India has seen a rapid rise in cybercrimes in 2022. Over 16 lakh cybercrime incidents have been reported in the country in the last three years, Lok Sabha was informed in December 2022. According to the information presented by Union Minister of State for Home Nityanand Rai, more than 32,000 FIRs were registered since 2020.
The Free Press Journal has started a campaign Cyber Safe Mumbai to ensure our readers are updated on the latest methods used by scamsters and how to avoid getting tricked. This campaign in conjunction with Mumbai Police’s Cyber Crime Division aims to bring awareness among netizens.
Cybercrime affects all individuals and society at large. New technologies have made many aspects of our lives easier, from social interactions to banking, shopping and more. At the same time our increasing reliance on the Internet has created more risks and opened new paths for criminal activity.
According to Mumbai Police Cyber Crime Cell, the most common form of online fraud is related to banks, where fraudsters, posing as bank officials, convince the victim to share OTP, KYC updates and sometimes send the links to be clicked to access bank accounts.
The types of online frauds include scamsters making unauthorised fraudulent payments from victim’s bank accounts and authorised payments in which the victim is tricked into sharing sensitive personal information like PIN and OTP to fraudsters.
Fraudulent Payments (Unauthorised)
Unauthorised fraudulent payments are attacks that include fraudulent activities such as the unauthorised transfer of funds from an individual's or company's account.
Mentioned below are the types of trends that fall under the category of unauthorizing fraudulent payments.
Technical support
Under technical support fraud, fraudsters pose as representatives of legitimate tech companies. They might reach you via phone or email, claiming that your computer has some sort of issue.
The fraudster will then ask for remote access to your device to “fix” the issue. In doing so, they can steal your personal information and financial credentials. They might also charge you a fee for this “service.”
Mobile SIM Swap
Next is mobile SIM swap fraud. In this, the fraudster can take over your mobile phone number in a SIM swap scam. They will pose as you and convince your wireless provider to transfer your number to a new SIM card they control.
Once they have access to your phone number, they can access all your phone numbers, text messages, and any two-factor authentication linked to your number. They can then use this information to commit fraud, such as accessing bank accounts or credit cards.
Account takeover
One of the more significant and damaging types of banking fraud is account takeover. In this type of online scam, the scammer gains access to your bank or credit card account by posing as you and providing enough personal information to pass security measures.
They’ll answer all your security questions and change your pin codes / login information. As a result, they can potentially drain your account or make unauthorizing transactions. In the worst case, they may also take out loans in your name.
Bank insider
A bank insider can also commit fraud. As they have access to sensitive financial information such as your account numbers and login credentials, they will take small amounts from your account without you knowing it.
They may do this for their own gain, or for a criminal organisation, or even for selling your sensitive information to the dark web. Constant vigilance and internal audits are the only ways to prevent this type of fraud.
Phishing
It is one of the oldest and most successful methods to commit fraud. Under this, fraudsters will send you emails or texts posing as a legitimate institution, such as your bank. They will request you for your personal information or login details after which you will be directed towards fake websites to gain access to your financial accounts.
Man-in-the-middle/pharming
Another phishing-related fraud is man-in-the-middle or pharming attacks. Here, the frauster will insert themselves between the victim and a legitimate institution. For instance, they might intercept your communication or redirect you to a different website and gain access to your login information or any other personal information. This type of fraud can be more damaging as it often goes unnoticed until it’s too late.
Fraudulent Payments (Authorised)
In a stark contrast to the previous forms of fraud, authorised fraudulent payments involve the victim actually authorising a payment. However, they may have been tricked into doing so by the fraudster.
Mentioned below are different types of authorised fraudulent payments.
Business email compromise
In a business email compromise, the fraudster will pose as someone in authority within a company, such as a CEO or CFO and may ask you, via email, to transfer funds to a particular account that they control. The victim, often an employee, may not realize they are being duped until it’s too late.
Invoice fraud
Under this type of fraud, the fraudster will pose as a supplier or vendor and send you an invoice requesting payment. The victim may not realise that this is a fake invoice and will end up paying it.
Investment scams
This type of scams involve fraudsters convincing victims to invest in “lifetime” opportunities by promising high returns with little risk. As lack of regulation allows for more room for fraud, cryptocurrency market has proven to be a breeding ground for such types of frauds
Push payment social engineering
In this type of fraud, the scammer will persuade the victim to voluntarily send them money through social engineering tactics. These can range from posing as a government agency to impersonating a family member.
Romance scams
In this type of scam, the fraudster will create a fake social media profile and start an online relationship with the victim. Ultimately, they will convince them to send money.
They may start by catfishing, using a fake identity and photos, and then gradually gaining the victim’s trust over time. These types of scams can result not only in financial losses but also in emotional trauma for the victim.
Reserve Bank of India data
As per the Reserve Bank of India, 2,331 fraud cases involving ₹87 crore were reported by banking entities during the six-month period as against 1,532 frauds involving ₹60 crore in the last six months (till 30 December 2022)
This growing trend shows a shift in banking frauds modus operandi to internet-based transactions. Further, the number of fraud cases reported by private banks outnumbered those by PSU banks for the second consecutive year in 2021-22.
Third-party phishing website
Fraudsters create a third-party phishing website which may exactly look like a bank’s website or an e-commerce website or a search engine. Links to these websites are circulated by fraudsters through SMS, social media, email and more. Many customers click on the link without checking the detailed Uniform Resource Locator (URL) and enter secure credentials such as PIN, One Time Password (OTP) and password which are captured and used by the fraudsters.
Imposters call
Fraudstaer call or approach the customers through telephone call, social media posing as bankers, company executives, insurance agents and government officials.
To gain confidence, they then share a few customer details such as the customer’s name or date of birth.
Skimming devices are installed in ATMs by fraudsters to steal data from the customer's card. They may also install a dummy keypad or a small pinhole camera, well-hidden from plain sight to capture ATM PIN.
