Hackers use phishing to dupe potential EV buyers, dealers into crores

Mudam, like many others, tagged Ola Electric’s Twitter account asking if the letter was genuine or not. But while these users had the means to seek advice, thousands fell prey to phishing scams designed to take advantage of gullible users jumping on the ‘electric vehicle (EV) revolution’.

In these scams, attackers send emails or advertisements to users and offer them an opportunity to become a dealer or buyer of electric vehicles. They use such emails to direct users to fake websites and dupe them out of money by demanding registration fees etc.

On Wednesday, Bengaluru-based security firm CloudSEK said it has seen a spike in phishing campaigns designed to take advantage of the growing demand for EVs since the second half of 2021.

According to the company, scammers were using Google ads to mislead users on phishing sites that collect user data and money. He speculated that such scams were used to scam 4-8 crore from users so far, demand of each site 2-4 lakhs due to various reasons.

In addition to Google ads, research from CloudSEK has revealed scammers registering fake Internet domains that resemble domains owned by legitimate EV makers and marketplaces. They are also manipulating search engine optimization (SEO) techniques to appear on general searches as well as searches for specific EV brands. The money is collected under the guise of reservation or booking fee, security deposit, or becoming an EV dealer.

To be sure, EV manufacturers are also aware of the problem. “The growing demand for EVs has proved to be a boon for businesses and individuals. However, this has opened another avenue for fraud or exploitation of the public,” said Sohinder Gill, Chief Executive Officer, Hero Electric.

A spokesperson for Ather Energy, one of India’s oldest EV startups, agreed. According to the spokesperson, the company first encountered such scams last year, and has been “actively” seeking such activities since then.

“Over the past few months, we have come across some fake websites, such as atherenergydealership.com, atherenergydealer.in, atherelectricdealer.com, which are deceptively similar to our website, with our name and trademark. Those websites also provide a link to apply and make the payment. These fake websites made bogus vehicle bookings, issued a ‘letter of intent’ and asked users to pay an amount of Rs 2,999 for registration, security,” the spokesperson said.

A former employee of Ola Electric, who has now left the firm, said that the company was well aware of such scams when it first started registering. The employee, speaking on condition of anonymity, said that some EV firms have tried to warn users through social media posts etc. trying to fail”, he said. noted it. Ola Electric did not respond to a request for comment on this story.

According to Faisal Kawoosa, founder and chief analyst at market research firm TechARC, the problem is massive and occurs with any sector that has high consumer interest. “When a big player disrupts the way products are booked, consumers tend to think that this is how the sector operates and this can lead to fraudsters defrauding them,” Kawoosa said.

Google ads are also used by EV firms to generate leads, and scammers take advantage of this as well. “They bid high on keywords and take prominent positions and if someone searches their results appear at the top and users click on them,” Kavosa said.

Ather said it has also filed cyber fraud complaints and when it learned of the scams it directed the victims to the jurisdiction’s police. It has also notified misuse of domain registries and search engines, and to raise awareness among stakeholders, it has issued public notices through social and national print media informing everyone about its official website. “We have also put up a warning notice on our website and are actively sending emails to our stakeholders and posting the disclaimer information on our social media handles,” the spokesperson said.