[Omkar]

Here's the situation that I am in right now -

• Earlier this year, I was using Dunzo. To make the payment simpler, I connected my Simpl account to Dunzo. I used Simpl when it was new because there were plenty of cashback offers. Hadn't used it in some time.
  
• April 2022 was the last time I used Dunzo and Simpl. Switched to ordering from Zepto and Swiggy Mart because it was quicker and just felt easier. Deleted the apps from my phone at this point.
  
• December 2022, I got an SMS on 4/5 December saying I was late to pay my Simpl credit amount and have been charged a late fee of Rs 250.
  
• That's when I log in and check both Dunzo and Simpl, there have been 2 canceled transactions on 17th November for Rs 5,000 after which a successful transaction on of Rs 4,999 and Rs 951 on 18th November. I haven't made those transactions! (Screenshots attached)
  
• Needless to say, I haven't gotten any of the items mentioned in those orders.
  
• I immediately tried to get in touch with customer care, but they only have chatbots. I got one call from Dunzo after chatting with an executive on their app and he asked me to get in touch with Simpl. There's no Simpl contact number. They have an AI chatbot, which doesn't get you anywhere. Both have email IDs and I have written to them on 6th December at around 18:00 hrs, but no response yet.

For those who don't know about Simpl - It is an instant credit facility that gives you a small credit line (Rs 5,000) which you can use and pay after your bill gets generated at the end of the month. If connected with merchant apps, the checkout is super quick and convenient. They have tie-ups with plenty of apps like Zomato, Dunzo, Bigbasket, Rapido, Box8, Faasos, etc.

Below are some important points:

• My phone doesn't have Dunzo or Simpl apps since April 2022. I live independently, so not like someone that I know used my phone or something along those lines.
  
• The addresses mentioned in the screenshots obviously aren't mine. There is an unknown contact number on the Dunzo order detail which I'm guessing was given for address reference.
  
• Have gone back and checked my SMSs, and there is a message from Dunzo for a login request on November 16 at 18:46 hrs with an OTP. No login-related SMS from Simpl on the dates of the transaction.
  
• I checked my Google Timeline just to reassure my memory, I hadn't left my place all day on the 16th (I work from home).
  
• I don't have any cards saved on either of the app's payment sections.
  
• I do not check my SMSs. For payment or money-related messages I glance over the amount and if it seems familiar, I don't read it. In this case, I glanced at the Simpl and Rs 5,000 and just thought it was a promotional message reminding me that I have Rs 5,000 credit left on Simpl. So I ignored it when these transactions were made.

Below are the questions that are bugging / freaking / worrying me right now, and would like some advice on this situation -

• I have no clue how my account got accessed. Does that mean my phone is vulnerable to more such attacks?
  
• If yes, what measures can I take to prevent something worse from happening?
  
• What should be my next step here? Can't get in touch with these apps. I don't really have much presence on social media platforms either.
  
• Should I wait for them to reply to my email and provide some sort of solution? Their reply said it will take 3-4 working days to get back.
  
• Or should I just clear the Simpl balance + late fee Rs. 5,250 and delete both Dunzo and Simpl accounts? If I don't pay Simpl, will it affect my credit score?
  
• Do I approach any authorities with the contact number and addresses from the Dunzo order details? If yes, who do I even approach? Don't want to waste time over something that will just get ignored.

[Aditya]

Thread moved out from the Assembly Line. Thanks for sharing!

[DigitalOne]

Quote:

Originally Posted by Omkar

[*]I have no clue how my account got accessed. Does that mean my phone is vulnerable to more such attacks?
[*]Or should I just clear the Simpl balance + late fee Rs. 5,250 and delete both Dunzo and Simpl accounts? If I don't pay Simpl, will it affect my credit score?

Phone hacking is not so simple, despite what they show in movies . I would rule that out.

Mostly likely it is a rogue employee in Dunzo, because that's where the rogue employee may get access to the list of customers who are paying via Simpl.

