Everyone knows Paytm for its coupon codes and Offers. But from last two days people are facing many issues with the Paytm App. There were plethora of complaints going to firstname.lastname@example.org regarding mysterious money transfers from the users paytm wallet to anonymous people. Myself was one of the victim of this attack!
This incident was happened yesterday night when I was peacefully watching the IPL match between CSK and MI. Suddenly, I got a mail from email@example.com as shown below:
I was surprised! I don’t even know who the hell Prakash was. I called to the number mentioned in the mail. Here is the conversation:
Me: Hi, This is Abinav, I received a mail from paytm stating that there was a transfer of 1900/- to your account. Could you please re transfer the funds to my Paytm Wallet?
Stranger: Who are you? Where are you calling from? I’m not Prakash. I’m Manish. I Singed Up in Paytm Yesterday only. I’ve been getting calls regarding the same issue again and again. This is the sixth call I’m attending.
Me: But the mail which I received mentioned this phone number.
Stranger: Yaar, someone hacked Paytm I guess. I don’t know why that hacker put my number. I’m annoyed of attending these calls again and again.
Me: Please can you check your paytm balance and let me know?
Stranger: I’ve been checking it as everyone is asking me to. It is 0 in my wallet.
He hung up the phone.
Now, I tried to reach out to the person by writing a mail to firstname.lastname@example.org. Guess what? That email does not even exist. I got a delivery report as shown:
I have a question for Paytm here: Whenever a user signs up in Paytm, it is mandate for them to verify their mobile number and email ID. How can Paytm verify an email Id that does not even exist?? Doesn’t it imply that either there is some bug in Paytm App or was it hacked??
Another Proof!I din't capture the screenshot but, the next day when I saw my personal information in Paytm App, there was another surprise waiting for me! My email Id was changed from email@example.com to firstname.lastname@example.org. Why the heck would I change my email ID to some server that I don’t even know?
Looking at all these issues, looks like Paytm is hacked! They are not letting it out, but surely it is hacked!
I've raised a grievance to email@example.com immediately when I saw the mail, but so far there is no response from them. I have been hearing about the poor customer service of Paytm but now I'm experiencing it.
NOTE: People might think that, why the heck is this person doing all this shit for the sake of 1900/- bucks. It’s not about the money, we should be worrying about the security! We have been using Paytm right from mobile recharges to booking a ride and purchasing goods. It also acts as a payment gateway to credit card and debit card purchases. If it so vulnerable then how can we trust the security of Paytm while performing an online transaction?? Think about it and be careful!
I hope this message reaches to Paytm Customer Service, so far it has not at all been up to its standards.