Technology

Cybercrime experts across India tell us how to pad up our online security

Whether you’re booking your next vacation, or indulging in holiday sales and offers, this season sees a surge in online activity. These cybercrime experts bust common misconceptions, and give tips on basic digital hygiene.

Online shopping, holiday-themed social media posts, last-minute getaway bookings, backing up data to the cloud — at this time of the year, online activity reaches a peak, and with this surge in activity come massive exchanges of personal and financial data over countless networks. Data has become more than binary information flowing through IT systems, it is a deeply personal asset holding information many people would not share with even their closest friends. So when that data, financial or otherwise, gets compromised, we often report to local cybercrime divisions to solve the situation and to tighten our systems.

For a bit of perspective, according to a December 10 survey titled ‘A Christmas Carol: Scam Edition’ by McAfee, 28.6% of Indians have lost between ₹15,000 to ₹20,000 as a result of fake online retail sites while 56.1% Indians have fallen victim to discount scams, by clicking on links that took them to a sketchy website. These numbers alone prove we need to up our digital IQ, not just for the holiday season but for the foreseeable future.

Here are what some of the country’s cybercrime experts recommend:

Have a merry (and safe) vacation

Shashank Sai, Superintendent of Police at Cyber Crimes Division in Chennai

During the holiday season, there is a general spurt in online bookings, people visiting travel websites, making hotel reservations… So the chances of people being cheated also increase.

How does one know if the website can be trusted?

Once you make a travel reservation, check how the payment is being processed. The website takes you to a payment gateway — make sure that it says ‘https’, as opposed to just ‘http’. The green padlock next to it means your communication is encrypted. There are also online applications, such as Norton Safe Web, Kaspersky, Avast and McAfee that run on your browser and tell you whether a website is safe or not.

Make a policy of not sharing your OTP with any third party. Some agents request you to share OTP to make a payment on your behalf; do not allow this to happen. It is also generally advised to not let any app talk to your messaging service. After a reservation is made, call the travel website or the hotel and confirm. If it is not confirmed, call your bank and ask them to block the transaction, and report it as fraud.

There is always a window of 30 to 45 minutes for the transaction to be authenticated. Once you report the fraud, the onus is on the bank to keep the money safe.

In case you miss that window, inform your bank nevertheless. Though the money might have been credited into the account through which the transaction has been routed, it might not have been withdrawn. Bank-to-bank communication will make sure that the transaction is kept in abeyance and the money is not withdrawn.

At the same time, communicate to the police as well, so there is always the second channel of the police talking to the banks, and freezing the account. Some credit card companies offer fraud insurance, check if yours does. Always cap your credit card’s spending limit.

While on a holiday, avoid using public/free wifi — even in airports, hotels, and cafés. Anyone can access whatever you are browsing, the applications you are usingtalking to, your passwords, and transactions — all these can be easily decoded.

As told to Sweta Akundi, Chennai

Can you be insured?

Pavan Duggal, advocate at the Supreme Court of India, and a leading expert in cyberlaw

Cybersecurity is now a societal, legal, and mindset issue. This is ultimately a human issue, because it is not just the security of your data and networks, but it is intrinsically linked to your personal self. If your personal data is insecure, then digital-present and -future can all be compromised. It needs to be given far more significance than it is being given now.

Cybercrime experts across India tell us how to pad up our online security

We also need to have a radical shift in how we educate our children on cybersecurity — we need to start talking about it from Class I, especially since we are giving children devices from a very young age, without exposing them to the details and nuances of security online, cyber-criminals, and both state as well as non-state actors.

Insurance against cybercrimes is a very nascent phenomenon in India, mostly because the method of risk calculation for cybersecurity in the Indian context hasn’t yet been well-developed. Under the new Data Protection Bill 2019, companies will now be exposed to compensation of ₹15 crores in case they are found negligent while processing and storing personal data. [Consequently] I see a far bigger fillip for the growth of cyber-insurance. Otherwise, it is being seen more as a luxury and not as a necessity.

Some tips for cloud data storage? The cloud isn’t permanent. It’s a bad plan if you blindly upload your data to the cloud without local backups. You should also be sensitive to put only certain kinds of data on the cloud. No trade secrets, personal photos of intimate moments, for instance. Always re-visit what you have on the cloud. Your primary mantra should be that these should only be things that are relevant for day-to-day use.

