It was the New Year’s eve and Noida-based Neha Chandra, a PR firm employee, travelled to Paris to welcome the New Year with full enthusiasm. However, things took an ugly turn when her wallet was stolen while travelling through the French city’s metro. Within few minutes, Chandra’s zest for the celebrations disappeared as she noticed sudden transactions through her debit and credit cards.
However, Chandra was quick to get both her cards blocked within 12 hours but she still suffered a whopping Rs 1.45 lakh loss of the hard-earned money. It has been one of the few isolated incidents since in most of the phishing and other online frauds, the fraudster asks for OTP or ATM pin. But in this case, the transactions were done without any passwords or pins.
Another case in point is Manish Chandra Bajpai, a resident of Eros Sampoornam Society in Greater Noida (West). Bajpai had opened a joint savings account with his wife. On January 25, his wife received messages of atleast eight to 10 transactions that siphoned off Rs 98,000 from the account.
Getting messages on your phone to get your KYC done are dime a dozen. It wasa routine day in November 2019 when a Gurugram-based MNC executive got a message on his phone to verify his KYC that was pending on a digital payment app.
Thinking nothing out of the ordinary, the Manish (name changed) clicked on the link that came with the message.
Much to his horror within a few minutes of doing this, he got a message from his bank that Rs 3 lakh had been debited from his account. Manish has linked his e-wallet with his bank account to make payments like electricity bill, telephone bill and to make other monthly expenditure.
In yet another case of KYC update, a Delhi-based manservant lost Rs 35,000 within minutes. He called the number that came on his phone. The person on the other line asked him to click on various links to verify his KYC. While he was on call, he found that his smartphone hanged and the connection with the person on the other line got disconnected.
In the next 15 minutes Rs 25,000 was deducted from one bank and Rs 9,500 from another. He tried calling the number on which he was speaking. While the phone kept ringing, nobody picked up at the other end. A case was filed wih Delhi cyber security cell. The matter was taken to the concerned banks as well. The result? The Delhi Police finally closed the case last month citing —no leads. The banks too proved their helplessness in the matter.
In yet another fraudulent incident, Greater Noida-based 25-year-old Rohan Nagar, was duped of 3305 dirham (Rs 64,000) on June 22, 2019.
“It was on the morning of June 22 that I saw a message stating that a transaction of Rs 64,000 was done through my credit card. The message was of 3 am. I was shocked and decided to reach out to my bank as the transaction was done without an OTP validation. The bank immediately filed my complaint and assured me that the money will be refunded as I was not the one at fault. I was informed that the my card was used to book an Oman Air ticket,” Nagar tells you.
Moreover, since it was a credit card fraud, the banks take full responsibilities of such frauds because its their money.
“The money was refunded back to my card within a few months,” Nagar says.
The fraudulent practice is so in trend that Netflix released a 10-episode web series — Jamtara: Sab Ka Number Ayega recently to throw light on the phishing scam or for that matter to increase awareness per se. The series is set against the backdrop of Jamtara, Jharkhand. The theme is the Cops VS Boys.
Cyber Law Expert Pavan Duggal says that cases of phishing, identity theft, cyber stalking and online harassment are more prominent these days.
“Phishing is happening on a large scale these days. Also trying to invade the privacy of others is common,” Duggal says.
Data shows that there has been 248 per cent rise in cyber complaints in Navi Mumbai in 2019, however the conviction rate is low.
“The conviction rate in our country is extremely poor. I was in India’s first Cyber Crime Council in 2003 and we thought that henceforth a new trend will start, but we were wrong. The reason is that most of the time the police is not equipped enough to detect cyber crimes. They are casual, they don’t collect relevant electronic evidence correctly in accordance to the provisions of the law and consequently they are not able to produce and prove it in the court of law. The Supreme Court has come up with strong parameters on electronic evidence that has to be duly followed. Most of the times, for a variety of reasons, these parameters are not followed. As a result, despite having the best evidence if it’s not appropriately collected, produced and proved as per the requirement of the Evidence Act, it is just waste paper basket material. Despite it being a straightforward conviction case, often judges have no option but to acquit the accused because of lack of effective electronic evidence,” Duggal says.
The are a lot of challenges in such cases and the need is to have capacity building amongst the police and other law enforcing agencies.
Since online shopping and going cashless has become a part and parcel of our daily lives, Duggal shares a few tips to avoid falling prey to online frauds.
“One, always shop online from a secure website. The site which begins with https. Doing transaction on a normal http website is unsafe, insecure and all your data gets exposed to various hackers and fraudsters. Two, before shopping from any independent website do some research about it on search engines to find out whether or not the site is verified and bonafied.
“Three, when you use your credit or debit cards make sure you don’t do transactions on public computers or networks. Using free wifi or public wifis is a bad idea since it is completely insecure and all the data that you save can be easily hacked.
Four, you must have transaction alerts services for both your credit and debit cards. Five, have lower limits for your credit cards. There is no point of having big limits because there are chances that it can be misused as it gives more exposure to hackers. Six, constantly check your account balance and transactions every two days. In case of any unauthorised transaction, immediately report it to the bank in writing. Reporting such incidents within 72 hours of the transaction is preferable and it allows you to take the benefit of zero liability. This benefit is granted by the Reserve Bank of India (RBI) to the consumers via a circular from July 6, 2017,” he tells you.
