The coronavirus pandemic ushered in an era that has not only taken a toll on our health infrastructure but also laid bare some of the challenges in economic systems. The lockdown had a major impact on businesses around the world and many people lost jobs or took salary cuts.
Though economies have started opening up, the job market has not improved drastically. The overall environment continues to be uncertain. This in turn has resulted in an increase in cyber fraud and online scams in India.
According to a global survey by Microsoft, “Global Tech Support Scam Research”, India experienced a relatively high scam rate of 69% in 2021. Even in 2018, India had recorded a rate of 70%. Significantly, during the same period, there was a five-point drop globally, with a rate of 59% in 2021.
While the common perception is that senior citizens and middle-aged people are more vulnerable to online fraud, the survey revealed that millennials in India were more susceptible to online scams. The report notes that 58% of the people in this age group continued to engage with scammers and consequently suffered monetary loss.
Here are some of the most common scams that people have reported in the past year:
Phishing and email scams
These scams have been prevalent since the internet and email became mainstream. Sadly, they continue to be the most common scams. Over time, the scammers have changed their modus operandi, becoming smarter and continuing to fool people by offering giveaways and cash prizes.
A recent example was the fake link, circulated on WhatsApp, which said people were eligible for a free gift since it was the 20th anniversary of the LuLu Group. Those clicking on the link risked losing personal information or data from their mobile phones or laptops. Earlier this year, there were similar fake links claiming to be from e-commerce majors such as Amazon, Flipkart and Tata Motors.
Usually, these links are used to extract the personal data of individuals but in some cases, they also lure people into sharing their credit/debit card details and are used for unsolicited online transactions.
Another purpose of such fake links is to collect IP addresses, device details and browser details for illegal activities.
One of the biggest examples of this has been what television anchor Nidhi Razdan faced. She was offered a job as ‘Associate Professor of Journalism’ at Harvard University. She fell for it and quit her job, and was set to leave for the US when she realised that she had been a victim of a major, sophisticated and elaborate phishing attack. The perpetrators obtained access to Razdan’s personal data and communications and may have also gained access to her devices and her email/social media accounts.
A similar job scam was recently reported by a 39-year-old man from Pune. He was approached on a social media platform with a job offer. The scamster identified himself as Dr Toichi Takino and offered a job as a procurement official in India for a Japanese pharmaceutical company. Since it seemed a lucrative opportunity, the man accepted the job offer and even sent an email to the address provided by the accused to indicate his acceptance.
Under the heads of various charges along with the promise of 7% returns, the Pune resident was asked to invest Rs 28 lakh for three weeks but ended up losing the entire amount. He filed a complaint and an investigation is on.
Many people have also been duped in the name of getting their bank accounts or digital accounts KYC-compliant. KYC means Know Your Customer or Know Your Client and it is mandatory to have a KYC check when opening an account. Even existing account holders are required to furnish these details in order to continue operating their accounts.
There are misleading apps on Google PlayStore that claim to help in making your account KYC-compliant. However, on downloading, the app asks for a nominal fee such as Rs 10 to proceed. Many users have complained that on furnishing details, a large sum of money was deducted from their accounts.
Another common KYC scam via SMS has surfaced. People get messages that seem to be from a mobile network service provider or a bank to update their KYC and are tricked into revealing their bank details on the pretext of updating their details.
In a recent instance, a similar modus operandi was adopted over a voice call. A woman received a call, purportedly from Paytm. The caller offered to complete her KYC for her digital wallet. Being a doctor, she was hard-pressed for time but wanted to get the KYC done so she agreed. She was asked to scan a QR code that was sent over WhatsApp to pay Rs 10 for the KYC. However, she lost close to Rs 6 lakh in three transactions from her savings account and credit card.
It has also been observed that some scammers already have access to sensitive consumer data and use this to fool them. Such tricks have recently surfaced in the insurance sector. Fraudsters call or text consumers with details of an existing policy and claim that the policy is expiring or one will now have to pay an extra premium or get lower returns.
Basically, the scammers use any hook that will draw a person’s attention and make them believe that it is a bad choice to stick with the policy. Since the scammer has all the details of the policy, the person believes they are associated with the insurance company.
The criminals then explain how the person can get a better deal by liquidating the existing policy or investing in some other place. However, the aim is to defraud the policy holder and rob them of the sum invested in the policy.
