CloudSEK released Unearthing the Million Dollar Scams Targeting the Indian Electric Vehicle Industry, highlighting a large-scale phishing campaign targeting Electric Vehicle (EV) consumers and businesses. It is notable that the scams increased considerably after the production-linked incentive (PLI) scheme, for electric and hydrogen fuel cell vehicles, was approved by the cabinet in September 2021.
CloudSEK’s in-depth investigation has revealed that scammers are exploiting Google Ads to misdirect users to phishing sites that collect users’ data and money. With each site defrauding users of INR 200,000—400,000, in booking fees and down payments, the scam has so far cost the Indian public over INR 40— 80 Million.
Overview of the Phishing Campaign
Since the second half of 2021, CloudSEK’s flagship digital risk monitoring platform XVigil has detected a spike in phishing campaigns impersonating EV manufacturers and dealerships. Scammers propagate this scheme by:
Impact on Consumers and EV Companies
The phishing campaign has already cost the Indian public over INR 40— 80 million, and this value is expected to increase significantly in the future. Apart from financial loss, users also share Personally Identifiable Information (PII) and banking details, which can be leveraged to orchestrate other social engineering campaigns, and even identity theft. For EV companies, these phishing websites lead to direct loss of business, reputation, and credibility. This could also lead to a general decline in the adoption of e-mobility, an already unfamiliar technology, if users’ first touch point in a phishing campaign.
