As incidents of cyber crime and ransom-ware attacks rise in the city, there is a clarion call from the police and administration regarding customised plans to combat the growing menace.
Keeping in mind the season of festivals including Durga Puja, Muharram, Lakshmi Puja and Deepavali, followed by the Fifa Under-17 World Cup football, there is an urgent need to focus on the safety of commoners. A lot of people go for vacations during this time of the year too. Several of them post their plans/travel schedules/updates on social media. This information could be misused by those who wish to cause harm. Considering the gravity of the situation, Kolkata Police have come up with a number of directives to keep the people of this city safe. From avoiding social media updates and posts, using strong, effective passwords containing alpha-numeric/special characters to opting for two-factor authentication for social media sites, it is important to keep these simple measures in mind.
Kolkata Police also recommend using passwords on phones, being selective about friend requests, clicking links cautiously, being careful about what one shares on the Internet, not revealing sensitive personal information like home address, financial/banking information, phone number etc.
Cops also suggest importance of becoming familiar with the privacy policies of social media channels and customize the privacy settings to control who sees what. They also stress on protecting computers by installing latest antivirus software for safety and ensure that the browser, operating system, and software are up to date. It is also important to log off one’s account/system when he/she is done.
These days, online shopping through various portals have gained much ground as it is very easy to access large number of products, lucrative offers from companies at the click of a mouse. For hazard-free and safe online shopping, cops recommend measures like before going for online shopping, make sure the PC is secured with all core protections like an antivirus, anti-spyware with the trusted sites. One should always go for purchase of “trusted” products like Amazon “Fulfilled”, Flipkart “Assured”, Snapdeal “Gold” etc. are marked on the shopping sites clearly. If you are not aware or confident of card/online payment options, it is better to opt for COD (Cash On Delivery). It is always safe to make as mall research about the sites elected for online shopping. Fraudsters make look alike fake websites to attract buyers. One can also search for different websites and compare the prices. It is important to check the reviews of consumers and media about any website or merchant before considering purchase/payment. A secured site’s URL will begin with “https” and not “http”. A secure site will have a padlock symbol on the browser address bar or at the status bar and after checking all of these, it is better to proceed with financial transactions. After the transaction gets over, it is important to take a print or screenshot of the transaction records and details of product like price, confirmation receipt, terms and conditions of the sale etc. credit/debit card statements should be checked immediately to confirm that the charges he/she paid are same. If there is any discrepancy/difference concerned authorities should be informed immediately. Post transaction, all the web browser cookies should be cleared and the PC should be turned off since spammers and phishers would be looking for the system connected to the Internet. They can try to send spame-mails and attempt to install malicious software that may collect his/her personal information. It is necessary to be cautious about mails like “please confirm your payment, purchase and account details for the product you purchased.” Remember legitimate companies never ask for such information. If you receive such e-mails, immediately call the vendor company and inform them.
For parents handling social media and online gaming, you’re your kids against falling for unwanted pop-ups to win free gifts by simply clicking on the link or submitting personal details like full name and phone number/e-mail ids. Always make sure that the content of the photo that your child wants to share online via social sites/e-mail is correct. Set rules for the cell phone, only allowing usage at certain hours, for example in the evening or after homework. It is important to tell your kids about the dangers of social media. There are several issues arising from online gaming. When you try to talk to your child they will constantly talk about their success with online gaming. They always make it the centre of conversation. You may also notice a decline in your child’s personal hygiene because they don’t want to spend one minute to do something else apart from the game, like attending to personal hygiene. If your child spends a lot of time on online gaming, then if you try to stop them from playing, they may even resort to violence. Daily activities may become too monotonous you’re your child and he may also begin to get poor grades in school and become more reclusive. If your child gets addicted to online games then he/she will sacrifice everything. He/she may not want to attend school, not sleep and miss meals for the sake of online gaming.
Another precautionary area is while handling credit/debit cards. Do not disclose card details viz. Card number, expiry date, CVV, ATM PIN, OTP (Onetime password) to anybody, not even to the banker. Banks never ask for card numbers or OTPs. Do not write the ATM PIN on the debit/credit card and it is always good to memorise the same.
If you have more the one debit card try to use one ATM PIN for all of them so that it can be easily remembered.
After certain intervals, ATM PINs should be changed. Try to avail ATM counters with guards from the banks; an unmanned ATM Kiosk may put you in some unwanted trouble.
Do not allow any one when you are operating inside the ATM counter. When you leave the counter, please check your ATM card properly. When you face any incomplete transaction inside the ATM counter do not leave the ATM, instead inform the same to the guard or call your home branch immediately.
Do not hand over you debit/credit cards for making payments in restaurants, shopping malls or other places. You should use it by yourself and when you enter card PIN please cover it with your hands.
When you are in ATM counters and come across any suspicious things viz. any alteration in key board or in swiping panel or camera, you should leave the same and inform the police. If you forget to register your mobile no with your bank, please do it immediately and that will help you to get notifications from the bank time to time.
Do not provide any personal details or any sorts to unknown callers. Do not respond to calls or texts or email seeking card details or OTPs. Do not panic if someone tells you that your account/card has been blocked. Check immediately with the branch. For internet banking, always try to use personal set ups, cyber cafes may be quite vulnerable. First confirm that the bank apps which you are using is authenticated since there are several look alike apps available. Always log off and close your browser after completion of your online transactions. Report your lost or stolen card to your bank immediately.
On the basis of a victim’s complaint, a case was recorded and investigated by BFS DD under order of Jt. CP (Crime).
The accused persons had managed to obtain the victim’s User ID and password of online banking. In the process of doing so the fraudsters submitted forged documents to the mobile company for de-activating the registered mobile number with the bank for receiving the OTP (One Time Password) to them for the purpose of online transactions and without verifying the same mobile number, the company had replaced and issued a new SIM card with the same number to the fraudsters.
