Bengaluru: Despite the nascence of the Electric Vehicle (EV) sector in India, security firm CloudSEK on Wednesday said that it has identified a large-scale phishing campaign targeting potential EV distributors and users.
According to the firm, scammers are exploiting Google Ads to misdirect users to phishing sites that collect users' data and money. With each site defrauding users of Rs 200,000-Rs 400,000, in booking fees and down payments, the scam has so far cost the Indian public over Rs 40-Rs 80 million.
"It is notable that the scams increased considerably after the production-linked incentive (PLI) scheme, for electric and hydrogen fuel cell vehicles, was approved by the cabinet in September 2021," the company said in a statement.
Since the second half of 2021, CloudSEK has detected a spike in phishing campaigns impersonating EV manufacturers and dealerships. The company said that scammers propagated this scheme by registering fake domains that resemble legitimate domains of EV manufacturers and marketplaces, creating Google Ads for the fake domains, and manipulating SEO, such that these ads are top results for generic searches as well as searches for specific EV brands.
It also directed users to click on these ads to phishing domains that impersonate the content and images of legitimate websites.
Apart from financial loss, users also share Personally Identifiable Information (PII) and banking details, which can be leveraged to orchestrate other social engineering campaigns, and even identity theft, the company said.
For EV companies, these phishing websites lead to direct loss of business, reputation, and credibility. This could also lead to a general decline in the adoption of e-mobility, an already unfamiliar technology, if users' first touch point in a phishing campaign, it added.