URGENT- Financial Fraud of 70k (Flipkart)

deb4O5 wrote:

Flipkart later service providing bank is the one can help you with, but i have no idea how to go with these paylater services unlike cc, they must have some fraudulent measures at place similar to chargeback. Stress them much with your fir.

And ask flipkart people to unblock your account with access to your email/ phone only if they ain’t help you with any proper help. Try approaching with police fir/ note from police to get the details out from Flipkart (need to work that out with police guys).  Then they should help.

As @getready said above, they can block the IMEI (if the culprits have not done advance level rooting to that device yet) and these people can only try to sell in grey market only. So high chances of getting caught and getting back the refund, albeit everyone works timely.. and we know how it works s in our country.

Such a big trouble for a little carelessness, maybe.

Flipkart helped with invoices. Said they cant help with IMEI number or delivery guy details. 
I am baffled by this fraudster, like did he think he’ll simply get away with this and not be pursued.

Good thing is Seller, buyer and my friend all are in Delhi only.

tappukepapa wrote:

No option to chat, Only call back option is there.

I just checked, it’s Still there.
I also got mine closed last year using chat support

xxxyyyzzz wrote:

Flipkart helped with invoices. Said they cant help with IMEI number or delivery guy details. 
I am baffled by this fraudster, like did he think he’ll simply get away with this and not be pursued.

Good thing is Seller, buyer and my friend all are in Delhi only.

Lot of dimers are also from Janak puri area from where the product is shipped.

xxxyyyzzz wrote:

I just checked, it’s Still there.
I also got mine closed last year using chat support

Will check in morning time. But chat should be always there. Any Email to contact?

xxxyyyzzz wrote:

Flipkart helped with invoices. Said they cant help with IMEI number or delivery guy details. 
I am baffled by this fraudster, like did he think he’ll simply get away with this and not be pursued.

Good thing is Seller, buyer and my friend all are in Delhi only.

The buyer address, how does it look?
Incomplete like the ones mentioned in this thread?
My flipkart account hacked | DesiDime

tappukepapa wrote:

No option to chat, Only call back option is there.

use FlipKartSupport on twitter use DM 

getready wrote:

The buyer address, how does it look?
Incomplete like the ones mentioned in this thread?
My flipkart account hacked | DesiDime

Yeah,
similar with just lane number, area and Pincode.

Mother###er also bought a few chocolates 😅

xxxyyyzzz wrote:

Yeah,
similar with just lane number, area and Pincode.

Mother###er also bought a few chocolates 😅

That’s bad news then 😌
Its fake : Address & Mobile number

tappukepapa wrote:

Will check in morning time. But chat should be always there. Any Email to contact?

Did not try through e-mail as it was sorted through chat only.

guest_999 wrote:

I have 10 CC saved on amazon & never once faced an issue. If you don’t follow proper security guidelines then even a 100% offline acc will not be able to save you from fraud.

Completely agree, my Amazon account was compromised in early 2020 (one of the primary reasons why I joined DD) due to a common password (even though it was a really strong one) shared on another similar website having financial transactions. Good thing was the hacker/attacker was a foreign entity and ordered stuffs using the UK site and using other’s compromised CCs (carding), so Amazon Fraud/Security team helped me immediately on priority and reverted back all account/security actions done by him without any hassle.
That day I realized, no matter how strong the password is, if it’s common with another site, there’s a high risk to get compromised. Also 2FA is a must for any financial transactions related site, and primary email and similar important stuffs (cloud storage, etc.).

invisible007249 wrote:

use FlipKartSupport on twitter use DM 

Not using Twitter

guest_999 wrote:

I have 10 CC saved on amazon & never once faced an issue. If you don’t follow proper security guidelines then even a 100% offline acc will not be able to save you from fraud.

Cards are still safe as otp is needed…. But pay later is khuli tijori

BlueFlash wrote:

Completely agree, my Amazon account was compromised in early 2020 (one of the primary reasons why I joined DD) due to a common password (even though it was a really strong one) shared on another similar website having financial transactions. Good thing was the hacker/attacker was a foreign entity and ordered stuffs using the UK site and using other’s compromised CCs (carding), so Amazon Fraud/Security team helped me immediately on priority and reverted back all account/security actions done by him without any hassle.
That day I realized, no matter how strong the password is, if it’s common with another site, there’s a high risk to get compromised. Also 2FA is a must for any financial transactions related site, and primary email and similar important stuffs (cloud storage, etc.).

Even banks like IDFC and Indusind net banking don’t have 2fa. Do you use password managers now?
Because remembering separate passwords for each and every site is not practical.

24karat wrote:

Cards are still safe as otp is needed…. But pay later is khuli tijori

Slice is also pay later but it needs OTP. So is it safe?

Flipkart Pay later does not send OTPs (like CCs) before completing the transaction?

hpgramani wrote:

Flipkart Pay later does not send OTPs (like CCs) before completing the transaction?

yes..I’m about to ask this.

they should send OTP for a transaction of amount 70k.

Tekk wrote:

yes..I’m about to ask this.

they should send OTP for a transaction of amount 70k.

What you said are general assumptions; the otp should come, the delivery guy should call him before delivering, Flipkart should send delivery timelines, idfc should call to confirm this unusual spend transaction.

Maybe the fraudster exploited some flaw. Usually, Flipkart spams about order details, delivery timeline after you order something.

In this case, he came to know about this from pay later EMI statement.

xxxyyyzzz wrote:

Even banks like IDFC and Indusind net banking don’t have 2fa. Do you use password managers now?
Because remembering separate passwords for each and every site is not practical.

