At Maha Kumbh Mela, a once-in-a-lifetime opportunity for digital fraudsters

The Maha Kumbh Mela being held after 144 years is expected to attract not just 40-45 million pilgrims to the most populous district in India’s most populous state but also an army of digital fraudsters.

Scamsters have already made victims out of several devotees using basic tech such as fake websites purportedly offering accommodation and other Kumbh Mela-related services besides WhatsApp and digital accounts to collect payments. Cyber consultants Aon, mFilterIt and Quick Heal warn the Maha Kumbh Mela could see more sophisticated cyberattacks as well.

“The sheer volume of data collected, ranging from personal to payment information, creates a lucrative target for hackers," said Apurva Gopinath, deputy vice president of financial services and professional group, India Aon, which provides risk-management services and products to companies. 

“Potential threats include phishing, ransomware, and denial of service attacks that can disrupt essential services or compromise sensitive data," she added.

Also read | A sales job: What Astrotalk’s 41,000 astrologers didn’t see in their future

Phishing attacks bait people into sharing their personal data such as credit card details, passwords and pin codes by using fake websites or links resembling original service providers. Ransomware attackers block systems, files and networks and demand a ransom for restoring access. A denial of service attack overwhelms networks or devices and prevents their functioning.

“Scammers create convincing fake websites and advertisements offering accommodations and services related to the Kumbh Mela. Victims are directed to these sites, where they make payments for bookings that don’t exist," said Dhiraj Gupta, chief technology officer of cyber security firm mFilterIt.

“In some cases, victims have been contacted via WhatsApp or email, provided with payment details, and assured of bookings upon payment. Once the payment is made, the scammers become unresponsive, and the victims realise they’ve been duped," he said, adding that mFilterIt is providing AI-driven solutions to brands to alleviate cyber risks.

Tighter cybersecurity

As the Maha Kumbh Mela approaches—the religious event will be held between 13 January and 26 February—devotees have already started thronging Prayagraj in Uttar Pradesh. Two weeks ago, the police booked four men operating fraudulent accommodation booking websites.

The UP government and police cautioned pilgrims to guard against cyber scams. 

Uttar Pradesh’s director general of police, Prashant Kumar, in an official video posted on social media, said the state police had signed pacts with technical institutions and hired technical experts “to secure the cyberspace completely". 

“At the same time, our internal cyber team is working round the clock at the cyber police station established in Prayagraj," the DGP said in the video, speaking in Hindi.

Victims of cybercrime in the state can lodge a complaint by calling 1930.

Also read | Indian firms tighten AI defences as cybercrime gets more sophisticated

A bigger threat

Public facilities such as wi-fi and security arrangements like CCTV cameras and drones are also prone to cyberattacks, security experts warned.

“Surveillance cameras, especially the intelligent cameras that have been installed for public safety, are connected to the internet through default IP addresses, making them vulnerable to misuses like snooping," said Vishal Salvi, chief executive officer of cyber security and antivirus solution provider Quick Heal Technologies Ltd.

“Even though hacking of public wi-fi is not very common, someone with reasonable motivation and technical knowledge can still do that," Salvi added, warning against using public internet networks for making digital payments.

Also read | Were you hacked in 2024? India’s data protection rules require you to take action

Lawyers added that for some cyber attackers, money may not be the motivation. Given the national interest in the once-in-a-lifetime religious event, the state government’s involvement in organising it, and the large gathering of pilgrims, cyber attackers could have more nefarious motives, said one lawyer.

“The intention behind cyber attacks could range from vandalism to terrorism, where a perpetrator can cause alarm among the maximum number of people… hence a high degree of cyber security is warranted," said N. S. Nappinai, senior advocate at the Supreme Court who specialises in cyber laws.