Hot Deal

URGENT- Financial Fraud of 70k (Flipkart)

2071°
Finance Ninja
xxxyyyzzz
Hi guys,
My friends Flipkart account was compromised today.
At work, he Recieved an email saying 70k emi transaction was done using Flipkart pay later emi.

On calling customer care, he was informed that someone had bought iPhone using Flipkart quick and product was also delivered.
He's locked out of his Flipkart account.

Please suggest what to do next.
I have asked my friend to lodge fir in the meantime.

Lending partner is idfc i Think



"@guest_999":https://www.desidime.com/users...83
Expired
177 Comments  |  
56 Dimers
  • Sort By
Deal Cadet Deal Cadet
Link Copied

Amazon paylater literally asks for just PAN number while using it. Nothing else.
Thinking to get rid of it now.. rolleyes

Deal Cadet Deal Cadet
Link Copied

Flipkart doesn’t have 2 factor authentication?

Critic Critic
Link Copied
Expand
jain01010199 wrote:

Can you throw some light on security guidelines?
Like apart from having a strong pwd, what else can we do?
Maybe setting up individual txn limit?

1. Don’t use rooted mobiles & apk/non-essential/shady apps unless you claim yourself to be somewhat of an expert in these things.
2. Don’t use same email for android phone & bank/shopping sites(it reduces one factor of threat in case mobile itself gets compromised due to some malware).
3. Always keep your pc laptop windows updated(incl windows defender in windows 10 or 11) & use a good antivirus(if using windows 8, don’t do anything important on win 7 systems nowadays).
4. Always enable 2FA wherever available & use separate emails/usernames for different categories of sites like shopping, forums, banks etc.
5. Stay away from any paylater type pretend credit card services, there is a reason such services are cheaper than regular credit cards which is you get what you pay for(think of buying a cheap unbranded generic electrical plug vs a top brand like GM electrical plug, both will work but you know which is more dangerous in the long term). Even if these services started otp for txns I still wouldn’t take them no matter how much discount I am losing.

Benevolent Benevolent
Link Copied
Expand
getready wrote:

The buyer address, how does it look?
Incomplete like the ones mentioned in this thread?
My flipkart account hacked | DesiDime

thode din pehle one guy came to office to deliver a packet of a colleague.he was holding another packet which he kept on my table,name written was chavanprash.i asked, the delivery person said sir choro aapne kya karna. delivery vale mile hote ha.

Deal Cadet Deal Cadet
Link Copied

I think fraudsters maybe someone around your friend.. Its also possible they may know each other..

Deal Subedar Deal Subedar
Link Copied
Expand
guest_999 wrote:

1. Don’t use rooted mobiles & apk/non-essential/shady apps unless you claim yourself to be somewhat of an expert in these things.
2. Don’t use same email for android phone & bank/shopping sites(it reduces one factor of threat in case mobile itself gets compromised due to some malware).
3. Always keep your pc laptop windows updated(incl windows defender in windows 10 or 11) & use a good antivirus(if using windows 8, don’t do anything important on win 7 systems nowadays).
4. Always enable 2FA wherever available & use separate emails/usernames for different categories of sites like shopping, forums, banks etc.
5. Stay away from any paylater type pretend credit card services, there is a reason such services are cheaper than regular credit cards which is you get what you pay for(think of buying a cheap unbranded generic electrical plug vs a top brand like GM electrical plug, both will work but you know which is more dangerous in the long term). Even if these services started otp for txns I still wouldn’t take them no matter how much discount I am losing.

If i follow 4 of using different email ID or usernames, what’s a safe place to store all this data

Any normal Internet user will have 20-30 logins (banks, Ecom sites, other apps)

Then where to keep such data and password.

Even Bank every 3-6 months ask to change our passwords. It becomes tough to remember and manage so many IDs.

Add to that some times our age people are also now handling our parents, siblings’ accounts which makes things even more trickier.

How to manage so much info overload?