Before deleting Dunzo account, login once and check whether your registered email id has changed. It is possible for an employee to change the registered email id, get an OTP to a fake email, login to Dunzo and create the fake orders. (And change back the email id to the original in which case it is difficult to trace).

Privacy and Security in these startups are highly suspect. Employees have access to all kinds of data. And with the wave of layoffs that are happening in tech, there would be few disgruntled employees willing to do anything.

I would suggest simply ignore the claim. I don't think CIBIL takes data from these fintechs, which will affect your credit score.

[Eddy]

Ok, this scares me. I am a regular user of Simpl for the convenience it provides. Will be keeping a keen watch on this thread and the resolution provided.

[aargee]

I'm sorry about your situation, but will strongly agree that getting to their support/help is Bagiratha's efforts!!! I think they're doing this intentionally as a moat to safeguard as much as possible so as to stay away from issues like this.

Quote:

Originally Posted by Omkar

I have no clue how my account got accessed. Does that mean my phone is vulnerable to more such attacks?

Not really; like DigitalOne said, its not like movies where they hack anything & everything under 5 seconds!!

Quote:

Originally Posted by Omkar

What should be my next step here? Can't get in touch with these apps. I don't really have much presence on social media platforms either

Quote:

Originally Posted by Omkar

Should I wait for them to reply to my email and provide some sort of solution? Their reply said it will take 3-4 working days to get back

Kindly wait for the response, let's see what happens; meanwhile Twitter? FB? Some rescue?

Quote:

Originally Posted by Omkar

Or should I just clear the Simpl balance + late fee Rs. 5,250 and delete both Dunzo and Simpl accounts? If I don't pay Simpl, will it affect my credit score?

I wouldn't pay for someone else, but if you feel peace of mind is most important than money, then, yes go-ahead please
There's good & bad news; since Simpl is not approved by RBI, your credit scores should not get affected

Quote:

Originally Posted by Omkar

Do I approach any authorities with the contact number and addresses from the Dunzo order details? If yes, who do I even approach? Don't want to waste time over something that will just get ignored

Would you be having so much time & patience sir?

[ninjatalli]

Quote:

Originally Posted by Omkar

Below are the questions that are bugging / freaking / worrying me right now, and would like some advice on this situation -

• I have no clue how my account got accessed. Does that mean my phone is vulnerable to more such attacks?
  
• If yes, what measures can I take to prevent something worse from happening?
  
• What should be my next step here? Can't get in touch with these apps. I don't really have much presence on social media platforms either.
  
• Should I wait for them to reply to my email and provide some sort of solution? Their reply said it will take 3-4 working days to get back.
  
  
• Do I approach any authorities with the contact number and addresses from the Dunzo order details? If yes, who do I even approach? Don't want to waste time over something that will just get ignored.

My guess is your credit score won't get impacted but Simpl would probably do several follow ups for delayed/pending payments and then handover your account to collection agencies for the same. These would be similar to the various personal loans Android apps (Chinese and local firms based) that became very infamous for their dubious collection processes.

If I were in your place, I'd make sufficient noise via emails and social media to ensure you have "proof" that you made enough efforts to highlight to the Simpl higher ups.

There have been few posts in the past on online fraud related cases where the folks reached out to their local police authorities and were informed to reach out to cyber security personnel. Give it a shot just to be on the safer side to "document" this with the officials as a back up.

Quote:

[*]Or should I just clear the Simpl balance + late fee Rs. 5,250 and delete both Dunzo and Simpl accounts? If I don't pay Simpl, will it affect my credit score?

Not advisable. I'm guessing once you do that, the problem will be entirely yours to resolve and you'll get minimal support, given that the Simpl and the grocery stores have got their payment. While you make efforts to reach out for support and resolution, wait for their collection processes to kick-in; which is when they will then move it into a higher gear.

[Abbas]

Simpl is a fraud company. They are linked to zomato as a payment option. I have never used or downloaded their app. Once during ordering from zomato, the coupons showed to use simple and get Rs. 50 discount. I used the coupon but paid thru my credit card. Thats`s it!