You MUST use different/unique passwords for all financial transactions related websites at the least (and preferably for others too)

There’s 2 ways to do it:

1st is the one that you will find 99% on the internet, saying that use a password manager like BitWarden and all, which are pretty secure; However I personally (and the rest 1%) don’t use that; it has a single point of failure, what if your master password itself gets leaked/compromised; and yes it happens, even with the most secure password managers (LastPass was hacked in 2015 ke around, and some more)

2nd way is to use a “pattern” password. Step1 is to think of a master password like say P@s$w0rD (just an example, don’t use this XD), Step2 is to combine this with each website that you want to signup/login to; so say for amazon your password will be P@s$aMzw0rD, for flipkart it can beP@s$fLpw0rD, for hdfc it can be P@s$hDFcw0rD and so on… be creative, take some time to finalize on a master passphrase, and then some more time to finalize on the pattern (maybe don’t put in between, but rather alternative letters, or whatever); Once you have mastered it there’s no way going back; I personally use this pattern password concept to manage my 10+ bank accounts and even for my cc/dc pins (in case of cards, use a pattern combination from card number, expiry date, cvv);

Refer this on similar lines: https://security.stackexchange.com/questions/12... ; Obviously if some pro-hacker makes you his sole target (targeted attack), then even this won’t be sufficient; nothing can help in those scenarios; but I believe no one will do a targeted attack on you unless you are some super-ultra HNI, or some really big political/public figure worth hacking for.

Same mere friend k sath hua tha uske Amazon pay later se kisi ne 5000 ka order book kar dia tha
But usko message a gaya tha aur Amazon me delivery bhi 5-6 bad hoti hai usne jaldi se action le lia tha

Adding 2 cents, flipkart should not allow flipkart quick for high value billed amount (say 10k) or that the high threshold can be set by user. This way frauds like this can be avoided.

BlueFlash wrote:

You MUST use different/unique passwords for all financial transactions related websites at the least (and preferably for others too)

There’s 2 ways to do it:

1st is the one that you will find 99% on the internet, saying that use a password manager like BitWarden and all, which are pretty secure; However I personally (and the rest 1%) don’t use that; it has a single point of failure, what if your master password itself gets leaked/compromised; and yes it happens, even with the most secure password managers (LastPass was hacked in 2015 ke around, and some more)

2nd way is to use a “pattern” password. Step1 is to think of a master password like say P@s$w0rD (just an example, don’t use this XD), Step2 is to combine this with each website that you want to signup/login to; so say for amazon your password will be P@s$aMzw0rD, for flipkart it can beP@s$fLpw0rD, for hdfc it can be P@s$hDFcw0rD and so on… be creative, take some time to finalize on a master passphrase, and then some more time to finalize on the pattern (maybe don’t put in between, but rather alternative letters, or whatever); Once you have mastered it there’s no way going back; I personally use this pattern password concept to manage my 10+ bank accounts and even for my cc/dc pins (in case of cards, use a pattern combination from card number, expiry date, cvv);

Refer this on similar lines: https://security.stackexchange.com/questions/12... ; Obviously if some pro-hacker makes you his sole target (targeted attack), then even this won’t be sufficient; nothing can help in those scenarios; but I believe no one will do a targeted attack on you unless you are some super-ultra HNI, or some really big political/public figure worth hacking for.

Very helpful stuff u shared.

Will change all of my passwords today and set transaction limits (as suggested by @Scorpion )on all types of cards, Internation transactions are always disabled.

So far, I haven’t been a victim of a compromised account as I regularly change passwords and do google password safety checks but it’s better to be safe than sorry.

1. Try connect with any one of your friend who is in police. He can help you for faster process. Find some contacts.
2. Chargeback file karo asap
3. Also tag cyber police and police of your state on twitter.

Wander-lust wrote:

1. Try connect with any one of your friend who is in police. He can help you for faster process. Find some contacts.
2. Chargeback file karo asap
3. Also tag cyber police and police of your state on twitter.

Chargeback on pay later?

IDFC loan support helpline doesn’t even work after 6 PM 😶

File FIR on Cyber Police asap and Chase Flipkart on twitter

xxxyyyzzz wrote:

Chargeback on pay later?

IDFC loan support helpline doesn’t even work after 6 PM 😶

Not sure but they have payment dispute mechanism.

hpgramani wrote:

Adding 2 cents, flipkart should not allow flipkart quick for high value billed amount (say 10k) or that the high threshold can be set by user. This way frauds like this can be avoided.

This is very debatable. 
Everyone wants faster delivery naa. 

This was one of the reasons i closed all my paylater services earlier i used to have flipkart paylater, amazon paylater, paytm postpaid etc but now i have closed all these and also maintain safe distance from credit line services like slice. In my view in today’s time everyone who is going digital can face these frauds

@xxxyyyzzz @prem4998 @scorpion

Lets say i don’t have any paylater services and if don’t save any of my cards in any application i.e, enter it manually everytime which is possible will this help us even a little bit. What i am thinking is if we don’t save card details in applications online than how can someone do fraud with it unless he have all the information available from elsewhere

rahulsoni0706846 wrote:

@xxxyyyzzz @prem4998 @scorpion

Lets say i don’t have any paylater services and if don’t save any of my cards in any application i.e, enter it manually everytime which is possible will this help us even a little bit. What i am thinking is if we don’t save card details in applications online than how can someone do fraud with it unless he have all the information available from elsewhere

Fraud is a broad term bro, steps you mentioned can only assure a sense of security to a certain level.

I have read various posts in dd about Amex fraudulent transactions occurring out of nowhere. Their support is good, that’s why people prefer amex or say Citi.

https://www.desidime.com/discussions/urgent-hel...

This is also a type of fraud, desilokesh said sbi won’t help

Your details (unlikely) but can be compromised in many ways

xxxyyyzzz wrote:

This is very debatable. 
Everyone wants faster delivery naa. 

Security and Convenience are becoming mutually exclusive these days.