Whenever a pandemic or a catastrophe strikes serial fraudsters become more active as they know that they can now target individuals globally by taking advantage of their lack of knowledge and awareness. Post Covid-19 many financial institutions, Banks, law enforcement and state departments have cautioned public in general on issues related to frauds. Fraudsters know that threat of getting infected by this virus is on top of publics minds. Serial fraudsters and cyber criminals start using innovative and new ways to defraud individuals using new age handheld devices and personal computer, tapping a Pandemic as a cover.
As Corona Virus is still growing and is spreading globally, serial fraudsters are using it as a cover and are committing cyber frauds. Rise of cybercrime in India can be noticed with the advisories issued by Banks, NBFCs[1], NPCI[2], ministries and various government departments.Most of the developed countries have already seen a surge in cybercrimes related to Covid-19 when it began, UK’s National Fraud Intelligence Bureau (NFIB) reporting centre for fraud and cybercrimes mentioned that “Coronavirus-related fraud reports increase by 400%”
Public in large should understand that only in rare casesone can get back theirlost money once they have been conned. Here are few recent Covid-19 related frauds which are prevalent in India and ways to public can protect itself, so that people do not lose their hard-earned money.Most of the covid-19-related frauds have a simple modus operandi and are easily executed by taking advantage of the lack of awareness of the victim.
Frauds related to Loan moratorium:On 27th March 2020 India’s finance minister Ms. Nirmala Sitaraman Ji announced moratorium on all loans. As soon as this was announced fraudsters started calling customers to defraud them by using their new ways. However, most financial institutions cautioned their borrowers using different social media platforms and websites. Fraudsters would call up unsuspecting bank customers and borrowers and pose as bank representatives and then inform them that they are eligible for bank moratorium and that the borrower does not need to pay the upcoming two EMIs, as per RBI’s[3]directive and in this process, they trick borrowers into sharing their crucial banking details.
Once the borrowers are convinced, fraudsters ask them to share the OTP (one-time password) by giving them the impression that the OTP is the confirmation code for availing the moratorium, when actually it is for a bank transaction that borrowers may be doing. Once the borrower shares the OTP, he loses the money.
Frauds related to donations in PM CARES: Lot of passionate Indians are making generous donations of their hard-earned money to the Prime Minister’s Citizen Assistance and Relief in these Emergency Situations or PM CARES Fund. When the portal started accepting fund’s using UPI[4] ID is pmcares@sbi. However, many fraudsters made similar UPI IDs overnight such as pmcares@pnb, pmcares@hdfcbank, pmcare@yesbank, pmcare@ybl, pmcares@icici, and so on, to defraud people. Fraudsters made so many fake IDs that the Indian Computer Emergency Response Team (CERT-In) had to issue a statement and warning.
Social Media plays a crucial role in flaring up fake ID’s and unsuspecting customers transfer money without verifying. However, most of these IDs have now been disabled.There are many other fake donation messages which are sent out to help the poor during this pandemic, please donot donate to any social or religious organization without verifying the facts and ensure the money is going for the right cause.
Exploitation: As the pandemic rose many essential items such as Sanitizers, PPE kits, N-95 Face masks and other essentials were either not available or were in short supply because of the lockdown. Cybercriminals made look-a-like e-commerce websites selling much such soughtafter items that were in short supply for unsuspecting customers. These websites looked like a proper e-commerce website, where you select items, quantities, provide the delivery address and make payment through different means. However, these items never get delivered, the site is shut down after a while defrauding clients and unsuspecting individuals. Moreover, all the key data punched by the customer is captured and sold on the dark web[5].
Then there are emails bombs and spam mobile messages mentioning government is releasing funds to help citizens. The message asks the victim to click on a link, which takes them to a fake government website. Post which it asks the victim to enter sensitive bank details to avail the fund. Without realizing, the victim gives away his confidential information that helps the hackers transact on behalf of the account holder without alarming the customer.
Installing malware: There are messages which are sent out claiming to provide free services such as OTT[6]subscription, apart from this there are message sent to unsuspecting customers claiming to represent Government or State departments temptingcustomers to open the link and view its contents, as soon as link or attachment are clicked or opened, the malware is installed on unsuspecting customer’s computer or smart mobile phone which provides remote access and information to cyber criminals.
Some malwares can even relay the live screen of your device to hackers, who can capture your passwords or bank account details when you enter them on your device. If you are unsure of the attached files or links received, you should never open such links and delete them. You can also use online services such as virustotal.com, abuseipdb.com, sandbox.pikker.ee and exodus-privacy.eu.org to verify such emails or messages.
Protect yourself and your social media
There have been incidents in past where cyber criminals have hacked social media accounts of individuals and have used its personalmessaging services, post that these criminals reach out to friends and family asking them for monetary help and creating an urgency situation. Always verify such messages and avoid sending money to someone unless you personally confirm the contents with originator of any such message.
A few more basic things can help you prevent frauds. Be careful with money transfers and online purchases. Ensure you are transferring money to the right account and buy only from well-known entities. Never click or download links, attachments or images that come with forwards, even if they are from known sources.
Article by Hurrmeet SG Vohra
Director,
Corporate Analyst & Consultant Private Limited
[1] A Non-Banking Financial Company (NBFC) is a company registered under the Companies Act, 2013 of India, engaged in the business of loans and advances, acquisition of shares, stock, bonds, hire-purchase insurance business or chit-fund business, but does not include any institution whose principal business is that of agriculture, industrial activity, purchase or sale of any goods (other than securities) or providing any services and sale/purchase/construction of immovable property. (Source: Wikipedia)
[2] The National Payments Corporation of India (NPCI) is an umbrella organisation for operating retail payments and settlement systems in India.
[3] The Reserve Bank of India “RBI” is India’s central bank, which controls the issue and supply of the Indian rupee. RBI is the regulator of the entire Banking in India. RBI plays an important part in the Development Strategy of the Government of India.
[4] Unified Payments Interface (UPI) is an instant real-time payment system developed by National Payments Corporation of India facilitating inter-bank transactions.
[5] The dark web is the World Wide Web content that exists on darknets, overlay networks that use the Internet but require specific software, configurations, or authorization to access
[6] An over-the-top (OTT) media service is a streaming media service offered directly to viewers via the Internet. OTT bypasses cable, broadcast, and satellite television platforms, the companies that traditionally act as a controller or distributor of such content