Scammers use UC Browser ads to direct users to fake Flipkart sites, dupe them

A tech expert on Twitter found that scammers were using advertisements on UC Browser to dupe users with lucrative offers on smartphones and laptops seemingly offered by Flipkart.

Over the last two years, access to the internet in Tier 2 cities and beyond has been seeing increasing adoption. Eyeing the opportunity, several companies joined the race to make inroads into the untapped region, and homegrown Flipkart is one of them. Though the company has been successful in shifting its focus towards “Bharat”, it is facing challenges to tackle the increasing cybersecurity concerns.

The Walmart-owned ecommerce company has recently been hit hard by scammers. The fraud came to light after a Twitter user highlighted that on the UCBrowser browsing app on Android, ads showing discounted mobile phones have been making rounds with the tag of Flipkart.com and Flipkart Assured. When clicked, the advertisements are directing the user to a website, which has the look and feel of the official Flipkart website. But the reality is that it’s just a phishing scam.

How Does The Fake Flipkart Scam Work?

The first red flag is that the offers are too good to be true. Further, when anyone tries to buy the product, they were guided to Paytm for the payment. However, even as Paytm prompted the user to pay at only trusted websites, the instructions were in English, which would confused anyone who is using regional language apps or websites.

Further,  the payment on Paytm was being directed to “Agrawal Sweets”, while the transaction supposedly originated on Flipkart. Again, this is something that might be missed by an unsuspecting user.

Flipkart Says It Is Making Efforts

When contacted by Inc42, Flipkart said that it has a stringent process to check for fake and phishing sites. “At Flipkart, a large part of our efforts are directed towards ensuring our customers are educated and well-informed. We have a robust continuous process in place to monitor, identify and take legal action against fake/lookalike domains, phishing sites and fraudulent websites, apps and social media pages that attempt to bring disrepute to Flipkart by impersonating our brand and thereby cheating and defrauding our customers and the public at large,” the statement added.

The company also said that it has constituted a dedicated Brand Protection Council, which is a cross-functional team of experts from disciplines such as information security, application security, legal, compliance, communications, customer experience and customer support.

“The role of this group is to assess, monitor, report and take legal action against perpetrators of such fraudulent activities as well as take preventive measures through systems, technologies and customer education. In the past year, we have reported and taken down a number of such fraudulent online sites,” it added. However, the company didn’t specify the number of such cases.

After the Tweet went viral, several other users commented on the thread saying that they have also faced similar issues. One user mentioned that he had reported a similar issue to Flipkart in October 2019 with screenshots. “My father had asked me if this was good to go as he was surprised by the low prices, glad I saw the URL,” the user added.

 

Phishing Attempts In Ecommerce

Another ecommerce unicorn Snapdeal, today (January 20), said that it has secured a Delhi High Court order, which led to the removal of nearly 1200 fraudulent links from Twitter. “Various entities that are in no way associated with Snapdeal had established URLs/links accessible through Twitter. These were in violation of the copyright and registered trademarks of Snapdeal and also sought to represent that they are the official twitter handles of Snapdeal,” the company added.

In the wake of the rising phishing attempts, ecommerce companies have been setting multiple checks and balances to mitigate such cases. In October 2019, a group of startups including MakeMyTrip, OYO, Paytm, Swiggy, Zomato, and Uber met the Reserve Bank of India (RBI) and made a joint representation on the online frauds with the plan on how to curb them. The online frauds are reportedly engineered via phone calls by fake toll-free numbers or serial bank account generators.

Indian ecommerce has surged through times of customer trust deficit, especially in terms of online payments and right product delivery. Further, last year, the Ministry of Consumer Affairs, in August 2019, had introduced ecommerce guidelines for consumer protection 2019 with an aim to prevent fraud, unfair trade practices and protecting the legitimate rights and interests of consumers. These guidelines have put in additional responsibility on brands to ensure customer safety.

After the story was published, UC Ads team in a statement to Inc42 said, “We have removed the mentioned Ad from our platform on an immediate basis and launched an internal review of the advertising mechanism that led to this. User experience and benefit remain our top priority.”