A recent scam at Bengaluru’s Kempegowda International Airport has raised concerns among travelers using airport lounges across India. Unfortunately, malicious apps have discovered another way to trick people.
A passenger at Bangalore Airport was scammed out of INR 87,000 after downloading a phishing app.
In the case, a traveler was tricked into downloading a fraudulent app called Lounge Pass, which ended up stealing Rs 87,000 from his bank account. The scam highlighted a new vulnerability where cybercriminals use social engineering and digital fraud to trick unsuspecting passengers.
Image generated via Dall-E
The scam reportedly occurred when a traveler arrived at the Bangalore airport early in the morning and tried to access the lounge. All she had was a photo of the credit card, no actual card. Lounge staff asked her to download an app to verify access. She ended up downloading the Copycat app and was forced to complete a facial scan to prove her identity. This is a post she made to warn others about this experience.
She followed these instructions, but then chose not to use the lounge and continued on her journey. Passengers then discovered they were unable to contact friends and family by phone. She initially dismissed this as a network issue, but then noticed that strangers were answering calls to her number.
When she checked her bank account, a large sum of 87,000 rupees (US$1,035) had been withdrawn. An investigation by CloudSEK, a leading information security research group, uncovered this threat. Their warning said:
The scam involves a malicious Android application named Lounge Pass that is distributed through fake domains such as loungepass.in. This app secretly intercepts SMS messages from victims’ devices and forwards them to cyber criminals resulting in severe financial losses.
And that’s what happened to her. The app accessed her phone’s settings and allowed it to intercept her calls and text messages to different numbers. This transfer allowed the fraudster to access her one-time password (OTP) and withdraw funds from her bank account.
The design of this scam demonstrates sophisticated social engineering techniques in which cybercriminals exploit victims’ trust in the airport environment. The CloudSEK threat alert also revealed that INR 9,00,000 (approximately USD 11,000) was stolen using these apps between July and August 2024.
Having said all of the above, the woman who brought the case to worldwide attention was not instructed to use the Dreamfolks automated kiosk to authenticate the card she had on her phone. I was simply surprised. Because that’s the default way of doing things. Recently at 080 Lounge Bangalore.
conclusion
This elaborate scam reveals another way cybercriminals use lookalike apps to trick the public. In this incident, many passengers, including the one who reported the scam to the world, lost money by downloading a fake app that was not the real “Lounge Pass” app. Before the app you’re downloading can access your phone, you need to authenticate it.
What do you think about this scam?
Do you like our articles and initiatives? Pay what you’re willing to pay. The amount you believe to be a fair price for the content you consume. Enter the amount in the box below and click the pay button. You can pay using net banking, debit/credit card, UPI, QR code or any wallet. Every contribution helps cover the cost of the content produced for your benefit.
(important: To receive transaction confirmation and details,[今すぐ支払う]Please enter a valid email address in the pop-up form that appears after clicking the button. For international transactions, we use Paypal to process transactions.)
We don’t put our articles behind a paywall where you have to pay. in front You read the article. We ask for payment rear If you are satisfied with our quality and our commitment, you have read this article.
Live details from the lounge
