The RBI’s recent report stated that Indians suffered a loss of Rs 219.73 crore since 2011 through ATM, debit & net banking fraud. Out of the 2,464 cases of hacking and other cyber crimes that were registered during 2012, only 749 persons were arrested but later released on bail. Since 1995, only seven digital fraud cases have got conviction. SANGEETA YADAV speaks to consultants who say that this is just the beginning and the lack of advanced technology to monitor these newage crimes mean that cyber fraud is coming of age in India
An importer of bearing rings in Rajasthan places an order for the same with a company in China. All is well and the deal is signed, money transferred and goods received on time. A deal was struck with the said Chinese company that for all future imports. Last year, an order of Rs 32 lakh was placed. A few days later, the importer received a mail alert that since the company’ mail ID had been hacked into, it was advisable that for all future correspondence calls and mail be sent to the new IDs given. This time round however, the Chinese company said that they wanted the full payment in advance.
The importer transferred the money in the account mentioned not suspecting any foul play. But when the goods didn’t arrive on time, the Jaipur-based businessman got worried. After repeated attempts to call the new number mentioned in the mail and getting no answer, he decided to call on the old number. It was then that he realised that it was his mail ID that had been hacked into and he was a victim of online fraud. He never recovered his money.
Cases like this are dime a dozen in India. A fact that has been collaborated by the recent report by Reserve Bank Of India which says that Indian has suffered a total loss of Rs 219.73 crore since 2011 through ATM, debit and net banking fraud. In 2013, 6,034 cases of net banking/credit/debit card scam were registered in 2013 alone. As many as 24,882 cases were registered by the RBI and CBI. In a country like India where crackdown on cyber crime is still negligible and a large percentage of Indians access social network sites (61 per cent), shop online (44 per cent) and access their bank account (42 per cent) through a public or unsecure Wi-Fi network, it isn’t surprising that the number of cyber crime cases are on the rise.
“Cyber crime is a very general term. There are many forms of crime that take place on the digital platform. Blackmailing (ransomware), hacking into bank accounts and email to spear-phishing, the list is endless,” Mukesh Choudhary, cyber crime consultant in Jaipur says.
Recalling a case that he recently solved, Choudhary tells you that blackmailing over Facebook (FB) is something that is trending.
“A girl, who had accepted a friend request on FB, came to me saying that she was being blackmailed. The man who she had been chatting with had convinced her to do a striptease for him every day. Sitting in Pakistan, (once the investigation was done and IP address found), the man was making money by selling the clip there. It’s unfortunate that 70 per cent of FB users don’t know how to safeguard themselves. This means that there is delay in cracking the case,” Choudhary explains adding that another reason why the conviction is negligible is because the people in the cyber crime cell aren’t equipped to deal with such crimes. “They aren’t BTech or MTechs. Nor do they know the way to be a step ahead of the hackers. Hence, the criminal gets away quickly,” Choudhary states.
With the rising trend of e-commerce and online banking and shopping in India, people have become more vulnerable to frauds.
“Dealing with cyber crime will be a challenge in the coming years. The year 2013 saw a whopping rise in the incidents of ATM and credit card frauds. Cases like forgery of signature to stealing confidential information of credit or debit card through petrol pumps or restaurant staffs, are the major cause for rise in net banking crime. Because of the high level of penetration and primitive security, the criminals get away easily after hood-winking the target. We need to use intelligent mechanism to catch hold of them,” Pawan Duggal, lawyer and cyber crime expert tells you.
It’s a game of cat and mouse. The cyber cell unit has to be always a step ahead by thinking how a cyber criminal thinks so that they can be caught.
“We aren’t advanced in terms of having updated technology and appropriate tools to search for digital evidence from the hard drive and other electronic gadgets. The ways of committing cyber crime is constantly innovating and therefore, there is an urgent need to have trained people. This requires budget, political will and dedication,” Duggal says.
