In spite of repeated warnings issued by the government, security experts, regulators and media, people continue to become victims of online fraud.
Cybercriminals, who themselves may not be tech experts, are now using more reliable data to target victims more accurately. One case from Mira Bhayandar, a Mumbai suburb, reveals how former employees used data obtained from their employer, a business process outsourcing (BPO) service, to find targets.
This is just one way to zone in on potential targets more efficiently. What is even more scary is that cybercriminals have also begun to use the latest and very sophisticated, artificial intelligence (AI)-driven ChatGPT, which provides human-like answers to questions, to develop malicious tools that can steal data and dupe you.
So, let’s see how these fraudsters operate and what you can do to avoid their traps.
BPO Data Used To Exploit Policyholders
Earlier this week, the Mira Bhayandar Vasai Virar (MBVV) police busted an inter-state gang that duped people on the pretext of renewal, surrender and updating of insurance policies. The police arrested three members of the gang and discovered that they had cheated 40 policyholders of Rs11 lakh, according to a report in the newspaper Mid-Day.
An officer from the police cyber cell told the newspaper that all of the gang members had worked in the different BPO back offices for several months where they stole customers’ data and used it to start duping people.
They called people whose data had been stolen by them and, armed with very specific information, were able to con them to renew, update or surrender their policy by posing as insurance company officials, explained the cops. The entire operation had a mastermind who employed and paid gang members a monthly 'salary' as well as incentives and benefits based on their success at defrauding people.
The next time you receive a call or message to renew your insurance policy, immediately contact your insurance company on its authentic numbers or email IDs that are on your records. You can also seek help from your insurance agent, if any, but do not respond to unknown callers.
Beware of Contact Numbers Found on Search Engines
When we need any information, our general tendency these days is to search online, mainly on Google. You need to know that the information or contact details that are high up on the search results page may not be authentic or genuine but very similar to the real ones. Using search engine optimisation (SEO) techniques, many fraudsters ensure that their contact numbers are prominently displayed on the first few pages of the search engine.
In Uttar Pradesh, three cases have been registered in the past two months where people were duped after contacting an affordable 'resort' through an online search.
According to a report by IANS, one SP Gupta was looking for the website address of Patanjali Yogpeeth at Haridwar which he planned to visit for medical treatment for him and his wife. He looked online and got a number through a Google search. On contacting the number, he was asked to deposit Rs15,000 to book a room at the Yogpeeth. When he reached Haridwar, he was told there was no booking in his name. He dialled the mobile number to inquire what had happened but the person on the other side disconnected the call and later switched off the mobile.
Ranjit Rai, an inspector at the Lucknow cyber cell, told IANS, "When a person searches for hotels, some options of the sites come up. Many of the pages are prepared by the conmen to dupe people. When the people enter the page and put their details and pay money online, they find that their resort booking is confirmed. But their money goes into the conmen's account."
ChatGPT: The Double-Edged Sword!
ChatGPT is the latest sensation in artificial intelligence (Read: ChatGPT - I: What Is It and How Is It Useful ? and ChatGPT - 2: How Is It Useful?
). It can be used for good work such as assisting developers in writing code, but it can also be used for malicious purposes or to write malware codes. In underground hacking forums, hackers are creating 'infostealers' and encryption tools that facilitate fraudulent activity.
An analysis of several major underground hacking communities by Check Point Research (CPR)
reveals that there are already instances of cybercriminals using OpenAI to develop malicious tools. "As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools we used are pretty basic, it is only a matter of time until more sophisticated threat actors (criminals) enhance the way they use AI-based tools for bad."
Last month, a thread named 'ChatGPT – Benefits of Malware' appeared on a popular underground hacking forum. The publisher of the thread disclosed that he was experimenting with ChatGPT to recreate malware strains and techniques described in research publications and write-ups about common malware. For example, he shared the code of a Python-based stealer that searches for common file types, copies them to a random folder inside the temp folder, ZIPs them and uploads them to a hardcoded file transfer protocol (FTP) server.
According to Bruce Schneier, a public-interest technologist, who works at the intersection of security, technology, and people, "ChatGPT-generated code is not that good, but it is a start. And the technology will only get better. What matters here is that it gives less skilled hackers—script kiddies—new capabilities."
What this means is that cybercriminals, who have already shown significant interest in ChatGPT, are going to increasingly benefit from AI to generate malicious code that can help them defraud people in multiple ways such as accessing accurate and full details about individuals, accessing bank accounts and wallets which are not adequately protected and luring people with false information, threats and goodies to transfer funds or make wrong payments.
What we, as online service users, can do is to remain vigilant and careful, always.
How To Report Cyber Fraud?
Do report cyber-crimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
Stay Safe & Alert!