the anti-social elements have adopted new modus operandi in which culprits utilise PDF attachments to steal the login credential of purchasers.

Often, when a customer purchases any product from e-commerce sites such as Flipkart, Amazon, Snapdeal, Myntra, he receives an invoice copy (PDF attachment) on his registered e-mail address which contains product details, quantities and pricing, says highly placed sources.

In the new modus operandi, fraudsters, pretend to be sales team member of well-known e-commerce group, send a purchase invoice and bill to the purchaser’s e-mail address.

Once the buyer opens the PDF attachment, it shows a login prompt, asking the victim to enter the e-commerce login ID and password to view the account summary information.

A non-vigilant user might think it as a security feature designed to keep his private information safe.

Once the credentials are entered, they have full access to the purchaser’s e-commerce account which can be misused like placing high-value purchase orders or changing the delivery address of the already placed order.

The police have suggested that while shopping, the customer should always check sender’s e-mail address domain to verify the authenticity, check purchasing invoice and bill at the official websites as credible e-commerce organisations never ask login credentials to open any attachment and do not click on any link or attachment sent by unknown sources since it may contain virus or malicious code to infect the devices.

The modus operandi

In the new modus operandi, fraudsters send a purchase invoice and bill to the buyer’s e-mail address. Once he opens the PDF attachment, it asks the customer to enter the e-commerce login ID and password to view the bill. Once the credentials are entered, they have full access to the purchaser’s e-commerce account which can be misused like placing high-value purchase orders or changing the delivery address of the already placed order.