“Privacy is myth in India, because we do not have any law pertaining to it. The Supreme Court declaring privacy as a fundamental right is a good thing, but where is the law and the implementation to protect this so-called fundamental right?” questioned advocate Dr Prashant Mali. While speaking at a webinar organised by Moneylife Foundation, the cyber law & cyber security expert, spoke in detail how one can protect oneself from online crimes and what steps you need to take to get justice.
In an enlightening talk, advocate Mali explained in detail how greed or bait act as base for increasing number of online frauds, and how we must be careful and vigilant abot becoming a victim to such a cybercrime.
Starting with the basics, advocate Mali first explained the difference between various cyber-attacks such as phishing, vishing (voice-based phishing), smishing (SMS based phishing) and spear phishing (targeted phishing).
“Deriving from the word ‘fishing’, phishing is like its original word, in the way that there is a hook, a bait and you essentially are the fish. The hook can be an SMS, a WhatsApp message, a call or an email, which lures you in, while the bait could a lottery, income tax refund, a job or even free COVID vaccine,” explained advocate Mali.
Speaking about vishing attacks, he explained how fraudsters calling from call centres, sweet talk people, especially senior citizens into revealing their personal identification (PIN) numbers, passwords, and bank details. Nowadays, with the advent of technology and the availability of leaked data on the internet, it has become relatively easy for fraudsters to lure people with “rosy messages, including some personal information, which coupled with one’s greed or unawareness can lead to a devastating incident of phishing.”
Advocate Mali also briefly touched upon Olx-and Quickr-based scams, where a buyer or seller is defrauded by extracting money from bank accounts using an innocent looking link for unified payments interface (UPI). People, who are new to UPI based payments or online transactions, often fall victim to such frauds on platforms, which allow users to sell or buy second-hand products.
For example, many victims’ misunderstood the collect payment notification as receive payment. In UPI, one can transfer as well as receive payment from other users. Scamsters send pay requests, which transfer money directly into his account instead of the victim receiving any money.
The simple precaution to take in all such cases, according to advocate Mali is to “mistrust everything and anything that you receive either on phone, SMS or email. Do not click on links, which you have received, unless you are certain of their source and validity, as you do not know where they lead.”
Clicking on unsafe links on a mobile device can trigger hidden installation of files which transforms your device into a server, allowing the attacker direct access all information on your phone. It is also important to understand that banks will never call a customer and ask for their PIN number or OTP password. Such information should be kept confidential and never shared publicly either over phone or in a message, the cyber lawyer says.
Advocate Mali goes on to explain that if you do somehow become a victim of such online fraud, the first and foremost thing is to write down in detail the nature of the crime and the losses incurred due to it. Copies of this written ‘incident report’ should be given to the bank when filing a complaint and also to the nearest police station, when filing a first information report (FIR), ensuring that an acknowledgment is received from both parties.
“In case money has been transferred from your account to a mule account, do not panic but immediately rush to the nearest branch of your bank and speak to the branch manager. Force upon them the emergency of the situation and ask them to freeze the mule account immediately,” said advocate Mali.
Freezing the mule account will help you recover the money faster, while the police are investigating or while you are filing a court case seeking return of property.
However, advocate Mali also commented that in India it becomes very difficult for a cybercrime complaint to be taken up through the proper channels, when the police sometimes are disinterested and even if the criminal is caught, they do not face severe punishment. According to him, “deterrence will only occur when you put scamsters in jail, punish them and make an example of it. That is not happening as these people are getting bail and when they are free, they commit the same crime in an adjacent jurisdiction.”
Advocate Mali also referred to a few websites, where people can submit suspicious links, emails, or incidents of phishing, so that some awareness is created and appropriate action might be taken to take down a website or page which performs phishing attacks. Using https://www.reportphishing.in, which is specific to the state of Maharashtra, victims or even people who suspect phishing scams can report such incidents through the online portal. The Central government equivalent of this site is https://cybercrime.gov.in, which serves as the National Cyber Crime Reporting portal.
Although these sites are useful, advocate Mali cautions that reporting on these sites “does not mean that a police complaint or FIR is registered. These sites only forward your incident report to the nearest police station, from where it becomes the responsibility of that particular station to allocate resources and investigate the crime.”
He stresses that in almost all cases, it is important to file a complaint directly with the nearest police station, rather than waiting for action after reporting incidents through online portals.