In Madurai, a housewife received a call on Thursday from a person claiming to be the customer care executive of a reputed brand. Stating that she had won an SUV worth ₹15 lakh for an online purchase made on Amazon recently, the suspect wanted the details of her PAN card, bank account and Aadhaar to process the delivery of the vehicle.
But she sensed foul play and disconnected the call.
She would have become the victim of a phishing call, but for her suspicion. However, not everyone is aware of the intricacies of such frauds.
It is often the temptation of easy money that people fall victim to. They walk into a web of irresistible offers carefully laid out by fraudsters who want to dupe them. By the time law enforcement agencies get into action, the victims would have lost their hard-earned money. Recovery is a possibility but remote, since cyberspace is a world of its own with few boundaries.
A large number of tech-savvy fraudsters operate online, targeting unsuspecting persons with offers that they find hard to resist. The COVID-19 pandemic is yet another opportunity for such criminals to target the vulnerable, as a large section of the workforce now work on the internet from home. It is no surprise that the age-old offence of making calls posing as bank officials and asking for ATM card details continues as people still share their credentials after being lured into fake promises, despite awareness messages from banks and the police.
The latest in the series of such scams is a group of suspects making calls claiming to be officials from a leading nationalised bank. Taking the name of Prime Minister Narendra Modi, the suspects collect details of the ATM card, with the card verification value (CVV) code, for the transfer of ₹4,500 as COVID-19 assistance.
“While a majority of people are aware of such frauds and disconnect the calls, a few think they are true and share their ATM card details. They also reveal the one-time password (OTP) sent to their registered mobile number, as it is required to confirm the fund transfer. Once the victim shares the OTP, his/her money is transferred to some other account,” said a senior police officer.
On how the suspects know the quantum of funds available in the account, the officer said the accused usually confine themselves to amounts less than ₹10,000, either to make online purchases or to transfer it to other accounts.
“In case the transaction fails on account of insufficient funds, the accused make another attempt since the card-holder will be willing to share the OTP again... It is clear exploitation of the lack of awareness or greed.”
Curtains for gaming
In July, the Madurai Bench of the Madras High Court asked the State government to consider passing suitable legislation to regulate and control online gaming. Justice B. Pugalendhi said such games and advertisements on social media were aimed at inducing unemployed youth into playing these games. The youth take to these games with the hope of earning money while sitting comfortably at home.
The court was hearing a petition filed by a schoolteacher who sought to quash the FIR registered against him by the Tirunelveli police, after he and his friends were booked under the Tamil Nadu Gaming Act for playing cards. The court quashed the FIR.
In November, the High Court took a serious view of such games in the wake of youngsters killing themselves over debts linked to online gambling. Hearing a batch of public interest litigation (PIL) petitions, the court reiterated the need to regulate online games.
A Division Bench of Justices N. Kirubakaran and B. Pugalendhi said precious lives had been lost to online gambling. They said States such as Assam, Odisha, Nagaland, Telangana and Andhra Pradesh had either banned or regulated online games.
Agreeing with the judges, the State submitted before the court that the games were indeed a menace, and the government was actively considering legislation to regulate online gaming.
The court also ordered notices to popular movie stars and cricketers who endorsed online games in advertisements. The court asked why popular figures were endorsing such games.
On online gaming sites or apps still being accessible, another investigator in the cybercrime unit of the police said the Department of Telecommunications alone had the powers to block websites under the Information Technology Act. “State authorities will soon be the authorities enabling the Computer Emergency Response Team. They will have access to all gateways to block online gaming sites.”
An official in the State cybercrime wing said it would be difficult to put a number to the actual victims who have lost money to such frauds, since many preferred not to approach the police, either considering the quantum of money involved or out of a sense of shame. Some among those who turned up to lodge complaints had provided fictitious names or email IDs/phone numbers.
“We have jurisdiction issues in investigating such cases. The suspects usually operate from outside the State or the country. Once the money goes out, it becomes very difficult to recover it. We don’t have real time active systems to stop payments made online. Many payment gateways hold funds for 24 hours and after that they are gone,” the official added.
