- Category: Adversary Intelligence
- Industry: Hospitality
- Motivation: Financial
- Region: India
- Source*: A - Reliable; 1 - Confirmed by independent Sources
Executive Summary
THREAT
- Threat actors are uploading images showcasing their phone numbers on google listings of hotels.
- When an unsuspecting user contacts these phone numbers they are asked to make an advance payment for reservation confirmation.
- ~71% of the targeted audience fell prey to these scams.
IMPACT
- The fake custom care numbers are being misused by scammers to lure customers of hotels which is resulting in a monetary loss for the victim.
- Brand image loss to the hotel.
MITIGATION
- Run aggressive awareness campaigns to educate users about the ongoing scams.
- It is recommended to identify and immediately suspend or takedown such google accounts spreading Fake Customer Care Numbers.
- Book only via trusted channels and avoid putting upfront deposits.
Analysis and Attribution
Information from the Post
- CloudSEK’s researchers found several google accounts posting similar-looking photos on hotel listings.
- Multiple sets of these images had the same background but different phone numbers were written on them.
- These phone numbers are written in such a way that OCR could not read them but are readable by humans.
Analysis of the Numbers
An in-depth analysis of the numbers suggested the following points were observed in this campaign:
- Threat actors are not limited to any geographical area and have posts across various states in India. A major concentration of this campaign was observed in the pilgrimage cities (Jagannath Puri, Ujjain, Varanasi).
- Hotels and homestays from all price categories are being targeted in this campaign.
- Threat actors are regularly creating new google accounts and using new phone numbers to keep the scam running.
- It remains unknown whether this campaign is operated by a single actor or a group of people, however, our research was able to uncover multiple google accounts advertising different numbers.
- Truecaller records indicate that around 71% of the calls from the 19 fake numbers discovered during our research were answered by individuals who could become victims. On average, 126 calls were made from each number.
- Notably, the names associated with the scanned numbers on Truecaller profiles did not match the names linked to their Google accounts.
- Multiple google accounts were observed advertising different phone numbers in a single hotel listing. (For more information please refer to the Appendix section)
- As observed in previous instances of fraudulent customer care schemes, the perpetrators, in this case, employed a combination of the three primary telecommunications providers, with the majority of the registered numbers originating from the eastern and northeastern regions of India.
List of Google Accounts & Phone Numbers Used by Scammers
References
- *Intelligence source and information reliability - Wikipedia
- #Traffic Light Protocol - Wikipedia
- An Analysis of the Fake Customer Care Numbers In India | CloudSEK
Appendix
