Case I
The owners of Saldanha Bakery were taken aback when in December 2022 about 10 customers complained about not receiving cakes they had ordered and paid for online. It turned out that they had been duped by a fake Facebook page, a website and ads on Google.
Case 2
When home delivery became the norm after the pandemic, Peter Hu?, Mocambo and Peter Cat were flooded with calls from customers complaining about food not reaching their home though they had transferred money to the restaurants’ bank accounts. Fake Facebook pages were at work here, too, with tempting offers such as ‘Buy 1 chelo kebab and get 2 free’.
Case 3
Wow! Momo has received more than 50 complaints from across the country since 2021 from people who have been duped by clone websites of the chain.
In all the above cases, the restaurant owners alerted Kolkata Police and filed complaints
The crime trend
Cyber fraud has been around for many years but since the COVID-induced lockdown three years ago, criminals have been targeting restaurants in Kolkata and the money stolen almost never returns. While small and medium businesses are the common targets, big names like Arsalan and 6 Ballygunge Place, Mocambo and Peter Cat have also fallen prey.
“We started receiving complaints from customers just after the lockdown. We realised that a Facebook page had been created and the moment someone paid for the food via the number provided on the fake page, money from their bank accounts would disappear,” said Siddharth Kothari, owner of Mocambo, Peter Cat and Peter Hu?. It took about a couple of months before the pages were shut down with the help of the police.
Fake websites of Wow! Momo even put up advertisements for franchisee distribution and stole money from anyone who approached them. “Wow! Momo does not offer any franchisees. After some people contacted us about being cheated, we put up advertisements on our actual website and even published ads in newspapers,” said owner Sagar Daryani. Wow! Momo has registered several complaints with police cyber cells and even connected the victims with police for help. “People lost lakhs of rupees. All we know is that a gang on the Jharkhand-Bihar border has been doing all this and it is still going on,” Daryani said.
Saldanha Bakery is the latest target. In December 2022, owner Debra Alexander found out that customers were falling prey to a fake Facebook page, a website and ads on Google. The bakery contacted the police but by then the pages had been deactivated. But the problem resurfaced during the Christmas season. “We don’t have the exact number but the amount of money lost by customers should have been between Rs 20,000 and Rs 30,000. We have lodged several complaints with the Kolkata Police but they are yet to take action,” Alexander said.
What business owners must do
Cyber security expert Samiran Santra said the number of such crimes has been on the rise in Kolkata but, unfortunately, there is little business owners can do to stop this. “In most cases, the business owners have very little to do. It is the individual who must be cautious,” he said.
Santra said a few weeks ago, criminals cloned the original website of a well known tech accessories company, complete with a proper payment gateway. “It started announcing offers and duping people. I saw that and lodged a complaint with Google. Within hours, the page was taken down,” he said. Business owners must be on the lookout for fake websites and social media pages and raise a complaint with Google and the police immediately in case they spot anything amiss.
For the “chelo kebab fraud” Kothari had put out advertisements and disclaimers on the authentic social media pages of his restaurants to make people aware. “After the disclaimer was put out, the crime slowed down a bit. People would not pay anyone and call us directly to enquire about delivery,” he said.
What should customers do
For representational purposes iStock photograph
Being informed and cautious are the only ways to avoid such situations. According to cyber security experts, one must check the URL before making any payment. “It’s a matter of a Google search. If you are ordering from X company, go to that website using the proper URL,” said Sovan Malakar, a cyber-security expert and white hat (ethical) hacker. “In case of any doubt, you must call the company call centre directly and ask. This would solve many things,” Malakar added.
If the payment is already made before the user realises he has been cheated, one should immediately register a complaint with the police. “If the payment has been made via UPI, then there are ways to get back the money within an hour,” said Santra.
According to Reserve Bank of India (RBI) guidelines, a user should first report the issue of an unintentional transaction with a payment service provider like GooglePay, PhonePe, Paytm etc. You can flag your problem and ask for a refund. You can also lodge a complaint at the National Payments Corporation of India (NPCI) portal (npci.org.in). “In many cases, we have seen that the money stays in the account first paid to and then is transferred to other accounts. Once that is done, no one can do anything. But if the complaint is made within an hour of payment, then the money can be brought back,” said Santra.
Cyber hygiene
Cyber security experts say the first thing to do is to change passwords periodically. “Ideally, a password should be of 25 characters with a mixture of upper and lower case, numbers and special characters,” said Malakar.
Along with that, the phone or computer operating system should be updated regularly. “When an operating system releases an update that simply implies that they have upgraded the system by eliminating a known threat. Whenever an update is offered, opt for it,” Asish Panigrahi, a cyber security expert, added.
What police can do
Officers in the Lalbazar cyber cell agreed with the tips given by cyber cell experts and said that victims should file a complaint within the first few hours. They said until and unless the crime involves a substantial amount of money or identity threat, most incidents go unreported. “Either people do not know that these are also crimes and fall under Kolkata Police’s jurisdiction or are simply not bothered to report. However, several crimes do get reported and we do our best to solve them,” said a police officer.
According to the police, most cyber fraud gangs operate from Delhi, Jharkhand and even from fake call centres in Kolkata and other states. “Phishing calls, making clone websites and credit card frauds take place in the entire country and regardless of anything, one must lodge a complaint as soon as possible,” said the officer.