Most frauds are easily executed by taking advantage of the victim’s lack of awareness
Most banks, NBFCs and police departments have cautioned borrowers on loan moratorium fraud
The threat of getting infected with the covid-19 virus is topmost on most people’s minds. But that’s not the only threat you need to keep yourself safe from. Cybercriminals are using newer ways to defraud mobile phone and computer users, using covid-19 as a cover.
As the pandemic spreads, covid-19-related cyber frauds are also on the rise. The rise of cybercrime in India is apparent with the advisories that banks, non-banking financial companies (NBFCs), National Payments Corp. of India (NPCI), ministries and various government departments have issued.
“There is no India-specific data yet. But in most of the developed countries, there is a sudden jump in covid-19 cybercrimes," said Pavan Duggal, a Delhi-based lawyer who specializes in the field of cyber law. ActionFraud, the UK’s national reporting centre for fraud and cybercrimes, saw covid-19-related frauds increase by 400%.
Remember that it’s only rarely that you will get back the money lost to cyber fraud. Here are some recent covid-19-related frauds prevalent in India and ways to protect yourself, so that you don’t lose your hard-earned money.
Most of the covid-19-related frauds have a simple modus operandi and are easily executed by taking advantage of the lack of awareness of the victim.
Loan moratorium fraud: Most banks, NBFCs and different police departments have cautioned borrowers on social media about this. Fraudsters call up gullible borrowers and pose as bank representatives. They inform the targets that their lenders are giving a moratorium on the loan and the borrower won’t need to pay two EMIs, as per the Reserve Bank of India’s directives. In the process, they can trick borrowers into sharing their bank details. Once they convince the borrowers, fraudsters ask them to share the OTP (one-time password) by giving them the impression that the OTP is the confirmation code for availing the moratorium, when actually it is for a bank transaction that borrowers may be doing. Once the borrower shares the OTP, he loses money.
“There is only one rule to prevent falling victim to such frauds. An individual should never share any details with anyone," said Prashant Mali, a Mumbai-based lawyer and cybersecurity expert.
Experts said that these are typical social engineering frauds. “There are no technical solutions to such frauds as the criminals exploit human vulnerabilities. Everyone needs to be more aware and conscious of such calls," said Amit Dubey, a cybersecurity expert.
PM CARES Fund fraud: A lot of people are making donations to the Prime Minister’s Citizen Assistance and Relief in Emergency Situations or PM CARES Fund.
The fund’s UPI (Unified Payments Interface) ID is pmcares@sbi. However, many fraudsters made similar UPI IDs, such as pmcares@pnb, pmcares@hdfcbank, pmcare@yesbank, pmcare@ybl, pmcares@icici, and so on, to defraud people. There were so many fake IDs that the Indian Computer Emergency Response Team (CERT-In) also issued a warning along with banks, ministries and police departments recently. Even State Bank of India released an advisory to its customers to be cautious of fake IDs such as pmcarefund@sbi, pm.care@sbi, pmcare@sbi, pncares@sbi, and so on. “Once we came across the fake IDs, we jumped into action with partner banks in our ecosystem to act on it. We ensure that people were not able to make payment to these fake IDs," said Praveena Rai, chief operating officer, NPCI. Most of these IDs have now been disabled.
Rai said that whenever a person is making a payment, the name of the receiver pops up in all the payments app, so that the sender is sure about the receiver. “This is a validation function that is a part of all apps," said Rai. For PM CARES, the registered name is Pm Cares. For others, it would most likely be registered in the name of an individual.
There are also other fake donation messages sent out to help the poor during the covid-19 pandemic. Don’t donate to any social or religious organization unless you are sure where the money is going.
Exploiting greed: Many items such as face masks and sanitizers are in short supply because of the lockdown. Cybercriminals have made fake e-commerce websites selling such sought-after items that are in short supply. The website may look like a proper e-commerce marketplace, where you select items, quantities, provide the delivery address and make payment through different means. However, the items never get delivered, and the site is shut down after a while.
Then there are emails and mobile messages saying the government is releasing funds to help citizens. The message asks the victim to click on a link, which takes him to a fake government website. The site asks the victim to enter sensitive bank account details to avail the fund. Without realizing, the victim gives away his confidential information that would help the hackers transact on behalf of the account holder.
Installing malware: There are messages sent out claiming to provide free services such as Netflix subscription for the entire lockdown period, or a message claiming to be from the World Health Organization, or it claims to have a map of how the covid-19 virus has spread. As soon as the person clicks on the link or attachment, the malware is installed on the computer or the mobile phone.
Some malware can even relay the live screen of your device to hackers, who can capture your passwords or bank account details when you enter them on your device. “Around 4,000 new domains were registered in the past three months with keywords including corona, covid, vaccines, virus, and so on. These domains are mostly used by criminals for phishing attacks. Along with this, over 1,700 new domains are registered with ‘Zoom’ as the keyword to hack Zoom (a video conferencing service) accounts," said Dubey.
If you are unsure of the attached files or links received, you can use online services such as virustotal.com, abuseipdb.com, sandbox.pikker.ee and exodus-privacy.eu.org to verify them.
There have been incidents where fraudsters have hacked Facebook accounts of individuals. Using Facebook messenger, criminals reached out to people in the friends list and asked for monetary help. Avoid sending money to someone unless you have confirmed it’s the same person seeking help.
A few more basic things can help you prevent frauds. Be careful with money transfers and online purchases. Ensure you are transferring money to the right account and buy only from established entities. Never click or download links, attachments or images that come with forwards, even if they are from known sources. Never share your password or any other confidential details on the phone with executives of any company or at any website.
Don’t fall for an offer that looks too good to be true. You can report anything suspicious at cybercrime.gov.in. When you are downloading apps on your mobile phone, look at the publisher or developer, read the comments and download it only if it’s popular. Small measures can go a long way in protecting yourself.