The Plot
I was looking for a new broadband connection from Jio Fiber. I filled out their registration form and received a confirmation message: “Coming to your area soon! We are expanding our network rapidly and will contact you once we reach your neighborhood.”
Sometime in July 2020, I got a call from a Jio Fiber sales executive asking if I was interested. I excitedly said, “Yes!” but after checking my location, he told me their service wasn’t available. The conversation ended, and I saved his number for future inquiries.
Jan 15, 2021, 3:00 PM, I got a call from the same person asking if I still needed a Jio Fiber connection. I confirmed, and he sent two team members to visit my residence for registration.
Jan 15, 2021, 5:00 PM, As expected, the team arrived within two hours. First, they completed my e-verification. Then, they triggered a payment request via SMS, which contained a unique, self-expiring payment link to Jio’s website.
I carefully verified the URL to ensure the payment was going directly to Jio. Once I was sure, I completed the transaction on my mobile phone. The sales team verified the payment and left, assuring me that their service team would contact me soon for installation.
SO FAR SO GOOD.
I wasn’t available the next day, so I requested installation on Jan 17, 2021, between 10 and 11 AM. Since daylight fades quickly in the evening, working outside later would be difficult. An early start would also give them enough time to handle any last-minute technical issues.
THE CLIMAX
I waited until noon on January 17, 2021, but no one arrived. I didn’t receive any SMS or phone call about the installation. I called the sales executive, and he said there were delays. He assured me the service installation team would reach out soon.
January 17, 2021, 1:46 PM: I received my first official Jio Fiber SMS. It stated that the service engineer would visit my premises by 6:30 PM. I preferred not to have them visit after dusk, but I didn’t want to waste another day rescheduling. I decided to go ahead with their timing.
January 17, 2021, 6:00 PM: After waiting the entire day with no calls or visits, I tried calling the salesperson. He didn’t answer. Sometimes his number was busy, but when I called again, he ignored my calls. At this point, I felt cheated. I started looking for Jio support options.
I knew my money was safe since I paid through Jio’s official website and received a bank confirmation message.
First, I called Jio Fiber’s customer support numbers: 1800-893-3333 and 1800-896-9999. I got stuck in the IVRS system and didn’t have the patience for its long instructions. After a few minutes, I hung up.
Out of frustration, I tweeted @JioCare, asking them to call me. I also included my phone number in the tweet.
That was my mistake.
@JioCare responded to my tweet with a reply that made no sense. I called the provided number, 1800-893-3999, but the person on the line wanted to speak to my local referee. The call ended without a proper resolution.
A few minutes later, I received a call from +91-8597857024. TrueCaller identified the caller as Customer Care. The male caller said he was calling on behalf of Jio’s customer care and asked about my complaint on Twitter.
I told him that no one had shown up for the installation or provided any updates. He listened and then said a verification process was required before installation. He asked me to install an app.
“An app?” I asked. I told him the sales team had already completed e-verification at my residence. He claimed that the previous verification had failed due to system errors and insisted on another round, assuring me it would be the final step.
At this point, I was suspicious. He told me to go to the Google Play Store and search for “QS,” which led to the TeamViewer app.
I asked what he planned to do with the app. He said it would connect Jio’s server to my phone for verification.
I pressed further. “What happens after my phone connects to Jio’s server?” He said there would be simple steps to follow and then asked if I had installed the app.
I said, “Yes!” He immediately asked for my TeamViewer ID.
I didn’t have a spare phone to play along, nor the patience to entertain a scammer. So, I asked him if he had seen the latest movie, Jamtara.
After a pause, he disconnected the call.
For those unaware, Jamtara is a Netflix movie about small-town scammers running a phishing operation from Jamtara, Jharkhand.
What could have happened?
Phishing scams have existed for a long time. In the past, people received emails from someone claiming to be in a distant land (often Nigeria). The sender would say a prince had died, and a corrupt figure was trying to seize the kingdom’s wealth. To escape, the sender needed a bank account to temporarily hold millions of dollars.
In return, the recipient was promised a generous reward for helping. But to access the prince’s fortune, an upfront payment was required for processing and verification fees. Over time, scammers adapted to new technologies and found more sophisticated ways to deceive people. Wikipedia has an in-depth article explaining this fraud practice – Advance-fee scam.
In my case, the scammer used scraping tools on social media platforms like Twitter to identify dissatisfied customers. He wouldn’t have reached me if I hadn’t publicly tweeted my phone number, asking @JioCare to call me back because I couldn’t reach them.
The scammer called, took advantage of my frustration, and manipulated me into following instructions that gave him full access to my phone. From there, he could have executed his plans.
Similar Incident
My cousin found a great deal on a pack of 12 face towels at Shopclues.com. Without hesitation, he placed the order using cash on delivery (COD).
Shopclues is an online marketplace where sellers list and sell products directly to customers. The platform does not verify the contents of shipments. Instead of receiving the towels, my cousin got two sets of defective rice lights. He asked the delivery person to take the package back, but the request was denied. The delivery person, just doing his job, advised him to contact Shopclues for a return or refund.
Shopclues has a dedicated returns and replacement page. It states that customers must file return requests for damaged, missing, or incorrect products within two days of delivery. The website provides step-by-step instructions for returning items.
