Voices Anand Neelakantan Ravi Shankar Ajai Sahni Anu Aggarwal Debashis Chatterjee Mata Amritanandamayi MAGAZINE Buffet People Wellness Books Food Art & Culture Entertainment NEW DELHI November 24 2024 SUNDAY PAGES 12 India’s Scamdemic Blackmail, threats of arrest and fake authority are being used to create an atmosphere of fear by local and global criminal networks using phones and computers to cheat unsuspecting Indians of their life savings amounting to crores By Gautam S Mengle W hen the email landed in his inbox around 11 am on a Monday Satyajit Gaikwad , (name changed) didn’t think much of it. It was from his work associate, Prerna Sharma (name changed) asking him if he could do her a favour by settling a vendor’s outstanding payment. Again, Gaikwad did not think this to be suspicious. “Rest assured, I’ll personally repay you the amount by EOD. I’m just caught in a meeting right now, so decided to shoot you an email,” the missive said. The size of the amount was normal in Sharma’s corporate training business, and since it is a startup, financial rumbles from time to time were not unheard of. The wording of the email, too, was the right mix of casual and business-like, the way Sharma always discussed work related matters with Gaikwad. As it happened, Gaikwad was facing something of a cash crunch himself and didn’t want to take the risk on that particular day. He replied to the email saying so, and received no response. He simply assumed that Sharma understood and didn’t expect her to waste time on formalities either. Three days later, however, he received a second email from Sharma, asking if he was free to plan a ‘surprise’ for the team. Feeling guilty about the last time, he replied in the affirmative and the next email from Sharma asked him to purchase some gift cards as a Diwali bonus for the team. “That was the moment alarm bells went off in my head, because I’d heard of these scams, where the cybercriminals ask you to buy gift cards for them. I immediately checked the email ID and saw that while the display name was Sharma’s, the actual email ID was completely different. Due to the fact that I received numerous emails from her in the past, I didn’t bother checking the email ID earlier. This time, I went back to her previous mail which, I realised, had also come from a different ID,” Gaikwad recalls. Immediately, he alerted Sharma who, by the time, had received similar warnings from other business associates. The question that had everyone wondering was this: Since Sharma was being impersonated, clearly her email had not been hacked. How, then, did the scamsters know whom to email? The answer is in LinkedIn. Since 2002, cybersecurity agencies such as Norton, Kaspersky and Group IB have been tracking a rapidly rising trend where cybercriminals have been examining LinkedIn profiles of working professionals as part of their research. According to experts, they spend hours studying an organisation before zeroing in on that one person at the top, who is then impersonated. Using publicly available data, like email IDs, mails are sent out to employees or associates from the spoofed ID, and the targets are tricked into making payments in the form of money transfers or gift cards. As of June 2024, according to data compiled by AAG, an IT solutions provider, LinkedIn itself is becoming a massive hotbed for phishing rackets. “New starters that have changed their job status on LinkedIn are a key target. The criminals impersonate senior staff in their attempts to obtain personal information. Others will request employees to buy gift vouchers, such as those for iTunes, or call a given number to discuss important requirements for the job,” states Charles Griffiths, Director of Technology and Innovation at AAG, in his latest report. Phishing and Business Email Compromise, however, are not the only threats lurking around the corners of professional networking websites. Among impersonation-based cybercrimes, those that abuse Google Maps top the list. Google Maps follows a User Generated Content (UGC) policy, which lets users edit content on its pages. For instance, the owner of an eatery can claim it on Google Maps and add a contact number and email ID. Unfortunately, not everyone is “Unemployment plays a role. Some of those who are unemployed turn to cybercrime, and prey on others who are also unemployed and looking for jobs.” Triveni Singh, Retired IPS officer aware of this, and before legitimate owners can put up their contact details, scamsters add their own contact numbers. As a result, customers of establishments seeking support or information end up falling into cybercriminals’ nets instead. The con began during the pandemic with liquor shops. Tipplers wanted their drink and were happy when liquor shops started home delivery. Unknown to them, cybercriminals added their own contact numbers to that of wine shops, and thousands of rupees were lost on a daily basis. When the wine shop con became old, they moved on to banks, and then to hospitals and clinics. In May this year, Dr SC Tiwari, a retired professor from the King George