Simpl Accounts Getting Hacked

I thought those users shared OTP in one way or other, or am I wrong?

MrMonkey wrote:

I thought those users shared OTP in one way or other, or am I wrong?

Transaction happened without any OTP.Its very dangerous.

f

Is there any way to temporarily deactivate?

There is option of 'delete account'. So, if we want to use it in future, it won't be available.

Time_Travel wrote:

Transaction happened without any OTP.Its very dangerous.

Any idea on which sites these txns are getting done? 

Most (maybe all) sites require to have same number as simpl to be able to use it 

androgame wrote:

Any idea on which sites these txns are getting done? 

Most (maybe all) sites require to have same number as simpl to be able to use it 

Twitter posts suggest that electricity bill payments, gas cylinder bookings, zomato

androgame wrote:

Any idea on which sites these txns are getting done?  

Most (maybe all) sites require to have same number as simpl to be able to use it 

their own app / portal
Simpl Pay Fraud Transaction done my Simpl Pay Account

getready wrote:
their own app / portal
Simpl Pay Fraud Transaction done my Simpl Pay Account

How is it possible to login into their app without otp  

getready wrote:
their own app / portal
Simpl Pay Fraud Transaction done my Simpl Pay Account

Just saw this on my timeline. https://twitter.com/StocksAndStoics/status/1629...

This is very dangerous. No way to temporarily turn use off

androgame wrote:

How is it possible to login into their app without otp  

Not sure. Some claiming that they shared OTP via IVR but some others denying it (call + otp share)

Should I close it ? What is everybody suggestions 

getready wrote:
Not sure. Some claiming that they shared OTP via IVR but some others denying it (call + otp share)

People are hiding, or it's a much serious bug 

Just closed mine, not worth the hassle if it gets hacked. 

androgame wrote:

People are hiding, or it's a much serious bug 

As per the CTO, all fraud transactions happened only after OTP based App login occurred.


https://twitter.com/platosingh80/status/1629729...

nilo09 wrote:


As per the CTO, all fraud transactions happened only after OTP based App login occurred.


https://twitter.com/platosingh80/status/1629729...

If this turns out to be the actual case for all fraud complaints, then Simpl isn't responsible for reversing any of these transactions. But for some reason (retaining user-base?), this CTO is assuring refund/reversal of these payments.

Time_Travel wrote:

Transaction happened without any OTP.Its very dangerous.

Transactions didn't happen without OTP. Users entered their OTP received after they received IVR based calls pretending as Simpl customer care and informing that request has been received for account modification or account logged in from other device. If you have done this transaction disconnect the call, if you haven't requested share the OTP. People shared the OTP in the IVR calls which were connected to transactions bots. 

People will not admit that they shared the OTPs although they did.

Although it is possible that their Simpl wallet was linked with the bill payments/LPG Booking Apps after the first OTP and further transactions were executed without OTP 

head_shark wrote:

Just closed mine, not worth the hassle if it gets hacked. 

How did you closed it?

It must be the otp, users shared their otp (i know they are denying for obvious reasons) , and using otp one can login to ur account easily and can perform n number of transactions till it has  limit.

:

-Bnpl are riskier only for these reasons:-

1.No location verification.

2.no unusual activity detection.

3.no transaction suspects

4. Poor or no live support.

5. No two step verification

6- no otp verification for payments.

woh cto k replies dekho cool n chill, usko account kab or kyu bnaya hai mai jada interest hai

hotchap wrote:

How did you closed it?

go to chat with us option and follow from there. 

kartikxxx wrote:

It must be the otp, users shared their otp (i know they are denying for obvious reasons) , and using otp one can login to ur account easily and can perform n number of transactions till it has  limit.

:

-Bnpl are riskier only for these reasons:-

1.No location verification.

2.no unusual activity detection.

3.no transaction suspects

4. Poor or no live support.

5. No two step verification

6- no otp verification for payments.

6th point is biggest risk. Bnpl and wallet both have this risk. Once you link account further transactions dose not need any otp - sim verification Or location verification. 

aam_aadmi wrote:

Transactions didn't happen without OTP. Users entered their OTP received after they received IVR based calls pretending as Simpl customer care and informing that request has been received for account modification or account logged in from other device. If you have done this transaction disconnect the call, if you haven't requested share the OTP. People shared the OTP in the IVR calls which were connected to transactions bots. 

People will not admit that they shared the OTPs although they did.

Although it is possible that their Simpl wallet was linked with the bill payments/LPG Booking Apps after the first OTP and further transactions were executed without OTP 

The transactions have been done from within billbox itself on the simpl app

Bk100 wrote:

6th point is biggest risk. Bnpl and wallet both have this risk. Once you link account further transactions dose not need any otp - sim verification Or location verification. 

Their whole business model is based on "single click payment"  

anantnitish wrote:
Their whole model is based on "single click payment"

Single click fraud. 😜😂

avgn wrote:

The transactions have been done from within billbox itself on the simpl app

As reported by victims on twitter, Simpl fraudulent transactions have also happened for 3rd party merchants such as Barbeque nation (Razor pay), Drink Prime (Bengaluru) etc.

Though most of the transactions are directly from Simpl app.

The more scary part is that in the 2nd series of IVR calls received by me they announced "your Simpl account has been logged in from another device with user name <my mobile number> and password <an old password used by me some years ago>" 

Don't remember whether in initial days Simpl had any password based access.

Fraudsters have also access to additional information about their prospective victims 

avgn wrote:

The transactions have been done from within billbox itself on the simpl app

Yes, looks like that.

Otp is shared only once and fraudsters login to account and use billbox till limit exhaust.

aam_aadmi wrote:

As reported by victims on twitter, Simpl fraudulent transactions have also happened for 3rd party merchants such as Barbeque nation (Razor pay), Drink Prime (Bengaluru) etc.

Though most of the transactions are directly from Simpl app.

The more scary part is that in the 2nd series of IVR calls received by me they announced "your Simpl account has been logged in from another device with user name <my mobile number> and password <an old password used by me some years ago>" 

Don't remember whether in initial days Simpl had any password based access.

Fraudsters have also access to additional information about their prospective victims 

Razorpay gateway now asks otp to retrieve payment modes linked to mobile number then how is this possible without otp on third party merchant using razorpay gateway

insta wrote:

Razorpay gateway now asks otp to retrieve payment modes linked to mobile number then how is this possible without otp on third party merchant using razorpay gateway

Not sure if in the Barbeque nation app, multiple OTP are required for each transaction after once Simpl account is linked. Only the payments may be getting processed thru Razorpay gateway. However one victim had all his Simpl fraudulent transactions on barbeque nation itself

Account closer request placed successfully