After a week i start getting calls that Rs. 250 is due from me and i need to pay asap or else authorities will be inform and 3rd party will be sent to collect (read goons). They have no CS people and has only chatbox. After writing to them by email asking them to show me proof that i used thier service, they say by entering OTP i have made some transaction. Heck, they dont even know for what i have spend the money.

A mere google search on simple will tell you countess such stories thru zomato.

They are an Absolute Fraud !

I am pretty sure simple created a fake transaction on your dunzo account to harass you. My advice, simply ignore.

[DrZhivago]

New age financial service providers or start-ups are no at all trust worthy I believe. They are mostly flush with some Chinese slush money and thereby have no regard for any set laws and then end up harassing people who fall into their traps. This seems to be a clear cut case of fraud which might have been an insider job from what I can understand. I will repeat what others have said. You should make some noise on Twitter and other socials and make them understand that you wont take this lying down if they try to make you pay up. Its a good thing that they are not connected with CIBIL otherwise this would have turned out to be a real nightmare for you because it would take a lot of time for this to clear off from your CIBIL.

Lastly, Please exercise caution when signing up with any of these financial service providers because most of them will try to fleece you. I am all for such easy methods of payment and I myself use LazyPay and have found them to be a great product but I signed up on it after knowing from my circle that its a good product and not some fly by night operator. God Speed

[yogiii]

Quote:

Originally Posted by Abbas

Simpl is a fraud company. They are linked to zomato as a payment option. I have never used or downloaded their app. Once during ordering from zomato, the coupons showed to use simple and get Rs. 50 discount. I used the coupon but paid thru my credit card. Thats`s it!

They are an Absolute Fraud !

What did you do in this case? Did you pay the 250 Rs charge? If not did the calls stop on their own?

[whitewing]

If you haven't received SMS for OTP that is worrying indeed, even if there was a change in the registered mobile/email id, there should have been an approval request either via mail/sms.
Since you's have configured auto pay in dunzo, then it would be your dunzo account that is compromised.

First thing, change the credentials in both accounts.

PS: I'm speculating, have not used Simpl since I'm wary of the BNPL platforms.

Quote:

Originally Posted by Omkar

• Or should I just clear the Simpl balance + late fee Rs. 5,250 and delete both Dunzo and Simpl accounts? If I don't pay Simpl, will it affect my credit score?
• Do I approach any authorities with the contact number and addresses from the Dunzo order details? If yes, who do I even approach? Don't want to waste time over something that will just get ignored.

If the place you reside allows filing of online FIRs file a police complaint that there has been a theft via hacking.
I'm not sure if simpl is even a regulated entity, if so unlikely they can affect
your credit score.
Do file a complain with RBI as well https://www.rbi.org.in/Scripts/Complaints.aspx =>SystemParticipants is most likely the correct category (some mail IDs are also listed in the page).
Since RBI is looking at bringing in some control on these entities, an addition complaint will add to the case to bring is oversight.

If you pay up the platform will then not be incentivized to resolve your case since their money is back in their pockets.
Not paying up also will disincentivize shady behavior from these platforms.

[yashg]

Cards issued by these new age "fintechs" like Uni/Simpl/Slice etc are not credit cards because credit cards can only be issued by banks. They are line of credit and from what I understand it is bad for your credit score to have a bunch of these. They are reported to credit bureaus and not paying it will affect your credit score negatively. These "cards" as well as the buy now pay later programs offered by the likes of Amazon, Paytm, Ola are best avoided. Biggest issue is that these VC funded startups will blow money on cashbacks and IPL ads but won't employ real people to offer customer support. I had gotten one such card but promptly returned it after seeing it show up as a loan on my credit report. Check your credit score for free on Paisabazaar. It might already have been affected.

