Even as the adoption of EVs burgeon in India, thanks to the many helpful initiatives of the Central and the various State governments, worryingly, a new report has found out that scamsters are exploiting online ads to lure users to EV phishing sites that collect users’ data and money.
Over 200 phishing and scam sites have reportedly tricked users into giving their personal data to fake investments schemes impersonating genuine brands.
According to an investigative report by the Singaporean security company CloudSEK, the online fraud relies upon the abuse of Google Ads and SEO to draw victims to hundreds of fake websites targeting the Indian audience.
The company said "with each site defrauding users of Rs 200,000—400,000, in booking fees and down payments, the scam has so far cost the Indian public over Rs 40—80 Million (about $1 Million)."
- India launch date of 2022 MG ZS EV is out
- Hero MotoCorp, BPCL partner to set up charging infra for EVs
- India sees electric vehicles register record numbers
EV sector targeted since Aug 2021
The CloudSEK report says there is a shift in the focus of phishing actors, who seem to have abandoned banking and finance sector in favour of EV companies ever since governments here started making EVs a priority sector of sorts (from around August 2021).
“In addition to existing automotive companies, over 399 start-ups are currently working on electric vehicles and related products and services. Hence it comes as no surprise that the scams targeting these companies have skyrocketed. This is evident by the surge in phishing sites targeting the EV sector, which increased considerably after the production-linked incentive scheme, for electric and hydrogen fuel cell vehicles, was approved by the Indian cabinet in September 2021,” the CloudSEK investigative report said.
The scammers, typically, entrap potential victims by abusing Google Ads, stuffing their bogus sites with keywords, and mimicking well-known brands like Ather. The cheaters also simply copy the content, style, layout, and all images of the legitimate site and create clones.
How the scamsters operate?
The con sites also build fictional marketplaces using generic terms like "ebike," to supposedly offer products from multiple brands. Visitors of these websites are instructed to enter their full names, contact numbers, email addresses, and physical address to register on the platforms.
"Once they have completed the registration, the scammers ask them to pay the fee required to become an EV dealer or purchase a product on the site," the report said. The victims also unwittingly part with their banking details.
The report while saying that there were 200 active phishing domains, also added that new sites quickly replace the ones taken down.
CloudSEK has reportedly shared the phishing domains list with Google to help stop the ads abuse.
CloudSEK also believes that such phishing scams can directly impact the EV sector and the automobile companies involved in it.
Want to know about the latest happenings in tech? Follow TechRadar India on Twitter, Facebook and Instagram!