I end up using forgot password almost always

Generous Generous
Link Copied
rahulsoni0706846 wrote:

@xxxyyyzzz @prem4998 @scorpion

Lets say i don’t have any paylater services and if don’t save any of my cards in any application i.e, enter it manually everytime which is possible will this help us even a little bit. What i am thinking is if we don’t save card details in applications online than how can someone do fraud with it unless he have all the information available from elsewhere

It’s less about saving card numbers online but more about how we use our personal devices. Websites we visits, links we click, files we download, etc., Even apps like Dream11 can do such things if we give permission. But it’s less likely to happen.

I would not call it simple, but one thing I do is I keep my savings account balances below 50k and keep per-transaction limits on my cards below 25k and no paylater services or neo banks. This too will only reduce the level of fraud but not prevent it.

If you really concern about online frauds and want to prevent it completely then do this
1. Use a feature phone with no internet connectivity
2. Disable your wifi adapter in laptop(cello-tape your ethernet port)
3. Surrender your broadband
4. Do not use friend’s hotspot

Just stop using internet at all. Not possible na? Same way preventing these kinds of frauds are not possible.

Deal Subedar Deal Subedar
Link Copied

Why people even use pay later I have no idea

Its a freakin personal loan , not pay later 

The impact it has on cibil is disastrous , not to mention they open a new loan account for every purchase 

Helpful Helpful
Link Copied
Expand
prem4998 wrote:

It’s less about saving card numbers online but more about how we use our personal devices. Websites we visits, links we click, files we download, etc., Even apps like Dream11 can do such things if we give permission. But it’s less likely to happen.

I would not call it simple, but one thing I do is I keep my savings account balances below 50k and keep per-transaction limits on my cards below 25k and no paylater services or neo banks. This too will only reduce the level of fraud but not prevent it.

If you really concern about online frauds and want to prevent it completely then do this
1. Use a feature phone with no internet connectivity
2. Disable your wifi adapter in laptop(cello-tape your ethernet port)
3. Surrender your broadband
4. Do not use friend’s hotspot

Just stop using internet at all. Not possible na? Same way preventing these kinds of frauds are not possible.

Nice explanation looks like unlike thanos this is inevitable 😅😅

Benevolent Benevolent
Link Copied
Expand
saymyname78 wrote:

Lots of pay latter , credit cards , wallets … everywhere loots and scam going on . 

Actually too much fun horah h ajkal…
Lekin 70k seriously sad

Critic Critic
Link Copied
Expand
jain01010199 wrote:

If i follow 4 of using different email ID or usernames, what’s a safe place to store all this data

Any normal Internet user will have 20-30 logins (banks, Ecom sites, other apps)

Then where to keep such data and password.

Even Bank every 3-6 months ask to change our passwords. It becomes tough to remember and manage so many IDs.

Add to that some times our age people are also now handling our parents, siblings’ accounts which makes things even more trickier.

How to manage so much info overload?

I end up using forgot password almost always

Use all gmail but with otp/2fa enabled. For username simply use a common base suffixed with some site name to identify(like jain007flipkart,jain007amazon, etc).

Use common passwords but for each category(for example all banking sites password is Ja1noosevensbi,Ja1noosevenhdfc etc while for all shopping sites it is simple to remember Jainpass007. Keep 2fa enabled for any sites wherever available).

For regular bank password change simply change password every month by adding month number at the end of it so in march it is Ja1noosevensbi3, in apr Ja1noosevensbi4 etc.

Similar can be applied to parents & siblings’ acc.

Deal Lieutenant Deal Lieutenant
Link Copied

If someone bought iphone he is most illiterate person as iphone can be locked with proper security in case of such fraud.

please lodge an fir and report properly with bill download from Flipkart app 

fraudster phone can be tracked easily within a day

Generous Generous
Link Copied

Flipkart allowed 70k transaction without sms otp
Really bad

Deal Subedar Deal Subedar
Link Copied

rbi is just a showpiece. rbi is like pay later service, complaint now and get a reply after a month.

The first contact should be made to flipkart, then apple then IDFC then other so-called complaint forums/helplines. Since the product is delivered so this will be the contact flow.