People should not trust callers at face value and correspond with the insurance agent via the call centre or email. Further, one should never hand over the original policy bond, any policy related document or uncrossed cheques to anyone outside the insurance agency.
Many people have also been duped in the name of getting their bank accounts or digital accounts KYC-compliant.
Matrimony is a huge market in India. While socialising had to be curtailed during the pandemic, the marriage market was not so impacted. It has been found that people create fake profiles on matrimonial sites and, after gaining trust, dupe the other party.
A 32-year-old man from Bengaluru was a victim of one such scam. During the pandemic, he started to chat with a software engineer from the UK on a matrimonial app. She claimed that she was looking forward to returning to India.
After a few days of exchanging texts, the two decided to meet and the woman agreed to fly to Mumbai and meet him there. On reaching Mumbai, the man was told that the woman had run into some issues with customs and would be deported if a specific sum was not paid to them immediately.
She sought his help and promised to repay him as soon as she returned to the UK, as her accounts were temporarily seized or inaccessible. However, as soon as the money was transferred, her number and email address became unavailable. Even her profile on the matrimonial website was deleted. That was when the man realised he had been tricked.
Several such cases have been reported in the past 18 months of prospective grooms or brides being duped and losing a significant chunk of their or parents’ money.
Customer care fraud
Bank customer information is now vulnerable to a new fraud executed via social engineering using mobile numbers similar to toll-free numbers used by major banks.
Most toll-free numbers in the country start with codes like 800, 888, 844, 855, and so on with ‘1’ as a prefix. For instance, the toll-free number of Union Bank, which is 1800 208 2244.
A fraudster acquired a number similar to the toll-free number, except for the prefix. So, the number looked like 800 208 2244. Further, scammers even register these dubious numbers on mobile caller identification applications such as Truecaller.
The customer believes that they are getting a call from the bank and thus shares sensitive information that the scammers use to game the system.
Road to recovery
There are checks and balances being put in place to curb the number of online scams, to nab the culprits and also to provide relief to the duped party.
However, in India legal redressal takes time and sometimes considerable money and hence not all victims of online scams take the legal route. There have been a few recent judgments that have been pro-consumer and should encourage cybercrime victims to press charges and seek to recover their money.
Usually these links are used to extract personal data of individuals but in some cases, they also lure people into sharing their credit/debit card details.
The Allahabad High Court recently not only expressed concern over the spreading network of cyber thugs all over the country but also observed that these scamsters were eating into the country like termites. It added that they were also responsible for weakening the economic condition of the country.
The bench of Justice Shekhar Kumar Yadav also observed that it was necessary to fix accountability in such matters so that the money of the victims was not lost. The Court said that either banks whose customers had lost money should be held responsible or if it was found that there had been negligence in the police investigation, the police department should be held responsible.
The Court was hearing a case where money was fraudulently withdrawn from the bank account of a retired high court judge.
A similar case emerged when the Gondia District Consumer Disputes Redressal Commission directed the State Bank of India to refund Rs 18.71 lakh to a senior citizen couple, who had been tricked by a fraudster under the pretext of KYC rules.
The forum held that it was only after completing all formalities like Aadhaar verification, PAN card details, ID and valid address proof that an account is opened. It said banks had networks to help customers in cases where they lost money to online tricksters.
It pointed out that if a fraudulent transaction took place, the money was still in the system during working hours and banks could stop payments to protect a customer’s interests. Additionally, the bank could also identify the person who had fraudulently requested withdrawal.
Preventing online fraud
While there is a system in place for consumers to recover their money, it is a long haul. Not many are able to recover the full amount. Prevention is still the best recourse. Some things that consumers should always keep in mind is to never click on any link on social media, WhatsApp or emails that seem even slightly suspicious.
Sonit Jain, CEO of GajShield Infotech, says, “Emails that go directly into the spam folder in your email inbox need to be deleted. Such emails generally contain malicious website links that cause viruses and malware to get downloaded onto your device when you click on them.”
The other imperative is to never share personal data. Banks never ask for details such as CVV or transaction OTPs over a phone call.
Thirdly, banks never send links for updating KYC. One should be careful in providing documents for this process and they should only be given to authorised persons. Additionally, there are no charges that banks or mobile operators levy for KYC compliance, so if anyone claims to charge for this service it should automatically ring alarm bells and one should stop engaging with that person immediately.
Lastly, one should keep data protection tools on their devices updated.