Incoming in 2020

People seem to have forgotten about ransomware since the [WannaCry] 2017 attack [during which Microsoft Windows-equipped computers were targetted by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency]... It is coming back in a big way in 2020. One estimate suggests that in 2020, [ransomware] is going to be quadrupled in the health and medical sectors.

Experts are also saying that passwords are going to be passé with advancements in quantum computing. This new decade will be the most life- and game-changing decade of human civilisation in the sense that the developments that this decade will see will outstrip anything that has happened earlier. Artificial Intelligence (AI), Internet of Things, and Blockchain will all change the way we think, perceive, and do business online. AI’s rapid pace, along with Big Data and data mining, will mark a sea-change.

As told to Vangmayi Parakala, Delhi

Offline is not the answer

Gautam Kumawat, professional hacker and cybersecurity expert in Mumbai

One really needs to know the URL of the sites they visit. Sometimes, for example, what we may recognise as Flipkart’s website may not be Flipkart at all. It could be spelled ‘Flipcart’ or the URL could be ‘Flipkart.shop.in.’ Always read the links because once you make transactions on these phishing websites, your financial data can be severely compromised. You can even get locked out of your own bank account!

Cybercrime experts across India tell us how to pad up our online security

Does having no data connection mean you can be immune from cybercrime? Not necessarily, especially in the times we are in now. Most of what we do requires a data connection. The only option here is to make sure you have strong firewalls set up, passwords changed every two weeks, up-to-date anti-virus protections and even cyber-insurance which I’m seeing more people invest in.

As told to Divya Kala Bhavani, Hyderabad

Do not stop at anti-virus

Mirza Faizan Asad, cybersecurity and law consultant in Bengaluru

Whenever you install an application on your phone, you are asked for permissions and authentication; once you say ‘yes’ to everything, then all your data will be with [third party app owners and/or offenders]. There won’t be any privacy or security.

There are some internal settings with which we can restrict these third-party apps’ access to our data. But not all phones have these settings and not many people know of these settings. Most data taken from you will be used for advertising.

Cybercrime experts across India tell us how to pad up our online security

For example, if you are searching for something, you will immediately get an ad about that. But there might also be spy software, which can use your data for criminal activities. Let’s say, if they get pictures of your Aadhar or PAN card, then they can create fake identities, use it to get SIM cards, etc.

And, just by installing an anti-virus software, we are not fully protected. Internet Service Providers also need to secure their servers. Our law enforcement agencies like the police have very little knowledge of cybersecurity issues like hacking. Even if you need to register a complaint, you might have to go from one police station to another.

When dealing with cybercrime, you need to be very fast, especially in cases of e-banking and online payment apps.

Recently, I was presenting a case to the consumer forum. It had something to do with Bitcoin. But they didn’t understand what Bitcoins were and asked to take the case to another court. So, even our judges have to understand cybersecurity.

As told to Praveen Sudevan, Bengaluru

Unsolicited click-bait

Subash Babu, Kerala State Head of the National Cyber Defence Research Centre (NCDRC) and director of cybersecurity firm Appin Technology Lab in Thiruvananthapuram

Social media users become more vulnerable to cyber crimes during festival seasons due to a spurt in unsolicited click-bait that claims to offer inviting discounts and markdowns. Such promotions often start on social media where users are bombarded with advertisements. They appear as trustworthy links, but may be phishing sites. Hence, always verify the authenticity of the URL. It’s sometimes difficult for an ordinary netizen to differentiate between an authentic site and a copycat phishing one. Some phishing sites even masquerade as government sites.

Subash Babu

Subash Babu   | Photo Credit: Special Arrangement

Do not to use mobile phones to open bank pages. If the phone is already comprised, hackers can steal both the data as well as the One Time Password requested to carry out a financial transaction. Always secure a two-step authentication for payment gateways. Never share your OTP or UPI (Unified Payments Interface) pin number with anyone, no banks ask for it. However, secure apps offered by the respective bank are safer. It’s advisable to go for software updates on time and refrain from installing unwanted or potentially malicious apps.

Avoid the suspect

Dhanya Menon, India’s first woman cybercrime investigator. She runs Avanzo Cyber Security Solutions in Thrissur

Many are not even aware of what comes under cyber crimes and greater sensitisation is required. Cyber criminals have the mechanism to know what kind of online activities peak at this time of the year and can monitor your personal shopping behaviour, creating faux sites or links as traps. Don’t open suspect links for shopping and only log in to authentic shopping websites directly.