Deal Subedar Deal Subedar
Link Copied
Smiling wrote:

If someone bought iphone he is most illiterate person as iphone can be locked with proper security in case of such fraud.

please lodge an fir and report properly with bill download from Flipkart app 

fraudster phone can be tracked easily within a day

the scammer would have sold the phone already on TG or olx so the unsuspecting buyer will be the one who will suffer the consequences wink

Deal Subedar Deal Subedar
Link Copied
chota_chattri wrote:

rbi is just a showpiece. rbi is like pay later service, complaint now and get a reply after a month.

The first contact should be made to flipkart, then apple then IDFC then other so-called complaint forums/helplines. Since the product is delivered so this will be the contact flow.

what is the sense in contacting apple directly right now? wink

Deal Captain Deal Captain
Link Copied
Expand
saymyname78 wrote:

And the worst thing is , once the scam is done … you will get no help/support from anyone … be it banks or ecom portals or so called RBI protection … things are getting real messy . 

Just like FSSAI stamp, everything is good until nothing happens. Bhagwan bharose.

Deal Subedar Deal Subedar
Link Copied
Expand
PoundCake wrote:

what is the sense in contacting apple directly right now? wink

Buy an apple device and you’ll know 😊

They can do what you’re not even thinking they can do. Or Atleast they will entertain better than our so-called govt. helplines and with a chat support as well🤭

I have recovered a stolen phone by the help given by them. Flipkart is the culprit here though So I have asked to contact them first.

Finance Ninja Finance Ninja
Link Copied
Expand
guest_999 wrote:

1. Don’t use rooted mobiles & apk/non-essential/shady apps unless you claim yourself to be somewhat of an expert in these things.
2. Don’t use same email for android phone & bank/shopping sites(it reduces one factor of threat in case mobile itself gets compromised due to some malware).
3. Always keep your pc laptop windows updated(incl windows defender in windows 10 or 11) & use a good antivirus(if using windows 8, don’t do anything important on win 7 systems nowadays).
4. Always enable 2FA wherever available & use separate emails/usernames for different categories of sites like shopping, forums, banks etc.
5. Stay away from any paylater type pretend credit card services, there is a reason such services are cheaper than regular credit cards which is you get what you pay for(think of buying a cheap unbranded generic electrical plug vs a top brand like GM electrical plug, both will work but you know which is more dangerous in the long term). Even if these services started otp for txns I still wouldn’t take them no matter how much discount I am losing.

I used to hate Hsbc, Sbi, Citi, Scb for asking OTP for every login, now I wish every bank had that (at least optional if not mandatory).

Inferno Inferno
Link Copied
Expand
xxxyyyzzz wrote:

I used to hate Hsbc, Sbi, Citi, Scb for asking OTP for every login, now I wish every bank had that (at least optional if not mandatory).

Also one point I want to add.
Instead of OTPs, register for VBV whenever possible. Only u know the password to approve a transaction.

Edit: After seeing this incident i have disabled even domestic txns for all my cards except 2 cards which iam using daily. But set txn limit as 5000 for those 2 cards.

@xxxyyyzzz

Finance Ninja Finance Ninja
Link Copied
rahulsoni0706846 wrote:

This was one of the reasons i closed all my paylater services earlier i used to have flipkart paylater, amazon paylater, paytm postpaid etc but now i have closed all these and also maintain safe distance from credit line services like slice. In my view in today’s time everyone who is going digital can face these frauds

I also closed all my pay later services (Paytm pp, amazon pl, zest, FK pl, Bajaj) last year but didn’t recieve NOC from any 🙁.


Today called 1860-500-9900 (FK pay later idfc), in IVT 1st option was NOC, opted and noc pdf link was sent instantly

Helpful Helpful
Link Copied
Expand
xxxyyyzzz wrote:

I also closed all my pay later services (Paytm pp, amazon pl, zest, FK pl, Bajaj) last year but didn’t recieve NOC from any 🙁.


