Several fraudulent advertising accounts are using Facebook's platform to masquerade as those from Flipkart, a BOOM investigation reveals after we scrutinised information from Facebook's ad library. These advertisements are finding their way to users' timelines, and resemble Flipkart's interface closely, which could prey on inexperienced users of e-commerce. BOOM followed and documented the process; with these adverts luring customers through lucrative deals on "phones" and other "appliances" - by discounts ranging from 90% to 97% marketed as a special discount or a lockdown sale - these ads use PhonePe and other United Payments Interface (UPI) enabled apps, and even RazorPay, to collect their payments.
BOOM concluded the transaction on one deal and was able to get one such scamster's bank account and account name.
Further, these advertisements, and the advertising pages selling them have been setup only recently. Majority of the advertisers and advertisements recorded by BOOM from the ad library were setup mid-to-late June of this year.
BOOM first discovered these ads appearing on Facebook timelines after browsing through Flipkart on its app and using their website to look at a number of appliances, including mobile phones and television. Prima facie, these ads look like those of Flipkart itself. This was until BOOM visited Facebook's ad library and after using keywords such as 'Big Billion', 'Flip Deal', 'Flip Kart' and 'Flip Shop', found at least 12 advertisers who were putting up misleading ads masked as Flipkart.
BOOM also found more such pages on Facebook, but they were not running any ads at the time of writing this story.
While some of these ads lead users directly to questionable websites resembling Flipkart, some ads first directed users to an equally questionable intermediary website before showing the final scam webpage, with others having their links broken.
In a comment to BOOM, Flipkart said that they are continuously identifying and taking action against such content, and are educating their customers so that they do not fall for such fraud. Facebook, in a comment to BOOM, said that fraudulent activity is treated in accordance with its community standards.
But how do these ads work and how can they be spotted? Here's our investigation
Appearing on your Facebook timeline
These ads first appear on your Facebook timeline. They look like any Flipkart advertisement, carrying a Flipkart thumbnail. The images may display celebrities linked with Flipkart such as Deepika Padukone, Amitabh Bachchan and Alia Bhat, and often carry an offer with a tempting discount rate. What sets these ads apart from those that are genuinely posted on Facebook by Flipkart is the verified sign accompanying genuine ads.
Facebook ads carry an 'About This Content' option in the bottom of their ads. One such fake page, however, linked their misleading ad to Flipkart's verified page.
Where does it lead to?
The websites closely resemble those found on the mobile versions of Flipkart. However, one giveaway on these websites are its poor interface compared to the original Flipkart website and are restricted to selling only a finite number of "appliances", which may include mobiles, and even laptops and washing machines that are displayed on its first page. These goods are accompanied with steep discount percentages.
Another way to identify a fraud website is the lack of optimisation for desktop versions of the web. When accessed through a desktop, these websites maintain their resemblances to a mobile display stretched across a bigger screen size.
The biggest giveaway is URL of these websites, which does not mention Flipkart. URL's of these websites discovered by BOOM include:
- 60dukan.xyz, with its archive here, resembles Flipkart the closest
offernoffer.xyz, with its archive here, is a resemblance of Flipkart's homepage
- Flipkartcomshopbuy.com, with its archive here, which is a relatively crude resemblance of Flipkart
- best-autoinsurancez.com, with its archive here, that exactly resembles the the website mentioned above.
- big-saving-days.xyz, with its archive here
Flipkart's genuine URL is Flipkart.com.
Entering your details
On choosing the product one wants to purchase, the website displays the products for confirmation and then leads one to fill in details like address, telephone number, pin code, name and state.
The websites, except for 60dukan.xyz, were not particular about what one entered in which field. For instance, you can enter an alphabet in the space reserved for mobile number and pincode. Users can even proceed to the next page without filling in even a single entry, except again on 60dukan.xyz.
Flipkart's website does not permit such entries. For example, the text field for entering one's mobile number does not accept alphabets as input.
Finally, where is the money going?
BOOM followed through paying Flipkartcomshopbuy through an isolated bank account. This, and best-autoinsurancez are two websites which, as mentioned above, resemble each other and even accept payments through the same channels and to the same recipient account.
Both these website were accepting payments only through PhonePe's UPI feature, or through UPI, which opened through any UPI app on your phone, including that of your bank account.
The recipient had a bank account with PayTM Payments Bank, as was evident through the UPI handle 'flipkartmall36@paytm'.
After following through with the transaction on this website, BOOM found that the linked account number was 018815037807 linked to one 'Tularam Adiwasi'
But not all these pages have the same accounts. 60dukan.xyz was more cautious, and only accepted payments through RazorPay. While making the transaction, one was not alerted of the ultimate beneficiary as all payments, through UPI or credit card, was going to the credit of RazorPay.
Flipkart and Facebook respond
Flipkart, however, seems to be aware of these pages and practices. BOOM sought a statement from Flipkart on the issue, and a company's spokesperson responded:
"We have a robust continuous process in place to monitor, identify and take legal action against fake/lookalike domains, phishing sites and fraudulent websites, ads, apps and social media pages that attempt to bring disrepute to Flipkart by impersonating our brand and thereby cheating and defrauding our customers and the public at large. In addition to proactively monitoring for fraudulent activities, we also investigate all reported instances of fraudulent practices that come to our attention. Following due diligence, we hand over such cases to the concerned law enforcement authorities."
The statement added that Flipkart also undertakes educational efforts to keep its customers well-informed against frauds like these. As an example, the spokesperson shared with BOOM this roundup on Flipkart Stories of popular online frauds they face, quite a few of which are reflected in the websites uncovered by BOOM.
BOOM also reached out to a spokesperson of Facebook, who said, "Fraudulent activities are strictly forbidden on Facebook, and are actioned in accordance with our Community Standards and policies."
These scam ads on Facebook seems to have caught the attention of law enforcement too. Snehasis Chaudhary, CO of the cyber cell in West Bengal's Purba Bhardhaman district has posted this education video against these ads dated June 30.