Medical University in Lucknow, noticed a typographical error in his name on his flight ticket. He was to fly from Toronto to Delhi later in the month and, wishing to avoid hassles, tried contacting the airlines customer care using a number he found on the internet. Soon after, he received a ‘call back’, during which the caller smooth-talked him into revealing his netbanking Personal Identification Number (PIN). The next thing he knew, `94,150 was debited from his account. While LinkedIn battles this rising threat, dating apps find themselves facing a challenge of their own. Over the last three years, cyber law enforcement agencies have been receiving information about honey trapping and sextortion rackets mushrooming on dating apps. But the slick execution and unwillingness of victims to come forward with a complaint lets the perpetrators get away with it. “Dating apps are used to make initial contact,” says a senior officer with the Mumbai cyber department. As soon as a target ‘matches’ with the scamster, he is invited to chat on Telegram or connect on Instagram. Here, after some conversation, he is enticed into making explicit acts on video call, and then, the blackmail begins. No criminal activity is ever conducted on the dating app. The officer adds that due to the stigma attached to the act, hardly one per cent of the victims are willing to register an FIR. The rackets, meanwhile are becoming more organised, with new innovations in the modus operandi of the con artists. Another online scam is to send emails purportedly from the Police Commissioner alleging that the recipients have visited child-porn sites and must contact the sender immediately or face arrest. Some other mails claim to have videos of people engaged in sexual acts and threaten to post the videos on YouTube unless they pay up. The frightening part is that scamsters have been able to break into firewalls of companies and send these threats. The best way to detect their veracity is to check the email address of the sender, which will have nothing to do with the official sender’s. Another trend authorities are tracking is the posting of nude pictures of women as their own ‘nudes’ online in exchange for money; the scamster disappears as soon as the money is paid. Here, too, the initial contact is through dating apps, and the rest of the conversation happens on other platforms. In numerous cases, the profiles are not even operated by actual women; they are just names and pictures from social media posts of women without their knowledge or consent. Says retired IPS officer Triveni Singh: “Of course, unemployment plays a role. Some of the scamsters are unemployed people who turn to cybercrime, and prey on others who are also unemployed and looking for jobs. Particularly those who have worked in the IT industry are always the prime target for cyberslavery.” The former cop-turned-cyber crime expert is currently the Chief Mentor at Future Crime Research Foundation (FCRF), a collective of cybercrime and cybersecurity experts working to raise awareness about cyberthreats via events, research and reports. The FCRF has been tracking the alarming rise of instances where job seekers are lured with promises of well-paying jobs abroad, and trafficked to Cambodia, Laos and Vietnam. Here, they are put to work in sweatshops controlled by the local mafia, and made to perpetrate a wide variety of cybercrimes against their own countrymen. A large section of these scams include luring the victims to invest in bogus cryptocurrency frauds. Known as pig butchering, these hoaxes are akin to fattening up a pig before slaughtering it. Typically, they start on Instagram and, as soon as the first contact with the intended target is made, they shift to Telegram or bogus ‘investment apps’ that show increasing returns on the victim’s ‘investment’. In reality, however, the money goes straight into the scamsters’ accounts. As the age-old swindles continue, the new cons are concerning as well. “Various official reports indicate that people are being recruited with offers of IT or administrative work, often based in Thailand. On arrival, they are met by agents who transfer them to counterparts who take them across the border to Cambodia, Myanmar and Laos,” an UNDOC report in July this year states. In 2024 until now, the Indian Embassy in Cambodia has facilitated the rescue of 650 citizens, and 548 have been rescued in Laos and 57 in Myanmar. The racket came into the spotlight in May this year, when a protest broke out in Sihanoukville, Cambodia. Videos surfaced on the internet of Indian nationals gathered on a basketball court of the compound of a building, raising slogans to demand their passports, until local police arrived on the scene. Around 60 Indians were rescued Turn to page 2
Express Network Private Limited publishes thirty three E-paper editions of The New Indian Express newspaper , thirty two E-paper editions of Dinamani, one E-paper edition of The Morning Standard, one E-paper edition of Malayalam Vaarika magazine and one E-paper edition of the Indulge - The Morning Standard, Kolkatta.