After that, amounts from the victim’s account were transferred and funds credited to 6 different bank accounts all over the country including Bhopal, Jamshedpur, New Delhi, Baruipur and in Kolkata respectively.
In this manner, around Rs.34.75 lakh was misappropriated amounting to cheating and causing wrongful loss on part of the complainant and wrongful gain on the part of the accused persons which is punishable u/s120B/419/420/467/468/471IPC.
In course of the investigation, it was found that the victim used an unsecured site for bill payments of his post-paid mobile number and in doing so he opened some links consisting trozan— a virus which can do work like key loggers and when the victim operated his online banking system, this virus monitored his database like User id, password and Domain ID. This was an example of interstate forgery racket and a well organised one that was spread across various parts of India. All the accounts into which the fund was settled were found fictitious.
In course of investigation, many mobile numbers could be collected from the beneficiary account holders of different banks and it was learnt that all the numbers had been acquired against false documents. After continuous tracking, arrests were made from Baruipur, Burrabazar, New Market and Howrah. From them, details about a mastermind who was arrested from Jamshedpur.
From his house, huge amounts of fake documents were seized. Most of them had been used to open the beneficiary accounts in this case and even accomplices were engaged. They were arrested from Howrah and confessed to the crime. Altogether 13 persons were arrested in this case.
Leading From The Front
According to the Indian Computer Emergency Response Team (CERT-In), 27,482 cases of cyber crime were reported from January to June all over India. The country is riding a wave of digitization and we constantly putting in our best efforts and also critical infrastructure to predict and prevent cyber crimes.
Financial cyber crime in India has been steadily increasing over the years. For the year 2015-16, the Reserve Bank of India (RBI) reported 16,468 cyber crimes related to ATM, debit card, credit card and netbanking frauds. The number of frauds reported by the RBI were 13,083 in the year 2014-15 and 9,500 in the year 2013-14.
Though the challenges are infinite, but we are working as a team to crush the threat of cyber crime.
Written jointly by Cyber Crime Wing & Bank Fraud Department
Predominant Cyber Threats In India
Cyber threats are already challenging public trust and confidence in global institutions,governance and norms, while imposing costs on the global economies.
The world bought more than 1.5 billion smartphones in 2016, up 10 percent from units sold in the previous year. At the same time, high-end phones and tablets have powerful processors and with 4G network, they have high-bandwidth connectivity. In India, the average cost for a smartphone has also gone down drastically and with the mobile data war amongst the service providers, it has become all the more easy to get a smartphone with decent internet connectivity. Nowadays, a handheld computer i.e. smartphone is in the pocket of a commoner and that has become a gateway for cyber criminals. India witnessed more than 27,000 large scale cyber security threat incidents in the first half of 2017 as per the computer emergency response team, India.
Here’s a look at some current cyber crime threats in India:
In layman’s words, Ransomware is malware that infects your computer, locks it and demands payment for unlocking it. Ransomware attacks have become a billion-dollar business for cyber criminals and are on the rise for individuals and institutions alike. India’s Computer Emergency Response Team (CERT) had recently issued a new warning for Locky ransomware which was on the rise in India. This was the third major attack in the cyber space in recent times following WannaCry and the Petya Ransomwares.
The future of ransomware does not offer any good news, as analysis shows new tactics and advancements by perpetrators.
2. Social media, scams and email threats
• Blue Whale Challenge
This social media challenge is harmful to vulnerable juveniles and young adults and is a form of cyber-bullying. After youth accepts the link or tag to the Blue Whale Challenge, the group administrator hacks the user’s personal information, remotely installs bug on the phone and assigns the users a series of tasks for over 50 days. The last task for the user is to kill himself/herself. In the recent times, India has seen fair share of Blue Whale Challenge victims.
Sextortion is a form of sexual exploitation that employs non-physical forms of coercion by threatening to release sexual images or information to extort monetary or sexual favours from the victim.
The groups create online accounts of females and post pictures of attractive ladies to draw clients. They would then post pornographic images and entice their victims to have video chats with them, usually with lewd content and conversation. Once they obtain the incriminating videos, the groups would threaten to send the video chats to the victim’s friends or relatives unless they send money.
Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by deceptive means in an electronic communication. It can also be termed as the oldest trick in the books of cyber criminals. Over a period of time, I have realised that being educated has less to do with avoiding or identifying these perpetrators from scamming you, but it has more to do with how vigilant and greedy you are.
• Data breach and Privacy
As an Indian, I have noticed that we do not give much importance to our personal information. Specially in this information age, where our personal information has monetary value in the market and the same information is susceptible to misuse. The Supreme Court of India has recently passed a judgment in this regard declaring ‘Right to Privacy’ to be a Fundamental Right guaranteed by the Constitution of India. Moreover, our Aadhaar information is being linked and shared everywhere. It will only be logical now for the government to come up with a new data protection and privacy law to protect citizens’ personal information.
3. Internet of things (IoT)
IoT is the inter-networking of physical objects which enable them to interact with each other through the internet. With more and more interconnected devices, there is that much exchange of information across these devices. IoT is expected to process and store large volumes of data which will be passed back and forth through connected devices which leaves a door wide open for privacy and security risks and single point vulnerability of multiple systems.
It is always important to weigh the convenience of remote control, automation, ease of use, and the benefits IoT in general bring, against the potential risks introduced that could lead to hackers opening IoT locks, disabling IoT alarms or generally disrupting and accessing personal confidential information in IoT devices. Therefore, manufacturers and innovators need to prioritize security rather than to just push more and more products into the market because of the growing competition.
By Adv. Rajas C Pingle