Today called 1860-500-9900 (FK pay later idfc), in IVT 1st option was NOC, opted and noc pdf link was sent instantly

apart from bajaj finserv i have taken NOC from all pay later services as for bajaj finserv i think don’t need a NOC cause i have never used it

Deal Lieutenant Deal Lieutenant
Link Copied

Here I Observed One Thing 

If U Used PayLater Regularly They Will Do LE.

In My Case I Got 30K From Amazon PayLater And Later Reduced To 15K 


Now I Closed ( Same Happened To FK PayLater )


Avoid Pay Laters ( My First Suggestion )


Regarding Passwords :

Previously I Used Same Password ( Complex One) For All Sites

One Day I Went To See The Password Check I'm Chrome, Showing As  60 +Sites Passwords Are Compromised.

Same Day I Changed All Passwords And Deleted All Saved Passwords In Chrom ( Almost 200+ Sites Passwords Deleted

Better To Use Excel Sheet For Passwords ( Don't Save This In Cloud

Password Pattern

Suppose If Ur Password Is Like " Desidime_23"

U Can Change This Password For CHROMA Site - ChDesidime_23

TataCliq - TCdesidime_23 

Like This I Set Some Unique Pattern Passwords To Every Website 

I Will Use 3-4 Patterns Of Passwords Changed From Site To Site 

Strong Advice Is :

Enable Two Factor Authentication Wherever Possible 

i Enabled 2FA In Amazon 


For CCs - 


Disable International Transactions , 

Set A Higher Limits 


Turn Off ATM Withdrawals ( Some Times U Confuse Between DC And CC) 

Eg : Millennia CC And DC Looks Like Same ( Atm Charges For CC Withdrawal) 


Dont Share Any Details With Any Of Ur Friends ( Except Trusted People) 


Advantage Of CCs : 


We Can Block CC Transaction ( It Takes Time To Process From Issuer Bank To Merchant, We Can Block The Same Transaction In Interim) 



Hope This Helps! 





Deal Major Deal Major
Link Copied
PowerStar wrote:

Here I Observed One Thing 

If U Used PayLater Regularly They Will Do LE.

In My Case I Got 30K From Amazon PayLater And Later Reduced To 15K 


Now I Closed ( Same Happened To FK PayLater )


Avoid Pay Laters ( My First Suggestion )


Regarding Passwords :

Previously I Used Same Password ( Complex One) For All Sites

One Day I Went To See The Password Check I’m Chrome, Showing As  60 +Sites Passwords Are Compromised.

Same Day I Changed All Passwords And Deleted All Saved Passwords In Chrom ( Almost 200+ Sites Passwords Deleted

Better To Use Excel Sheet For Passwords ( Don’t Save This In Cloud

Password Pattern

Suppose If Ur Password Is Like " Desidime_23"

U Can Change This Password For CHROMA Site – ChDesidime_23

TataCliq – TCdesidime_23 

Like This I Set Some Unique Pattern Passwords To Every Website 

I Will Use 3-4 Patterns Of Passwords Changed From Site To Site 

Strong Advice Is :

Enable Two Factor Authentication Wherever Possible 

i Enabled 2FA In Amazon 


For CCs - 


Disable International Transactions , 

Set A Higher Limits 


Turn Off ATM Withdrawals ( Some Times U Confuse Between DC And CC) 

Eg : Millennia CC And DC Looks Like Same ( Atm Charges For CC Withdrawal) 


Dont Share Any Details With Any Of Ur Friends ( Except Trusted People) 


Advantage Of CCs : 


We Can Block CC Transaction ( It Takes Time To Process From Issuer Bank To Merchant, We Can Block The Same Transaction In Interim) 



Hope This Helps! 





Thanks for good information. Kg+

Joke – i noted your password pattern grimacing

Deal Cadet Deal Cadet
Link Copied

Order was delivered where?
Got email after delivery?

Crowdpuller Crowdpuller
Link Copied
Expand
PoundCake wrote:

the scammer would have sold the phone already on TG or olx so the unsuspecting buyer will be the one who will suffer the consequences wink

Even if it is sold, the buyer can atleast help out reaching to seller (who actually bought from FK)

replyuser
Click here to reply
Reply