A case in point here is that of 32-year-old Rahul Verma (name changed) who was shocked to find his bank account with zero balance. All his hard earned money — Rs 2 lakh — had vanished. The police investigation revealed a bank employee’s friend had hacked into the account and replaced Ramesh’s scanned signature in the bank’s system with a forged one. When the cyber official took up the case and caught hold of the suspect, they were unable to come up with irrefutable digital evidence to prove his crime. They sent the suspect’s desktop and other equipment to the Hyderabad forensic science laboratory, which took a while to submit a report. The suspect, meanwhile, had ample time to apply for anticipatory bail and prepare for a protracted legal battle. This means that identity theft is becoming more and more common in India.
“In recent times, there has been an alarming spurt in identity stealing. One can fall prey to crimes like shopping online; swiping debit or credit cards; when the wallet or purse gets stolen; while opening an e-mail sent by an unknown sender; while dumping torn or crumpled bill statements into the trash etc,” Kabita Das, general manager-ISP division, Paharpur Business Centre tells you.
The fact that the cyber cell units are late in responding to the complaints filed means that people like Bimla Devi find themselves denied of justice. On September 8, 2013, Devi retired from Punjab Government’s Social Security department in 2011, received an alert on her mobile regarding a debit of Rs 30,990 and Rs 15,699 from a renowned online shopping portal. She immediately filed a complaint with nearest police station. It took over 10 days for the complaint to reach cyber cell, giving enough time for the accused to remove all the evidence. For the next three months, the cyber cell crime unit of Chandigarh Police sat on the complaint without filing an FIR.
In sheer desperation, Devi conducted a probe on her own and found that the money was used to buy an laptop and smartphone. When she requested the online portal to give the details, the website refused. Later, Devi got to know that the transactions were made by a labourer with the same name. She handed over the evidence to the police and the investigation is still on. A similar case was reported by a resident of Sector 34 (Chandigarh) lost Rs 83,000 in an online fraud. The investigation is on — it has been more than five months — enough time for the fraudster to wipe the slate clean.
“Probe in cyber crime takes time as we have to take permission from various authorities and follow a certain procedure. The biggest challenge to catch hold of the criminals is when the service provider doesn’t corporate with us. Private banks take time to get approval from their headquarter. Another challenge is the lack control an account holder has on the bank details. They should make sure that the account holder come in person to verify the signatures and to get the online transaction details. Criminals, on the other hand, play safe by not only hiding their physical addresses but use fake Internet Protocol address for illegal transactions. The physical addresses given to banks are fake and doesn’t match to the address given to Internet service providers or shopping portals,” Delhi Police’s Cyber Crime officer tells you.
Agrees Choudhary. Giving fake IDs is very common when it comes to bank frauds.
“There are cases where calls are made to individuals with offers — ‘I will give you Rs 20,000 for every one lakh transaction. Please let us use your bank for making transactions. We are new to this city we don’t have any ID proof. Unfortunately, people in our country are always looking for ways to make quick money. What people don’t realise is that they are opening themselves to all kind of fraudulence. In the end for any criminal activity that involves their bank, they are the ones to be caught and not the perpetrator. Individuals must understand that nothing comes for free,” Choudhary says.
According to the Norton Report 2013, India is among the world’s top five countries impacted by ransomware, identity theft and phishing incidences and nearly 60 per cent of cyber threats in India are targeted attacks at individuals and increasing from $192 2012 year to $207 in 2013. Ransomware was more prevalent in Russia with about 2.5 lakh unique ransomware samples had been collected during the first quarter of 2013 alone. The report also said that Internet frauds through ransomware and spear-phishing have cost India a whopping Rs 24,630 crore in 2013. Such high vulnerability of Indian consumers towards these forms of cyber crime is an indicator that cyber-attacks have become more refined wherein attackers research their victims well, exploit their emotions, and employ sophisticated techniques to exclusively tailor-make cyber threats. Moreover, the surge in usage of social media, mobile Internet, e-commerce etc has further expanded avenues for cyber criminals to dupe users.
