The political atmosphere in India has become so uncertain and unpredictable that it has created a fertile ground for scamsters to fool elected representatives and their loyal supporters just as easily as they fool ordinary people.
Is it any wonder then that four members of the legislative assembly (MLAs) from the Congress party received calls, ostensibly from the office of Kamal Nath, former chief minister (CM) of Madhya Pradesh (MP) and now state president of the Congress Party, requesting urgent money. They suspected foul play because Mr Nath was unlikely to make such a request. So they called his office and discovered that the calls they had received were spoofed. After setting a trap for the scammer, and with the help of the MP police, two people who came to collect the money were arrested.
In another case, Sanjay Singh, a member of Parliament (MP) from the Aam Aadmi Party (AAP), recently tweeted that someone had used his mobile number to demand money from his party's MP chief Rani Agrawal. His number was also used to call AAP's Mumbai president Preeti Sharma Menon, Mr Singh said in a tweet.
Both incidents are examples of what is known as mobile or phone number spoofing which is used by criminals to cheat people.
By spoofing phone numbers, the scammers can manipulate the caller ID information displayed on a recipient's phone to make it appear that the call originated from a person they know—for instance, Mr Nath or Mr Singh, in the examples above. In other words, the caller deliberately falsifies the phone number transmitted to the recipient's caller ID display using another device.
Phone number spoofing is not illegal per se in many countries; it is used by businesses to maintain a consistent brand identity while using several phone numbers to call customers or their target audience. For example, during elections, many of us receive automated and recorded calls (robocalls) from political leaders. Here too, the political party using this form of outreach is making the calls using multiple phone lines or mobile numbers, yet, all the numbers show that particular leader's name as the caller ID on the recipients' mobile phones.
Fraudsters have realised that spoofing is an excellent tool to cheat people. They mostly use the name of a bank, service-provider or police and enforcement agencies as caller ID while making calls to people. They use the ever-successful format of 'greed' and 'threat' to obtain sensitive information from the victims, including personal and financial details and login IDs and passwords.
Caller ID spoofing was first commercially offered by a company called star38.com in 2004. It allowed users to place spoofed calls from a web interface. Many companies and businesses followed suit and started offering caller ID spoofing services.
During the initial days, phone number spoofing was expensive and required in-depth knowledge of telephony. However, advancements in open-source software made it relatively easy and cheaper for anyone to spoof caller ID with basic technical knowledge.
One of the most prevalent ways of spoofing is through VoIP (voice over internet protocol), a call-making service delivered via the internet. If you have a decent broadband internet connection, your phone service can be provided through the internet rather than the telephone or mobile service provider.
While some sophisticated cybercriminals are using phone number spoofing, many fraudsters find it easy to regularly buy new mobile numbers with fake documents (read: Aadhaar). After making a certain number of calls from the mobile numbers, they simply dump the SIM (subscriber identity module) card and start using a new one. Ordinary people like you and me, who stay in cities, are required to go through a vigorous process of know-your-customer (KYC). However, those buying SIMs in bulk, mainly from interior areas, can just submit an Aadhaar photocopy of anyone for KYC. There is hardly any validity check or authentication of Aadhaar KYC documents in these places, and the buyer can either use these new SIMs for their purpose or sell it to fraudsters at higher prices. In some cases, the SIM sellers, who are eager to boost sales figures, are also found to be hand in glove with these buyers.
This brings us to the most crucial question: How can one protect from phone number spoofing? It is not easy to identify and block spoofed ID calls, but you can follow certain rules to minimise your chances of answering them.
The first and most important step is to avoid answering calls from unknown numbers. Follow the basic rule used in the 'do not disturb' (DND) feature on many mobile phones. During the DND period, these mobiles reject first calls from unknown callers. However, if the call is repeated from the same number, then the mobile starts ringing. Do the same thing for calls from unknown numbers. If the caller (even if the number is unknown to you) really needs to speak with you, he/she will call again, and you can respond. Remember, most fraud callers do not call a second time if there is no response on the first attempt. Calling the same unresponsive number twice is a waste of time and resources for fraudsters!
Be cautious with incoming calls. Treat all incoming calls with scepticism, especially if the caller asks for your personal information or seems suspicious. Never share sensitive information such as passwords, bank details, card numbers or passwords, personal identification number (PIN), and card verification value (CVV) over the phone unless you have initiated the call and are 100% sure about the recipient's identity.
Use call-blocking and spam-filtering features: Many smartphones have built-in call-blocking and spam-filtering features. Use these features to automatically block or flag suspicious calls based on known spam numbers. You can also use spam filtering and caller ID apps like True Caller. But remember, when you use the free version of any app, there are bound to be several unwanted ads being displayed on your mobile screen while using the app.
While these steps could help reduce the risk of falling victim to phone number spoofing, they may not eliminate it entirely. Cybercriminals and fraudsters use newer technologies and tactics, so it is essential to remain cautious and adopt a healthy level of scepticism when dealing with unknown and unexpected callers.
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
