Fraud on cred account

234°
Analyst
andromeda

https://cdn0.desidime.com/attachments/photos/712940/medium/79420002021-09-20-12-21-58-44-Post-Feed-Linked-In.png?1632120998

Text copied from the post

CRED I was defrauded of Rs 40k+ today via a representative claiming to be from CRED. The sequence of events goes as such- I raise a complaint of payment delay via your official twitter account on DM, about an hour later a representative claiming to be from CRED calls up to solve my issue. What is interesting is that he has info about the exact number of cards I have, and even told me the last 4 digits of 2 cards. He asked me to perform a sequence of steps on the CRED app and that eventually culminated in him (name Sunit) getting added as a beneficiary on CRED rentpay. This is immediately followed by 2 debits of 30k and 10k. Now I have the following questions
- How does a fraudster get access to my card details?
- How does a fraudster get to know about the issue I am facing?
- How fragile is your security infrastructure that it can be cracked by anyone? And to think we are trusting you with features like Rent Pay?
Kunal Shah #security #databreach #cybersecurity
Update: All I have received from CRED till now is a bland email stating that my account has been deactivated and I can reactivate it once I put a cyber cell complaint. They did not have anything to say on the breach or if they would even investigate the matter. For them it’s “your problem, you solve it”. Absolutely zero liability

Link to the post: https://www.linkedin.com/feed/update/urn:li:act...

Dimers aka Sherlocks put your hats on!

16 Comments  |  
14 Dimers
  • Sort By
Trailblazer Trailblazer
Link Copied

Why he Added Beneficiary joy  on CRED Rentpay? Khud Galti Karo fir Blame Karo, I know Companies will not listen to our Words until we have some powers or internal connection.

The Guy has Lost its money and also by Looking at his Profile,he seems to very known about How things works in CRED and all! Then,why did he do it? Without adding beneficiary and Entering OTP,The Amount can’t be Transferred!


I am saying this 1000+ times,that do not Complaint on twitter like Tweet them,instead of that you should Simply DM them! What do you think,are you the only one along with tag person that is viewing the Tweet,No! Do not share any Personal and confidential information in DM also expressionless

Analyst Analyst
Link Copied
shraaj wrote:

Why he Added Beneficiary joy  on CRED Rentpay? Khud Galti Karo fir Blame Karo, I know Companies will not listen to our Words until we have some powers or internal connection.

The Guy has Lost its money and also by Looking at his Profile,he seems to very known about How things works in CRED and all! Then,why did he do it? Without adding beneficiary and Entering OTP,The Amount can’t be Transferred!


I am saying this 1000+ times,that do not Complaint on twitter like Tweet them,instead of that you should Simply DM them! What do you think,are you the only one along with tag person that is viewing the Tweet,No! Do not share any Personal and confidential information in DM also expressionless

I went through the all the comments in the main post, and things doesn’t add up. And time again proved common-sense is not so common.

Pro Blogger Pro Blogger
Moderator
Link Copied

This seems the guy is asking for it throughout.. so sad for his (30K + 10K)* loss.. guess all he had left with that balance, else would got looted more. pensive

Mobile Guru Mobile Guru
Link Copied

It seems to me that this person “Siddhartha Roy” was aware that something is wrong the agent (Sumit*) that contacted him to resolve the payment issues but was curious to know how things will unfold smile

Also.. he seems to be least bothered about the lost money (30+10k) but concerned about proving cred is unreliable

Deal Cadet Deal Cadet
Link Copied

He asked me to perform a sequence of steps on the CRED app and that eventually culminated in him (name Sunit) getting added as a beneficiary on CRED rentpay. This is immediately followed by 2 debits of 30k and 10k.

The amount deposited in someone’s account and it is traceable if the police take little interest!

Deal Cadet Deal Cadet
Link Copied

Same happened with me, i raised a complaint and after few time i got a call claiming they are executive from cred. After listening and agreeing on helping me the person on call said, i have raised a complaint for you(myself) and then asked me to confirm the otp. Otp was just 4 digit code and nothing was explained in msg for what is meant for. Luckily my sense worked well at that time and i refused. Later when i checked on truecaller it was from cred fraud. Made a complaint on twitter to cred that how he get info about my contact details, complaint and card last 4 digit. But as usual they didn’t respond to my query.

May be our data is not safe with them.

Analyst Analyst
Link Copied
mjuneja13 wrote:

Same happened with me, i raised a complaint and after few time i got a call claiming they are executive from cred. After listening and agreeing on helping me the person on call said, i have raised a complaint for you(myself) and then asked me to confirm the otp. Otp was just 4 digit code and nothing was explained in msg for what is meant for. Luckily my sense worked well at that time and i refused. Later when i checked on truecaller it was from cred fraud. Made a complaint on twitter to cred that how he get info about my contact details, complaint and card last 4 digit. But as usual they didn’t respond to my query.

May be our data is not safe with them.

That 4 digit code is likely the verification code to login into cred account. Even after getting the account access, they need OTP from bank for the final transaction.

Not sure if there is a databreach from cred, but fraudsters can connect the dots between available data on www, for instance data from other leaks like mobikwik/dominos etc

Deal Cadet Deal Cadet
Link Copied

Iti achchi English likh kr b koi itna gadha kaise ho skta… confused

It’s like someone told me this is a gun, and I’m gonna shoot you in the head, I said OK.

Deal Cadet Deal Cadet
Link Copied

better never use apps like cred which stores all your financial info for mere 100-500 rs

Blaze Blaze
Link Copied
deep_ wrote:

Iti achchi English likh kr b koi itna gadha kaise ho skta… confused

It’s like someone told me this is a gun, and I’m gonna shoot you in the head, I said OK.

Literacy is not equal to intelligence

Pro Shopping Friend Pro Shopping Friend
Link Copied
getready wrote:

It seems to me that this person “Siddhartha Roy” was aware that something is wrong the agent (Sumit*) that contacted him to resolve the payment issues but was curious to know how things will unfold smile

Also.. he seems to be least bothered about the lost money (30+10k) but concerned about proving cred is unreliable

Maybe sponsered by any competitor in the market.😅
Or we might expect a launch soon.😝

Deal Subedar Deal Subedar
Link Copied

I have never used Cred Rent pay. Whether OTP sms won’t mention it is for beneficiary adding ? Any sms after beneficiary added ? 2 times money deducted…with OTP or without OTP ?

Trailblazer Trailblazer
Link Copied
Expand
andromeda wrote:

That 4 digit code is likely the verification code to login into cred account. Even after getting the account access, they need OTP from bank for the final transaction.

Not sure if there is a databreach from cred, but fraudsters can connect the dots between available data on www, for instance data from other leaks like mobikwik/dominos etc

I use CRED RentPay Feature for my HDFC Credit Card, Whenever,I transfer amount via CRED Rent Pay,then even after Entering OTP and successful transaction, I get a call From HDFC Bank,that did you make a transaction,if yes then press 1!

2 STEP VERIFICATION smile

@sri222 @Ash @smz @pranavcool @deep_ @andromeda @Nighthawk69

Missing