Explained: Lost ₹10k to ‘OLA Money Postpaid’ fraud but recovered the money

How I lost ₹10k to 'OLA Money Postpaid' fraud and recovered the money

The day was July 28, 2023. I was working on an urgent news story when I got a call from an unknown number – 080 3710 1888. I usually avoid picking up unknown calls but an Amazon package was scheduled to be delivered later that day.

When I answered the call, a computer-generated voice (also called Interactive voice response/IVR) informed me that an attempt had been made to change the phone number associated with my OLA account.

I was surprised. “Why would anyone want to change the phone number of a ride-sharing app?” I thought for a second. The IVR asked me to press 1 if I approved the ‘phone number change’ or else press 2.

Screengrab of my call history

Similar attempts to break into my Facebook and Amazon accounts had been made in the past. As I was already preoccupied with work, I wanted to settle the issue as soon as possible. So, I went ahead and pressed 2 on the keypad.

The automated voice thanked me for the confirmation and asked me to enter the verification code sent to my number. At that time, I received a notification for a one-time password (OTP). So I went ahead and entered the 6-digit ‘verification code’ in the hopes of thwarting the ‘phishing’ attempt.

The IVR informed me that the ‘phone number change’ request was aborted. The call was then automatically disconnected. So, I went back to my work, only to receive one of the most distressing text messages of my life.

Screengrab of the text message received from OLA

“Payment of Rs. 10000.0 using OlaMoney Postpaid for your transaction hj2f-1d4k-le1r on www.woohoo.in is successful,” the message read. I was taken aback. I quickly installed the OLA app (which I usually uninstall after rides to save phone storage) to confirm if the message was real.

To my shock, my OLA Postpaid account was ₹10,000 short of its maximum limit of ₹15,500. The due date for the re-payment of ₹10,000 was written as August 27, 2023.

I am scammed – the reality dawned on me soon. So, I went online and quickly searched for OLA’s customer care number. It led me to the website of OLA Postpaid, where the customer care number was listed as 080 3710 1888.

Screengrab of the OLA Postpaid customer care number

I was surprised to learn that it was the same number from which the scam call originated. Until then, I was deeply embarrassed to have been randomly defrauded by an automated voice call. As a journalist and tech-savvy millennial, I did not expect such things to happen to me.

When it became clear that the fraud IVR was initiated by the official customer care number of OLA postpaid, I called the number immediately. It connected me to ‘OLA Financial Services’. I was able to talk to a representative of the ride-sharing company and register my complaint.

I inquired as to how such fraud calls can be made to customers from the official OLA postpaid number. She had no answer but assured me that the OLA team would investigate the matter with utmost priority.

Meanwhile, I also shared the story on X(formerly Twitter) and sent a Direct Message (DM) to OLA support on the micro-blogging platform. Several X (formerly Twitter) users began narrating their stories of fraud. “Exactly the same thing happened with me too,” wrote Sudesh.

Saptarshi B and Naresh Gupta were also defrauded of their OLA Postpaid money.

X (formerly Twitter) user Aditya Singh, who lost ₹9500 in the fraud, wrote, “Their CC replies are the same every day… (They say) we are not authorised to recover funds. Already complained (to) cybercrime (department). Let’s see what will happen.”

Akshay Girgune, Rahul Jungade and Siddhartha were also victims of similar fraudulent calls.

My sister, who works as a clerk at a nationalised bank, informed me that she has received similar ‘OLA Postpaid’ fraud calls in the past. She asked me to install the app ‘TrueCaller’ as it raises alarms about such ‘fraud calls.’

In the past, I had been hesitant about using ‘TrueCaller’ due to privacy issues. After having lost ₹10,000 in one day, I was no longer worried about privacy. On installing the app, the official customer care number of OLA was flagged as ‘OLA Postpaid Scam’.

There were a dozen comments by TrueCaller users who have similarly been defrauded by IVR, originating from the number. “They first play an IVR asking you to deny the transaction and once you press 1, they send you an OTP asking you to confirm and that is where the brilliance of the scam is. DO NOT SHARE OTP AT ANY COST!” wrote one user.

Screengrab of the comments by TrueCaller users

Another user warned, “Fraud- Do not share OTP with them. change your account password if you are receiving calls from this number regarding mobile number change and asking for OTP for request cancellation.”

After interacting with some of the victims, I learnt that they had been defrauded from the official number of OLA as well as unofficial/ unknown numbers. My mother, who was disturbed by the development, lambasted me for sharing the verification code on call.

“I did not think of the OLA postpaid wallet when I received the call. In my mind, I wondered why someone was trying to change the phone number of my ridesharing app. Had it been a bank or third-party transaction app (such as PayTM, GPay or PhonePe), I would perhaps have been more vigilant,” I told her in my defence.

Filing a cyber complaint and legal recourse

Although I was disheartened and embarrassed by the development, I knew I could not waste time and proceeded to file a cyber complaint.

First, I visited the website of the ‘National Cyber Crime Reporting Portal’, and chose ‘Financial Fraud’ from the drop-down menu of ‘Report Cyber Crime’. I accepted the terms and conditions and created a new account.

While the onboarding process is easy, the online complaint must be filled out quickly. If such a thing is not done, then, the page will get timed out and you need to start afresh. It took 3 attempts to finally register my online complaint.

Screengrab of the National Cyber Crime Reporting Portal

To make things easier, I will suggest compiling all screenshots, bank statements etc. in the form of a PDF. After the online complaint is registered, you will receive an acknowledgement number on your given email ID.

Within a day, your complaint will be assigned to a nearby cyber crime police station and a designated police officer (the email will include his/her phone number). Most people do not follow up after this step.

You need to physically visit the said police station and meet up with the concerned cop for the registration of the First Information Report (FIR). You will need documents such as a copy of your Aadhar card, address proof, written complaint (in the format attached in the tweet) and proof of fraud (screenshots, mail transcripts, transaction ID etc.).

You can skip the bank statement part in this case, given that the OLA Postpaid Scam is an ‘e-wallet fraud’. Within a day, you can collect a physical copy of the FIR from the said police station.

Challenges and recovery of defrauded amount

I did not receive any help from the OLA Team for the first 3 days, except for bot replies to my tweets and generic emails. Thereafter, I was greeted with an email that read-

“We would like to inform you that, as per our technical team OTP was generated and shared for the transaction. We are sorry to let you know that we are not authorized to recover funds from a successful transaction.”

Despite being pointed out repeatedly that the OTP was shared with the IVR, originating from the official number of OLA postpaid money, the support team initially did not do anything about it. They carefully avoided responding to the mail, which highlighted this aspect and chose to focus solely on the OTP part.

In the meantime, I kept writing emails to the OLA team, highlighting the issue but to no avail. On August 7, 2023, I finally received an email from OLA Money representative Vippu Lokesh, stating that my defrauded postpaid balance of ₹10000 has been refunded.

“Hello Dibakar, we regret the inconvenience caused. We would like to inform you that being our valuable customer we will go ahead and refund the full amount. However, moving forward please make sure that you do not share any OTP over call/SMS/IVR/Email as Ola representative will never ask you for OTP,” the mail read.

Email sent by OLA Money representative Vippu Lokesh

I was finally relieved. I quickly checked my OLA postpaid wallet and the refund was reflected in the account. I called the OLA support number (the same one as the fraud IVR) and permanently deactivated the postpaid service with the help of their customer care executive.

Ordeal of other OLA Money Postpaid customers

Another victim of the OLA Postpaid scam call, identified as Naresh Gupta, was also refunded the defrauded amount of ₹7500. While I and Gupta were among the fortunate ones to receive a full refund, the plight of other victims tells a different story.

Many of the defrauded individuals are now being harassed by OLA officials to cough up the amount, which was siphoned off in the scam. As the due dates for repayment of OLA postpaid are inching closer for the victims, they are receiving threatening calls from OLA recovery agents. 

On X (formerly Twitter), Rahul Jungade narrated that he is being blackmailed and mentally harassed by OLA officials.

Siddhartha, another victim of fraud, tweeted, “My case is not resolved by Ola Money. Getting WhatsApp messages on (my) personal number from Ola folks asking to pay. Ola Money, we have already filed a cyber fraud police complaint on @Cyberdost against you and @woohoogifting both.”

Aditya Singh is still hoping for a timely resolution to his issue.

Questions for OLA management

Several questions need to be addressed by OLA about the misuse of its official customer care number and the plight of those victimised in the fraud. I have prepared a set of 8 questions that require immediate answers from the management of the ride-sharing app.

  1. How can an automated voice call, aimed at defrauding customers, originate from the official number of OLA Postpaid?
  2. How did the fraudsters know that the victims were OLA postpaid users? Was there a breach of customer data that we do not know of?
  3. What is being done on OLA’s part to protect the data of the customers?
  4. Are you aware of the cyber fraud involving OLA postpaid? If yes, what action has been taken in this regard? If not, then who should be contacted for the redressal of customer grievances?
  5. There are several postpaid/ pay later services in the markets. How have they been able to protect their customers from falling prey to fraudsters, which is not the case with OLA?
  6. Will the victims be refunded/ compensated for the fraud originating from the official number of OLA postpaid and in cases where scamsters had access to OLA customer data?
  7. Will OLA officials/ executives/ recovery agents stop harassing those customers who have been defrauded of OLA postpaid money until a resolution is reached?
  8. What is the top management doing to safeguard OLA users from future cyber fraud?

Disclaimer: I have sent two emails, seeking answers to the above-mentioned questions, to OLA’s top management and its media enquiry centreNo response has been received so far. The article will be updated accordingly if OLA chooses to respond to the questions

Featured image via jcomp/ Freekpik

The article was first published in Opindia on August 21, 2023.