A homemaker received an email with what looked like a flight ticket that she never purchased.
The purported e-ticket said her seat was booked with an airline for travel 10 days from the date of receipt of the email and that she was travelling from Kolkata to Delhi. The e-ticket bore her name with the right spelling and her mobile number.
The email that had multiple hyperlinks raised suspicions and prompted the recipient, Nandini Mukhopadhyay, to lodge a complaint with the cybercrime cell at Lalbazar.
Police said after a preliminary investigation that the mail seemed to be a “phishing mail”, which was sent with the aim to get malware installed in Mukhopadhyay’s phone to gain access to her bank details.
“This appears to be a new method to cheat people by luring them with fake flight tickets,” said a police officer.
Mukhopadhyay, who lives in South City, told The Telegraph she received the e-ticket on May 14.
“The email was sent by a travel agency and had a flight ticket attached to it. It had my name and personal number. The ticket mentioned that the purported flight from Kolkata to Delhi was on May 24,” Mukhopadhyay said.
The ticket also mentioned that it had been purchased for Rs 13,949.
As Mukhopadhyay had not purchased the ticket, she did not click any link for cancellation and instead decided to report the matter to the police.
“As neither I nor any other family member had purchased the ticket, we decided to report the matter to the police straightaway,” Mukhopadhyay said.
After the cybercrime cell of the Kolkata police started a probe, it emerged that the email was sent from a server located in Colorado in the United States.
“We have written to the internet service provider concerned seeking the Internet Protocol address of the sender of the email. That would help us track down the sender,” said an officer.
A senior police officer at Lalbazar said on Monday the email appeared to be a phishing mail.
Phishing is a fraudulent activity to fish out personal details of the persons fraudsters are targeting by sending them emails that resemble emails from genuine companies.
“In this case, the fraudster used the logo of a reputable airline to make it look authentic. Had the recipient tried to cancel the flight or get a refund by clicking on any of the hyperlinks in the mail, it could have compromised her personal details,” said the officer.
This newspaper reported a few days ago that fraudsters have started using APK — android programming kit — to surreptitiously install malware in a phone or a laptop to gain remote access to the device.
“Once the remote access to the victim’s phone or laptop is established, the fraudsters can literally control financial transactions of the person through his or her phone or laptop,” the officer said.