I am not really sure what you can do at this point. Dunzo won't help you. You will have to plead with Simpl to get your money back. In case of unauthorized transactions on a credit card, the process is straightforward. You contact the bank where a real human will talk to you and you can get your card blocked, raise a dispute and a credit will be issues against those transactions immediately. Now it will be up to the merchant to fight it and prove those were not fraudulent. Simpl being not a credit card, may not have such a process in place. You best bet is to keep sending emails and wait for them to respond. You can try and get contact details of its founder/s and try and get in touch with them via Twitter/LinkedIn. You may eventually realize it is better to pay up the money and get the card cancelled.

[fhdowntheline]

Better to have a regular account with KYC verification with UPI provider like Paytm or the like. One can keep a small amount there to cover the digital payment requirements.

[SedateGuy]

As a matter of habit i have never used these new financial services which try to lure you with cash back offers. Especially those which would debit/charge me automatically without any kind of security input from me.

Even setting up the credit card to auto authorise payments of less than X amount i avoid.

[warp_10]

Might be a case of brute force hack, where it just happened and your device might not be compromised. Why do I think so ?

You had a login message OTP on 16th Nov, the day before the first such transaction occurred. This means someone has tried to login your dunzo.

On 17th Nov, there were 2 transactions for 5k which were cancelled more likely because it might have triggered some 2nd order auth or might have hit some ceiling.

On 18th Nov they tried reducing it to 4999 and the transaction worked.

With all these new age apps just using OTP to login without proper rate limiting and not for 2FA, it is just scary. I tried to login dunzo repeatedly and did not rate limit me at all across multiple numbers or multiple OTPs or for that matter on the same OTP with multiple failures.

But, what was super bizarre was they do not allow a logout feature itself. I had to uninstall the dunzo app and reinstall in my iphone to clear their data. Seriously ? WTH !!

https://twitter.com/anoopajohn/statu...707841?lang=en

[barcalad]

To begin with, I am appalled that someone actually ordered Basmati Rice, Cashews and Ghee to their "office". So much for fried rice cravings.

Quote:

Originally Posted by Omkar

[u][list][*]I have no clue how my account got accessed. Does that mean my phone is vulnerable to more such attacks?

I reckon your account(s) has been compromised. Thumb rule - Before uninstalling any app, deactivate your account and have written confirmation of the same from the opposite party. In this instance, there is a possibility that someone logged into your credentials on Dunzo as well as Simpl to be the Brutus.

Quote:

[*]If yes, what measures can I take to prevent something worse from happening?

Simpl(e). Deactivate account and request for complete user data wipe before uninstallation of any account. I did the same on a lot of (popular) platforms and got the job done, albeit after escalations.

Quote:

[*]What should be my next step here? Can't get in touch with these apps. I don't really have much presence on social media platforms either.

Dunzo can't wash off their hands here. Someone literally logged into your account and placed an order. You are well within your rights to seek device information, IP details, last known location and other jargon in order to send both Dunzo and Simpl a legal notice - that is - if the cost of the legal notice(s) is less than 1/3rd of the cost of what you owe Simpl. Think economically too.

As far as Simpl goes, I can share their CEO's email ID with you as well as their escalation email ID. PM me. I had a pickle a few months and got it sorted within hours thanks to a crisp email to their CEO.

Quote:

[*]Should I wait for them to reply to my email and provide some sort of solution? Their reply said it will take 3-4 working days to get back.

Wait for it. 99.9% you will get a canned response. Screenshot it and add it as an attachment to your escalation email so as to highlight their shoddy customer service. May work in your favour.

Quote:

[*]Or should I just clear the Simpl balance + late fee Rs. 5,250 and delete both Dunzo and Simpl accounts? If I don't pay Simpl, will it affect my credit score?

Absolutely not. Play it out. They are the one at the receiving end here, remember that. Simpl delays don't affect credit scores, can confirm. If you get an email or text stating that they do, ask them to take a hike.

Quote:

[*]Do I approach any authorities with the contact number and addresses from the Dunzo order details? If yes, who do I even approach? Don't want to waste time over something that will just get ignored.

Your first step should be a legal notice. If they still stonewall you after that, approaching the District Consumer Redressal Forum should be your second step. Let's hope it doesn't come to that.

Good luck.