Dhanya Menon

Dhanya Menon   | Photo Credit: KK Mustafah

Also, it’s better not to do a financial transaction from public or shared systems and never share your financial details. Sometimes, we witness mismatches occurring with bookings for hotel rooms. There have been plenty of instances reported for multiple bookings for the same room and you realise this only when you reach the place. It’s better to make a phone call and check with the hotel directly before you finalise your travel plans.

As told to Harikumar JS, Thiruvananthapuram

‘Terrible master, wonderful slave’

Ananth Prabhu G, cybersecurity expert and the author of e-booklet ‘Cyber Safe Girl — Beti Ko Bachao, Cyber Crime Se (Save Your Daughter from Cyber Crimes)’

When it comes to cybersecurity, most of us are in the ‘denial’ or the ‘bulletproof’ mode. Denial, because we believe that we will never get hacked and bulletproof because we are confident that our devices are secure and not prone to any attack. This mindset should change. Even today, a majority of Internet users fail to install anti-virus software and use operating systems that are not genuine.

Unless your password is of 10 characters with a combination of upper case and lower case alphabets, symbols and numbers, and changed every six months, it is not safe.

Threats are not spread only via the Internet. There are offline threats as well, that can cause considerable damage. You also cannot get to know if your system is hacked. Most of the attacks are discreet and unless a thorough scan is done, it is impossible to detect them.

Cybercrime experts across India tell us how to pad up our online security

Cybersecurity is not just a technology issue. The reality is that there is no miracle solution or cure to cyber-attacks. You cannot stop them from happening. But, you can be proactive to defend yourself and stay resilient. The goal is to have systems in place that empower you to react quickly in case there is a cyber-attack, and mitigate it before it wreaks havoc. A teenage girl used her phone without installing any anti-virus. When she downloaded a file with malware, it switched on and off the front and back cameras of her phones without her consent. Then, uploaded her photos and videos to a hacker. Many phone/computer users are unaware about how their devices are compromised and they are subjected to snooping on a regular basis.

The Internet is a dangerous place. There is no dearth of scams, malware, hacks and more. Now, we have IoT (Internet of Things), where almost every device is connected to the Internet. It is our responsibility to use Internet wisely, as it could be as terrible a master as it can be a wonderful slave.

Cybersecurity insurance safeguards online users from damage and losses that arise due to unauthorised disclosure of personal and financial data. Apart from financial cover, it will also give them the umbrella to prevent psychological stress that arises due to hacking of sensitive data.

There is nothing that is hack-proof or 100% per cent secure, says the cybersecurity expert. “My guru, ADGP and Police IT chief of Karnataka, Sanjay Sahay, IPS says, hacking is the new normal. It is our duty to make sure that the app or software we download is always from a trusted place. Also, they should be regularly updated as the developers plug loopholes via updates. It is advisable to buy devices at an authorised showroom and get them serviced only at an authorised service centre.

Final tips from Ananth:

- Never use the same password for all your accounts. Turn off safe password feature on the browser.

- If you are using Wi-Fi, secure it with a password. Preferably WPA2 or WPA3. Do not use public Wi-Fi.

- Be selective about what you share. Especially, your personal information. Do not check in at the places you visit — you could make it easy for stalkers to find you!

- Secure your digital devices with anti-virus software and update regularly, along with Operating System and other apps.

- Use a separate bank account for internet banking and online shopping. Do not keep more than ₹5000. Refill only when necessary.

- Back up your data regularly on a network attached storage device or cloud.

- Stay safe online. Turn off Bluetooth / GPS when not in use. Use two factor authentication wherever possible.

- Use Virtual Private Network (VPN) if you are using a public network. Here is our explainer of a VPN.

- If you have been a victim of cyber crime, report it immediately to the nearest police station. Inform your banks to freeze your accounts. Deactivate debit/credit cards.

- Avoid meeting strangers you encounter online. And do not send them any money!

As told to K Jeshi, Coimbatore

(Contributors: Divya Kala Bhavani, Praveen Sudevan, Sweta Akundi, Harikumar J S, Vangmayi Parakala)

Why you should pay for quality journalism - Click to know more

Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Feb 26, 2020 5:35:52 PM | https://www.thehindu.com/sci-tech/technology/december-2019-tips-from-india-cybercrime-experts-on-security-social-media-phishing-privacy/article30379212.ece

Next Story