Hackers use phishing to defraud millions of potential EV buyers and dealers


NEW DELHI: On December 6 last year, Twitter user Aniket Mudame posted a photo on Twitter detailing a document he received about opening an Ola dealership. Mudame wrote that he had received an email “for electric vehicle dealer Ola”, which asked 25,000 from him, presumably to start his own Ola electric scooter dealership.

Mudame, like many others, tagged Ola Electric’s Twitter account to ask if the letter was real or not. But while those users had the wherewithal to seek advice, thousands have fallen prey to phishing scams designed to take advantage of gullible users looking to jump into the “electric vehicle (EV) revolution”.

In these scams, the attackers send emails or advertisements to users offering them the opportunity to become dealers or buyers of electric vehicles. They use these emails to direct users to fake websites and scam them into asking for registration fees etc.

On Wednesday, Bengaluru-based security firm CloudSEK said it noticed an increase in phishing campaigns designed to take advantage of the growing demand for electric vehicles since the second half of 2021.

According to the company, scammers used Google ads to redirect users to phishing sites that collect user data and money. They felt that these scams were used to rip off 4-8 crore users so far, each site demanding 2-4 lakh for various reasons.

In addition to Google ads, CloudSEK research found that scammers are registering fake internet domains that look like those held by legitimate EV manufacturers and marketplaces. They also manipulate search engine optimization (SEO) techniques to show up on generic searches as well as searches for specific electric vehicle brands. The money is collected in the form of reservation or reservation fees, security deposits or to become a reseller of electric vehicles.

Certainly, manufacturers of electric vehicles are also aware of the problem. “The growing demand for electric vehicles has proven to be a boon for businesses and individuals. However, it has also opened up another avenue for ripping off or exploiting the masses,” said Sohinder Gill, CEO of Hero Electric.

A spokesperson for Ather Energy, one of India’s oldest electric vehicle startups, agreed. According to the spokesperson, the company first came across such a scam last year and has been monitoring such activity “proactively” ever since.

“Over the past few months, we have come across a handful of fake websites, such as atherenergydealership.com, atherenergydealer.in, atherelectricdealer.com, which deceptively resemble our website, complete with our name and trademarks. These websites also provide a link to apply and make payments. These fraudulent websites made fake vehicle reservations, issued a ‘Letter of Intent’ and asked users to pay an amount of INR 2,999 for check-in and security,” the spokesperson said.

A former employee of Ola Electric, who has now left the company, said the company was well aware of these scams when it started the recordings. The employee, who did not wish to be named, added that while some electric vehicle companies have attempted to warn users through social media posts etc., they are unlikely to ” are trying to spot and thwart these scams” actively by forming teams, he Ola Electric did not respond to a request for comment on this story.

According to Faisal Kawoosa, founder and chief analyst of market research firm techARC, the problem is endemic and occurs in all sectors where consumer interest is high. “When a bigger player disrupts the way products are reserved, consumers end up thinking that this industry is operating like that and it allows fraudsters to deceive them,” Kawoosa added.

Google ads are also used by electric vehicle companies to generate leads, and scammers take advantage of this as well. “They even bid on keywords and take the top spot. If someone searches, their results show up at the top and users end up clicking on them,” Kawoosa added.

Ather said he also filed cyber fraud complaints and referred victims to jurisdictional police when he learned of the scams. It also notified abuse to domain registries and search engines, and to raise awareness among stakeholders, it issued public notices through national social and print media notifying everyone of its official website. “We also posted a disclaimer on our website and actively emailed our stakeholders and posted disclaimers on our social media handles,” the spokesperson said.

To subscribe to Mint Bulletins

* Enter a valid email address

* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our app now!!


About Author

Comments are closed.