Online Safety is in your hands!
Cybercrime is a growing concern and new threats are emerging every day. With the pandemic dragging over a year, most of our workspace is at home and it needs to be secured. A recent report from Norton Lifelock said that over 59 per cent Indian adults – that’s whopping 27 million people – fell victims to cybercrimes in the past year. Not only individuals, social media tech giants, corporate companies, banks are also under threat. During the last few weeks, major incidents occurred in the online world. We list the major ones, below.
Fixed Deposit Fraud
Many of us save our money as fixed deposit (FD), as this is considered the safest instrument in banking. The miscreants have tried to cheat people in the name of creating FDs. The customer first gets a text message, stating that an FD has been created in his/her SBI account. The message states that a one-time password (OTP) will be needed to complete the FD creation process. After this, the customer receives a call from miscreants posing as bank employee, requesting OTP. It is at this point, where many customers fail to be alert, thinking, creating a FD is not a threat, and share details. The cyber fraudsters would then transfer your FD amount and all your savings to their own accounts, fraudulently siphoning off the money. SBI, Dena Bank, Oriental Bank of Commerce have cautioned customers about such social engineering frauds.
App download strategy
Cyber fraudsters are now using spurious mobile applications to hack personal data of the user, or to siphon off money. The user gets a call from fraudsters posing as officials asking to fill in KYC (Know your Customer) documents via online apps like AnyDesk, Quick Support. As soon as the customer gives data access to the apps, money is fraudulently debited. This recent incident from Jamshedpur alerts us and rethink before giving access to mobile applications.
A similar incident in Bengaluru was reported. A woman was asked to download an online investing and trading app, promising higher returns on investments. The victim had invested substantial amount by making several transactions through the app that reflected her hefty balance, over a period. The user realised the fraud only when she tried to withdraw the money.
In early April, data of over 533 million Facebook users were leaked. This included details like mobile number and other personal information like the phone number, mail address, date of birth and workplaces. It is claimed that private information of users was obtained by exploiting Facebook’s contact import feature that permits users to search friends on social media using their phone contact list. Facebook is not the only entity to have suffered a data breach, LinkedIn is the latest victim. The dataset consisting of similar information as in Facebook. The hacker from an anonymous forum dumped data of over two million users as proof and threatened ransom in exchange for data.
Dominos India, the pizza delivery chain also faced a data breach (as reported by various media sites) that claims to have credit card details of around 10 lakh customers and employees. This is much lesser in magnitude compared to the Mobikwik data leak. In the worst cases of serious nature data leak, the mobile payment app is said to have exposed important user information like bank details and credit card numbers of 9.9 crore users, calling it the largest KYC leak in history.
Attack on Computer Manufacturers
Quanta, the Taiwanese computer manufacturer for Apple, Microsoft, Cisco suffered a cyberattack at it servers for ransom of $50 million. The hackers claimed holding data, inclusive of Apple product blueprints.
In a similar event happened in March end, Acer, another PC and laptop maker also suffered a cyberattack demanding ransom. It is claimed that the hacker had access to the company’s financial spreadsheets, bank balances and bank communications. Both attacks were reported to be by a cyber espionage group ‘REvil’ based in Russia.
Cyber security expert and founder-in-chief of seckriti.com, that builds products for digital safety, Divyanshu Verma opines that in these cybercrimes big brand names were used as bait and hence most of the people fell for it. “SBI fixed deposit incident was a social engineering scam, which is related to our cautious behaviour, to check and verify credibility of source before divulging any information over phone or email,” he said.
“In FB/ LinkedIn or any other SM, it is important to understand that keeping a simple password is like keeping the door of the house open. Accepting friend or connection requests from unknown people may lead to credential theft and misuse. The email (as a service) is one of the biggest and most lethal attack vectors, since it is a very personal attack. As a result, most people fall for it. However, a prudent person, will also check the actual mail address and will read through the mail, thinking about the intent of providing the sought information. Similarly, any software that is downloaded free has a high risk of malware getting downloaded,”
Cybercrime in legal framework
This is an evolving area, and today most of the legal frameworks are ad hoc. The government of India has created frameworks and institutions that are responsible for handling cybercrime. Any person who is a victim of cybercrime can register the complaint at https://cybercrime.gov.in/
This is the National Cyber Crime Reporting Portal, that educates common people, helps them understand cybercrime. One can also file a complaint if a cybercrime has taken place.
Similarly, Cert.in – the portal that is responsible to provide advisory on cyber risks, cyberattacks to the entire county, under the Ministry of Electronics and Information Technology.
CERT-In has been established as the nodal agency responsible for the collection, analysis and dissemination of information on cyber incidents and taking emergency measures to contain such incidents.
Common cyber frauds to be alerted on
The most common frauds happen through our most common habits – clicking links on mobile messages, clicking on links that come as emails with messages such as online lottery, bank account withdrawals, etc. These are commonly known as Nigerian prince frauds, most of these scam mails come from Nigeria. The other cyber scam which has become very prevalent is the fake telephone calls claiming to be coming from a bank and then try to get the PII (Personal Information Index) such as ATM pin, AADHAR number, etc, and then siphoning money from the customer’s account.
There are a lot of case of identity theft on FB and other social media, where cyber criminals steal profile-picture of a person, then create a fake id and subsequently reach out to the people in friends list through FB messenger and ask for money, claiming that they are in stress and have some urgent need of money.
In the current scenario during the pandemic, where the time that people spend online has exponentially increased, there is a high tendency amongst youth to download “free” movies from dubious P2P or other free download sites. Understanding this psychology, cyber criminals put many ransomware binaries, named as movies. Once these are downloaded by unaware users, the malware completely encrypts the entire hard disk at the user’s computer, and then the user is asked to pay ransom to decrypt their hard disk, and in case the user does not pay the ransom money, their entire hard disk is erased and users lose all data.
Similarly, cyber criminals target the unprotected computers which are connected to the network and use these freely available connected computers to mine the crypto currency. The cryptomining is a high network and computing intensive task, and cyber criminals want to do that using many of the freely available unprotected computers.
Apart from these, organised cybercriminal gangs try to phish employees in corporations and steal their credentials, using a backdoor, or a reverse shell and then subsequently siphon off a lot of money.
Also, hackers target the data of e-retail/ banks/ digital wallet companies, steal customer credentials and sell the same to dark web and other cybercrime networks.
The precautions one can take to stay safe are simple – use licensed software, antivirus, be careful when using free or public network, do not download pirated software from the internet and be careful in sharing banking and other personal information over phone or email.
It is important to think before clicking any link on the internet and to accept any friend request on social media platforms. Similarly, people should be careful while downloading any app on their phone. One should always verify the source of the app. Ideally, people should use newer and safer websites which use HTTPS/TLS as a prefix, instead of HTTP, since any date that goes via HTTP is completely unencrypted and can be read by a MITM (Man in the Middle Attack).
Similarly, it is important to observe the system (computer behaviour), if the computer is crashing a lot, some unknown search engine pops up by default, some unwanted applications are running, then the system has been breached and the person might be victim of cybercrime.
Read more: WireX May Edition
Also watch: Top Smartphones Trends 2021