According to the Madurai police, there were instances of people getting calls from suspects claiming to be bank officials, who said that ATM cards had to be renewed immediately.
To prevent the cards from getting blocked, victims shared all their details and ended up losing money from their accounts.
In such cases, bank officials blame the ignorance of victims, though an attempt can be made to identify the suspects’ bank accounts and freeze their transactions before the police get involved.
“Now, a customer can block the international use of a debit card or a credit card and thereby stop a fraudster using his/her account details in other countries. Similarly, he/she can limit the transaction to a smaller amount through different types of transactions like ATM withdrawals, point of sale purchases and online transactions,” a bank manager added.
Sudden shift
Dhinesh Pandian, an honorary member of the National Cyber Defence Research Centre, said frauds involving OTPs, matrimony sites, EMI transactions, false promises on tax benefits and phishing cases were among the most common cases reported during the COVID-19 lockdown.
“It was a sudden shift to the virtual world for all business meetings and communication, and people were working from home. While working from home, people tend to use systems with no enterprise-level security,” Mr. Pandian said. This led to major breaches.
“People suddenly started using their office IDs from systems at home and this does not have adequate security to guard them against hackers. Many applications are not secure. This made information available online for misuse and led to phishing, scams, hacking, etc.,” he added.
Mr. Pandian urged people to use licensed versions of operating systems as they come with some protection.
Decentralising cybercrime units a game changer
In Chennai, Commissioner of Police Mahesh Kumar Aggarwal decentralised the cybercrime unit, which was earlier headquartered at the Central Crime Branch, to the police station level, making it easier for victims to lodge complaints. This emerged as a game changer because the time taken to start the investigation in various cases was reduced to less than 24 hours, enabling the police to stop payments by reaching out to the payment gateways.
In the last four months, the cybercrime units received 561 complaints related to various online frauds. Timely intervention of investigators helped in the recovery of ₹1.14 crore. However, the detection/recovery depends on how soon the complaint was given to the police. Earlier, people had to visit the Police Commissionerate, located in Vepery, to give petitions related to cyber offences.
The special cybercrime units, situated in 12 police districts across the city, have minimised the time taken to lodge complaints. Besides the city police being active and accessible on social media platforms, the video calling facility connecting the Police Commissioner and other senior officers, introduced during the COVID-19 lockdown, also helped victims of cyber offences in lodging complaints.
Cheating by impersonation after hacking social media or email accounts was also attempted during the COVID-19 pandemic, with suspects operating from other States sending mails/messages to friends/contacts of the account-holders, stating that they were stranded due to the lockdown and urgently needed money. The Facebook account of a few IPS officers, including that of Mr. Aggarwal, was hacked. The police blocked the fake accounts and even arrested the gang that was located in a north Indian State. The cases were detected even before any money was transferred to the suspects.
Terms explained
Vishing - Fraudsters try to seek personal information like customer IDs, net banking passwords, ATM card details, etc., through phone calls.
Sim Swap scam - This occurs when suspects manage to get a new SIM card issued against a registered mobile number fraudulently through a mobile service provider. They get one-time passwords (OTP) and other alerts on this SIM card to make financial transactions in a victim's bank account.
Phishing - Use of stolen personal information like customer IDs, iPINs and credit/debit card details by sending emails that appear to be from a legitimate source.
Spamming - This happens when someone receives unsolicited commercial messages sent via email, SMS, MMS and other such electronic messaging media. They may try to persuade the recipient to buy a product or service, or visit a website to purchases. They may also attempt to trick him/her into divulging bank account or credit card details.
Ransomware - This is a type of computer malware that encrypts files and storage media on communication devices like desktops, laptops, mobile phones, etc., holding data/information as hostage. The victim is asked to pay the demanded ransom to get his device decrypts.
Cybersquatting - An act of registering, trafficking in, or using a domain name with an intent to profit from the goodwill of a trademark belonging to someone else.
Pharming - A cyberattack aimed at redirecting a website’s traffic to another bogus website.
(With inputs from L. Srikrishna, S. Sundar and B. Tilak Chandar in Madurai and M. Soundariya Preetha in Coimbatore)
COMMents
SHARE