“Ransomware was so rampant in India last year that Norton named it as the ransomeware capital of Asia-Pacific region. These are innovative methods to seek money from the target. The criminals hack into the individual’s computer and send a threat that unless a certain amount is not transferred in to a said account, the target’s entire mail history and data will be wiped clean. The victim has no option but to pay up. To prevent this, password should be strong—it should be alpha-numeric. Avoid saving personal information or documents. People should follow cyber hygiene and other methods to protect themselves from getting trapped in any form of cyber crime,” Duggal says.
“As Internet is becoming essential for dynamic needs of businesses and individuals, it’s also in-turn expanding the universe for cyber criminals. Coupled with broadband penetration and smartphone adoption, users in emerging Indian cities are also exploring the web, creating additional lucrative pool of targets for cyber criminals to exploit. Cyber crime has moved beyond its conventional definition and become more intuitive and financially motivated,” Ritesh Chopra, country manager, Norton by Symantec says.
Then there is spear-phishing which comes from the trusted senders like online shopping portal or newsletter of some organisation. A link is sent in the form of a mail or an attachment where it says that a relative is ill. The minute the person clicks on the mail, all the data is available to the criminal.
“To avoid spear-phishing, one should never click on a link from an unknown sender. Emails saying ‘update your password’ should be avoided,” Duggal tells you.
Experts say that people have to follow some safety practices. One has to secure the wireless network. Though some information like the credit or debit card number is encrypted, several websites do not encrypt login information and tend to help the hacker get information about a person only with the help of names of the websites. By adding a password to the wireless network, one can protect his or her identity from getting cloned or stolen.
“E-mail scams and hoax websites are designed cleverly so that the viewer or the visitor gets tricked and discloses personal information such as credit card number, e-mail password, account details etc. Only antivirus isn’t enough to prevent online fraud. One should download software from reputed and trustworthy websites. One must do online shopping from reputed websites. A unique password for each website you visit frequently is another safe way to avoid online fraudulent. Avoid giving too much information on social media sites,” Kabita says.
Cyber crime consultants say that this is just the beginning as far as online fraud is concerned. It’s no longer originating in Nigeria. Criminals in India have caught on to the modus operandi used by Nigerians and have come up with their own lethal cocktail of crime — using websites that cyber cell units have never heard of like libertyreserve.com.
Another problem is that that IT Act 2000, that was amended in 2008, is very generic. After the amendment, all cyber crimes have become bailable offence. By the time, cyber cell team work towards getting evidence, the accused is out on bail and destroys the evidence. In the last 18 years, only seven cyber crime cases have got conviction. This has created a disillusion in the mind of the people that there is no way that the law or the police authorities can do. Cases where women are being blackmailed, the fear of embarrassment keeps them quiet. Out of every 500 cases, 50 get reported, out of which only one gets registered as an FIR.
“It is a ratio of 1:500 when it comes to FIRs. It’s the overall apathy of the system. IT Act is incompliable. I would say it’s a toothless wonder,” Duggal says.
- The first step to prevent cyber crime is making people aware of the consequences of cyber crime. Making them understand different tactics of hacking like phishing, social engineering or packet sniffing
- Ensure that one installs efficient antivirus software that will prevent the browser from opening untrustworthy websites
- While shopping online, ensure shopping from secured and reliable sites only
- Observe that the URL of the retailer’s website will change from http:// to https. ‘S’ here resembles secured connectivity. Ensure that the icon or the symbol of locked padlock or unbroken key is displaying in the browser
- With the help of advanced e-mail or cloud computing service, one can implement two-step verification code in which a temporary verification code is sent to the registered number. Without this code, a hacker can’t access the e-mail accounts and hack it
- Pop-ups bring malevolent software with them, try to ignore them to the maximum extent. The software starts downloading, once we allow such perilous pop-ups. And these may contain malcode that may result in any kind of cyber crime
- Avoid saving card details on websites like online phone and internet recharge websites
- Don’t click on an e-mail or an attachment sent by an unknown user as it can be a spam to protect your internet connection
(The article appeared in The Pioneer Newspaper- http://www.dailypioneer.com/sunday-edition/sunday-pioneer/investigation/web-attack.html).