Phishing is an act undertaken by fraudsters to gain your private and sensitive information through emails that appear to be sent by Paytm. Such fake emails encourage you to click on a link in the email which leads you to a fake website with a similar look and feel as that of Paytm’s authentic website. It is designed to capture your personal confidential account information such as your username password & OTP.
Customers’ email addresses are obtained/purchased by the fraudster through non-trusted sites where the customer would have revealed his email ID by means of casual browsing or shared it on chat rooms, blogs or mailing lists, etc.
How do the fraudsters operate?
Fraudsters send spoofed emails, appearing to be sent by Paytm, to large number of recipients with an urgent tone that calls for quick action to verify, update or reveal your confidential account information by clicking onto a link in the email .
Once the recipient clicks on the link in the email, she is diverted to a fake website with a similar look and feel of Paytm’s original website. The customer is presented a web form to divulge his confidential account information i.e. OTP, Username, Password, Mobile Number.
Once the unaware customer reveals his confidential account information on the fake website he may be directed to the authentic website of Paytm to suppress any suspicion arising in the customer’s mind. This is how the customer’s identity is compromised .
The customer’s confidential account information or identity credentials are then used by the fraudster to gain access to the customer’s account to commit fraudulent transactions.
How do you identify a fake / phishing email?
The fraudster may use Paytm’s email address, domain name, logo, etc to give an authentic look to the fake email.
Do not rely on the name and source in the “From ” field of the email address as it may be easily manipulated by the fraudster to a valid email account of Paytm.
Very often, such fake emails are poorly drafted and may have spelling or grammatical mistakes.Such fake emails will always encourage you to click on to a link to verify or update your confidential account information.
The links embedded in such fake emails may sometimes look authentic but when you move the cursor/pointer over the link, there may be an underlying link/url to a fake website.
How do you identify a counterfeit / fake website?
Verify the URL of the webpage (web page address):
Most of the counterfeit / fake webpage addresses start with “http://” unlike Paytm that would start with “https://” and not http://.
While using Paytm App or Paytm Website, always make sure that the domain name starts from:
Also verify the end letter “s” that ensures the security of communication by means of encryption between webpage and the visitor accessing it.
Report a fraud or phishing
If you receive an e-mail claiming to be from Paytm regarding updating sensitive account information like OTP, password, mobile number, let us know by forwarding the e-mail to firstname.lastname@example.org.
Never provide sensitive account information like OTP, password,Mobile Number or personal details in response to an e-mail. If you have entered such information, report it to us immediately.
If you notice any spoofed (duplicate/unofficial) Paytm website, let us know by writing at email@example.com.
Be it any channel, on social media/ via telephone/email/written correspondence, Paytm will never ask you to disclose your confidential details (Net-Banking/Credit/Debit card details) So, we would request all our customers to not fall prey to any such offer/schemes where you’re asked to give any of your confidential details! Please don’t trust or transact on offers listed on unofficial web-pages/apps. If you come across such spoof links (especially on social media platforms like Facebook), please report it to us and we will take necessary action.
We hope that this helps all Paytm users to conduct transactions safely all across the web. In case of any concerns or queries to just get more information, we are always listening at firstname.lastname@example.org.
Feel free to write in anytime.