In cases of no OTP validation or password exchange, cloning of cards is used for frauds.
“Today, there are a lot of internal leakages of data in banks and other institutions. One may have his cards with his own self but because of leakage, hacking or cloning is cards, this misuse takes place and a person ends up losing money. This now happening frequently. The RBI has mandate all banks to fulfill various obligations of reasonable security practices to protect the confidential data. Despite this, you see that the Cosmos Bank being hit by Rs 93 crore loss because of cyber hack. Most of the banks don’t comply to these guidelines and invariably these cyber crime incidences take place,” Duggal says.
There are certain things that the customer knows yet turns a blind eye towards it.
“Giving your phone to someone else is the most common mistake that most of us make on a daily basis. Customers carelessly share confidential information on phone. Most people have the tendency of forgetting passwords so they save all their information on their phone forgetting that it is completely hackable. If only people will become more careful and keep an eye for details, these frauds are largely preventable,” he tells you.
Given the current situation, is it safe to get back to cash in the coming years?
“Digital payments are here to stay but they have to be handled with lot of care and caution. They cannot be taken for granted. If you are too casual or careless with your digital payments then it’s better to prefer cash payments. Also in today’s scenario once you lose money in digital transactions, trying to get it back becomes a huge challenge. Therefore, if you are not completely equipped with cyber security tools, it’s better to be on the safe side and use cash,” he tells you.
Karnika Seth, cyberlawyer and expert who has been handling cyber crime cases for a while now says that she gets a few queries of phishing and other frauds queries on a daily basis.
“There are a lot of queries pertaining to online frauds and data theft that we get over phone calls and in our mail box daily. So far we have been able to resolve quite a few of them. A recent case that we have handled was related to frauds using various online payments app. The modus operandi is different in different crimes,” she says.
In case of credit card frauds, recovering the money back is relatively easy due to availability of chargeback. However, in the case of debit card frauds, recovering money is a challenge.
“Recently we have sued a bank for unauthorised transactions in our client’s account. Our client was defrauded of lakhs of money. There were no alerts or messages sent to the client regarding the transactions. No two-step verification was done as well,” Seth tells you.
There are certain challenges while fighting such cases since the bank doesn’t give out full information of the client.
“When you are suing the bank, the bank will not like to reveal much information about the client’s account unless they are asked to. In such cases we have to rely on the client’s bank statement to show the fraud. If a fraud has happened from a far location, the banks don’t even share IP addresses and they don’t reveal much information about how the transaction has taken place. This is what the banks should do in order to resolve external cyber attacks. Also, it may be that an internal employee from the bank or some insider could have caused this, it depends on facts,” she says.
If a bank is not helping the customers in case of unauthorised transactions, Seth lists out a few steps that one can follow to get their money back.
“In such a scenario, a person can go to the banking ombudsman or file a complaint with the adjucating authority under the IT Act. This way he can claim the compensation amount, if he has the right to do that,” she tells you.
There are a lot that the people can do to prevent themselves from becoming a victim of online frauds.
“First, customers should always register for online alerts. Second, they should have strong banking passwords that are not easily predictable. Third, be vigilant with your bank statements. Fourth, whenever one is changing their mobile, all the confidential information including the saved passwords and account numbers should be deleted. Fifth, never open any fictious link that have been sent to you via a message and don’t download any unverified and suspicious app. These malicious apps can make your device fully accessible to the hackers who can steal all the financial information and passwords from your phone. Lastly, don’t attend to or entertain any calls that are trying to verify your personal data or are pretending to be an authorised professional from a bank or another organisations,” Seth tells you.
- India ranks third in terms of the highest number of internet users in the world after USA and China, the number has grown 6-fold between 2012-2017 with a compound annual growth rate of 44%.
- India secures a spot amongst the top 10 spam-sending countries in the world alongside USA
- India was ranked among the top five countries to be affected by cybercrime, according to a 2017 report by online security firm Symantec Corp.
- Almost 156 phishing emails are sent globally everyday.
- According to a CISCO Annual Cyber Security Report, 53% of all cyber attacks led to financial damages of more than $500K for organisations in 2018.
- According to a Quick Heal report, 1,852 cyber attacks hit India each minute last year. Mumbai and Delhi are the most affected.
- Almost 76% Indian businesses were hit by cyber attacks in 2018.
- About 91% cyber attacks begin with phishing.
- A study finds that there is a hacker attack every 39 seconds on average.
- About 43% of cyber attacks target small businesses.
- 95% of cybersecurity breaches are due to human error.
- Victims lost over $1.4 billion in online fraud in 2017.
- About 56% Indians were victims of discount scams, while 28.6% lost Rs 15,000-Rs 20,000 as a result of fake online retail sites, according to a survey released by McAfee in 2019.
- Of the three million identity theft and fraud reports received in 2018, 1.4 million were fraud-related, and 25 percent of those cases reported money was lost.