Instead of following the official process, my cousin searched for Shopclues’ support phone number on Google. He found +91-9883398924 and called it. The person on the other end posed as Shopclues’ customer support. He listened to the issue, apologized for the inconvenience, and assured my cousin that he would receive a refund without needing to return the product.
To process the refund, the scammer requested verification. He asked for my cousin’s debit card details and used them to make a Rs. 1,099 purchase on Amazon India.
Minutes later, my cousin received this bank message:
Dear Customer, tx#VU9682298435 for Rs1099.00 by SBIDrCARD X2256 at AMAZON on 23Jan21 at 14:08:20. If not done forward this SMS to 9223008333/18001111109/9449112211 to block card.
Realizing he had been scammed, he went to the police station to file a report. He found several others there with similar complaints. The authorities were overwhelmed with fraud cases.
Are Phishing Scams happening only in India?
No, phishing scams happen worldwide.
In 2018, I was managing Facebook ads for a US-based e-commerce company. One night, my client discovered that their Facebook account had been suspended. Since it was past midnight in India, they tried to resolve it themselves.
They searched for Facebook’s support number but couldn’t find one. Eventually, they found +1-855-490-9444 on an unofficial website and called it. An automated message greeted them and then connected them to a representative. The scammer listened to the issue and transferred the call to a so-called billing manager.
The “manager” claimed the account could be reinstated but required verification. He asked for a $500 Google Play Card code. My client complied. After each attempt, the scammer said there was a “timeout error” and requested another $500 card.
By the time my client contacted me at 7 AM IST, they had lost $7,000.
Scammers prefer Google Play Cards because they offer anonymous transactions, unlike credit cards or bank accounts, which allow chargebacks and fraud investigations.
As of February 2021, the number +1-855-490-9444 is still active.
How To Identify A Phishing Scam
Recognizing a phishing attempt in real time is challenging. Even professionals fall victim. NDTV journalist Nidhi Razdan was tricked into believing she had a job at Harvard University. She quit her 21-year career at NDTV, only to later realize it was a scam.
I have been the victim of a very serious phishing attack. I’m putting this statement out to set the record straight about what I’ve been through. I will not be addressing this issue any further on social media. pic.twitter.com/bttnnlLjuh
— Nidhi Razdan (@Nidhi) January 15, 2021
How to Protect Yourself from Phishing Scams?
Phishing scams are becoming harder to detect. Stay cautious to avoid falling victim:
-
-
Stay Calm
Scammers rely on panic. If you face an issue, take a step back. Research before taking action. Talk to someone you trust. Search for similar cases on Quora or consumer forums. Be skeptical of advice from unknown sources.
-
Communicate Through Official Channels
Many companies, including Facebook, do not offer phone support. If you can’t find a number on the official website, assume there isn’t one. Instead, check their support pages, FAQs, or community forums. Amazon India offers chat and phone support directly on its website. Walmart, Apple, and other companies also provide verified customer support options.
Fake online lottery or prize notifications are common scams. If you receive one, report it through the company’s official contact channels.
-
Be Careful with Google Search Results
Search engines display a mix of results, including organic links, ads, and featured snippets. Scammers take advantage of this by creating fake customer support pages with fraudulent phone numbers. Always verify contact details from official websites.
-
Avoid Sharing Sensitive Information
Scammers monitor social media for distressed users posting complaints. Be cautious about sharing personal details, including phone numbers, in public forums. Even legitimate businesses ask customers to send sensitive information through private messages to avoid exposure.
By staying alert and following these steps, you can reduce the risk of falling for phishing scams.
-
Do Not Click On Links Listed Through Email / SMS
Do not click on links in emails or SMS messages from unknown sources. Avoid opening attachments in suspicious emails. Scammers often hide real website addresses using URL shorteners like Bitly. For example, www.rahulbasu.in may be hidden inside a Bitly link like http://bit.ly/3pzXz85. Always check links carefully before clicking. Fraudsters create domain names similar to real websites. For example, www.wolmart.com (using “o” instead of “a”). Many people overlook such minor changes and fall for scams.
Scammers also send phishing emails and text messages offering work-from-home job opportunities, Health insurance or Medicare information, Loans or financial relief. To stay safe, install tools like McAfee WebAdvisor. It helps detect malware and phishing attempts without affecting browsing performance.
-
-
Do Not INSTALL Any Mobile Application
No customer service representative will ask you to install a mobile or desktop application for verification. If someone asks you to do this, they are likely a scammer.
-
Do Not Transfer or Receive Money For Verification
Scammers claim you have won large sums of money and ask for a small test transfer via Paytm or Google Pay to verify your account. These are scams. There is no such thing as easy money.
-
Do Not Share OTP, Debit Card, or Banking Credentials
Banks use OTPs as an extra security layer. Never share them with anyone. No customer service representative will ask for your OTP over the phone. Some companies, like Xpressbees and Delhivery India, send OTPs for package deliveries. Only share them with the delivery agent after receiving your parcel. Decathlon India allows customers to sign in using their phone number and OTP instead of a password. Understand these processes and share OTPs only when necessary.
What are some online frauds you have experienced? Share your comments below:
