Scammers targeting the Indian electric vehicle industry

• Scammers are exploiting Google ads to misdirect users to EV phishing sites that collect users’ data and money.
• Scammers propagate the scheme by registering fake  domains that resemble legitimate domains of EV manufacturers and marketplaces.
• EV companies would also be affected as the phishing scams could lead to negative perceptions, especially with brand reputation and credibility at stake.

The Indian electric vehicle (EV) market is poised to be one of the fastest-growing EV markets in the world in the future. While China currently dominates the production of EVs, Indian carmakers are also beginning to develop modern electric vehicles to cater to their domestic market.

In fact, government regulations in India are already pushing for more energy-efficient and electric vehicles to reduce carbon emissions. This includes favorable government policies such as multiple production-linked incentive schemes, federal subsidies, and the launch of the one-stop EV platform e-AMRIT. There has also been improvement in charging Infrastructure driven by the policy that EV charging stations don’t require a license.

India also has an international commitment to reduce carbon emissions and increase the use of cleaner sources of energy and transportation. This includes India’s Faster Adoption and Manufacturing of Hybrid and Electric Vehicles focuses on electrification of public and shared transportation through subsidizing, 7090 e-buses, 500,000 electric three-wheelers, 550,000 electric passenger vehicles, and 1,000,000 electric two-wheelers. The automotive sector in India is dominated by two-wheelers and three-wheelers (autos and rickshaws) that play a significant role in the last mile mobility in the country.

Rising government emphasis and focus of private and government players partnership to enhance EV ecosystem in the country. EV brands like Tesla are also seeing high demands in the subcontinent while local carmakers have also unveiled several new models which are expected to be taking over Indian roads in the near future.

Rising EV scams in India

As the demand for EVs grows, the advertising and marketing for EVs have also increased. Online advertising like Google ads is becoming increasingly popular for EV carmakers. However, the problem is, cybercriminals are using the opportunity to wreak havoc on individuals.

According to researchers from CloudSEK, scammers are exploiting Google ads to misdirect users to EV phishing sites that collect users’ data and money. Their investigation showed that each site is defrauding users of INR 200,000 to 400,000 in booking fees and down payments with the scam costing the Indian public around US$ 1 million.

“In addition to existing automotive companies, over 399 start-ups are currently working on electric vehicles and related products and services. Hence it comes as no surprise that the scams targeting these companies have skyrocketed. This is evident by the surge in phishing sites targeting the EV sector, which increased considerably after the production-linked incentive scheme, for electric and hydrogen fuel cell vehicles, was approved by the Indian cabinet in September 2021,” cited CloudSEK’s researchers Ankit Dobhal and Aryan Singh.

Since the second half of 2021, CloudSEK’s flagship digital risk monitoring platform XVigil has detected a spike in phishing campaigns impersonating EV manufacturers and dealerships. The modus operandi includes:

• Scammers propagate the scheme by registering fake domains that resemble legitimate domains of EV manufacturers and marketplaces.
• They then create Google Ads for the fake domains, and manipulate SEO (Search Engine Optimization), such that these ads are top results for generic searches as well as searches for specific e-bike brands.
• A user clicking on these ads is directed to the phishing domains where their information and money are collected in the guise of reservation/booking fees for a vehicle or a security deposit to become an e-bike dealer.

The report also showed that fake websites and domains are delivered to users via Google Ads and as keyword search results. The scammers also stuff the domains with keywords and leverage SEO to ensure the domains are top results whether a user is searching for a specific e-bike brand or generic queries such as “e-bike dealership.”

Interestingly, CloudSEK’s phishing data also shows a decline in phishing scams targeting the finance and banking sector. As the industry improves its cybersecurity and awareness among users, scammers are now driven to electric vehicles as the buzz seems to have caught their attention. The researchers believe that it is likely that scammers who were previously targeting the ever-profitable finance and banking sector have transitioned to targeting businesses and users of the EV industry.

CloudSEK’s researchers also believe that the Indian electric vehicle scam could potentially have a long-term impact on the sector’s growth and trajectory. Not only is the amount lost in such scams increasing, but victims’ personal information is also being exploited through the scams. The information could be used to orchestrate other social engineering campaigns and even identity theft.

Moreover, EV companies would also be affected as the phishing scams could lead to negative perceptions, especially with brand reputation and credibility at stake. There could also be a general decline in the adoption of e-mobility if more funds are lost through the scams.

As such, Indian electric vehicle companies need to mitigate the scams by identifying and suspending phishing websites that spoof their business. While this won’t stop new phishing domains from sprouting, it can still serve as an awareness campaign to educate customers on ongoing scams.

---

---

---

---