Increasing Numbers of Online Fraud-Issues and Remedies

On 5^th September 2020, V Citizens Action Network (VCAN) organized it’s second fully-digital Social Sanchar v2.0 and was held to raise awareness about cyber security and cybercrimes.

The session was broadcast live on Facebook, YouTube, with Twitter linked to YouTube channel, and was joined by viewers across the city, and around the globe.

With smart phones, social media, and digital transactions now a part of our daily lives, there is an increase in online frauds such as; those on matrimonial websites, online dating websites, credit/debit card fraud through social engineering, online Ponzi schemes, phishing, blackmail, etc. The session particularly focused on

• What has the Maharashtra Cyber done regarding Cyber Crime victims
• To know the red flags
• To know the basic safety tips
• To know how a victim can file a complaint

The Social Sanchar gave a platform for citizens to interact with Dr Balsing Rajput and Dr Prashant Mali, leading experts in the fields of cyber security.

The Social Sanchar began with the welcome address by Smt. Indrani Malkani, Chairman VCAN. She gave a brief introduction about VCAN reaffirmed VCAN’s focus on the safety and security of people, families, and communities and predominantly during the COVID19 pandemic. VCAN’s interactive web portal- togethervcan.in gives citizens access to multiple issues on a single platform. The interactive live talk shows, or Social Sanchar’s have the motto ‘interact with your government with wherever we are’ and have switched to fully digital in light of the pandemic and ensuing health concerns.

Smt. Malkani expressed her appreciative thanks towards Team Teknowlegion for powering the fully digital Social Sanchar and for always being vigilant and keeping VCAN’s Web portal going. She thanked VCAN’s social media consultant Mr. Lulla, as well as colleagues and networking partners and friends in the media and all the viewers.

She then invited her fellow trustee Shri. V. Ranganathan, to introduce Dr Balsing Rajput and Dr Prashant Mali, and also to highlight a few crucial points for discussion. She stated that Shri Ranganathan was Mumbai’s former Municipal Commissioner and has also led the State of Maharashtra as the Chief Secretary.

Before introducing the guest speakers, Shri Ranganathan impressed the importance of this Social Sanchar session in light of the uptick in cybercrimes since the beginning of lockdown and increased internet usage across the city.

Dr Balsing Rajput is the Superintendent of Police, Maharashtra Cyber, Mumbai and an expert in cyber security of critical infrastructure, cybercrime investigation and the investigation of complex cyber-economic crimes. Dr Prashant Mali is Cyber and Privacy lawyer and cyber security expert and the founder of Cyber Law Consulting. Over his two decades of experience, he has been bestowed with many prestigious awards.

To view brief profiles of both Dr Balsing Rajput and Dr Prashant Mali 
click here

Smt. Malkani then invited first Dr Rajput and then Dr Mali to make their opening remarks and discuss the red flags, precautions, and redressal processes associated with cybercrime.

Dr Rajput gave an informative presentation titled ‘Are we safe on the internet?’. He first talked about the several kinds of cybercrime and red flags associated with them. Cybercrime is any crime committed to, or by facilitation of a computer. Particularly vulnerable are gullible parties such as children or those who are not accustomed to using the internet. Job fraud is a pernicious cybercrime. Precautions against job fraud include recognizing inauthentic job offers and not clicking on suspicious links. In case of a suspicious link or job offer advertisement, the citizen should call the agency offering the job and check for authenticity of the job offer. Matrimonial frauds are also widespread in India. College-going students, especially young girls, are often targeted with fake profiles. Online banking frauds like credit/debit card fraud and OTP frauds often happen to with people who use banking transactions less frequently. Online shopping transactions also make the consumer susceptible to online wallet fraud, KYC verification fraud and grievance redressal fraud. Precautions against bank fraud include not sharing your card number, OTP, or ATM PIN with anyone. Logging onto free public WIFI networks can also result in data stealing, where fake WIFI towers steal information like your usernames, passwords, and internet searches.

Children and other vulnerable parties are often the victims of some more pernicious forms of cybercrime. Child pornography is a cybercrime that is more rampant in cities and urban areas. Cyber grooming is another crime that involves the exploitation of youth through social media and harassment. Cyber bullying takes place on social media platforms like Instagram and YouTube where younger people sharing pictures and videos. Morph fraud involves the morphing of pictures, and can result in defamation and harassment. Cyber stalking targets victims like young girls. In cyber stalking, sensitive information like names of relatives, mobile numbers and other personal details are stolen and later used for extortion

Here Dr Rajput reminded the audience that cybercrimes ad cyber-attacks are not the victim’s fault. The blame can more accurately be put on a lack of literacy and awareness, and the reluctance of victims to report crimes. to the police

In order to safeguard children from such crimes, Dr Rajput recommends the use of parental control software, checking children’s’ internet activity, and conducting frequent awareness workshops with younger people.

General tips for preventing cybercrimes include ensuring that mobile phones and computers aren’t left unattended, technology software are kept updated, files are password protected, and information backups are kept in order to protect data against hacking.  Citizens should download movies and songs through legal channels and not through suspicious links or websites that often result in malware files being downloaded to the computer. Anti-virus software is also useful in protecting phones and computers. People should also ensure that they are using authenticated apps and deleting apps that are not useful from their mobile phones.

There are several redressal mechanisms provided to victims of cybercrimes.

The National Cyber Crime Reporting Portal is www.cybercrime.gov.in   For cybercrimes related to children, within 36 hours, the complainant can get a report on how the case is being handled. Provisions for tracking/locking your mobile phone when it gets lost or stolen are also available, to access these, citizens should register their mobile phones at ceir.gov.in.

The toll-free cybercrime helpline number is 155260.

The cybercrime initiatives by the Maharashtra Government include Operation Blackface, started in January 2020 to prevent the spread of child pornography.  The Cyber safe movement to increase awareness among women about cyber safety was launched on 5^th January 2020. A campaign against fake news was launched in in March this year to reduce the spread of fake news and panic related to the COVID19 pandemic and lockdown. Campaigns to sanitize the cyber space and reduce hate speech are also in place. More than 150 complaints against hate speech have been registered under this provision. Cyber police stations are also present in each district.

After Dr Rajput’s presentation, Dr Mali gave a short introduction Cyber Crime, as well. From his experience as a lawyer handling cybercrime cases, he has noticed an absence of effective remedies against cybercrimes in India, even while cyber security is reducing. There are cybercrime patterns particular to India, like the prevalence of looting through the cyber space, that have not been effectively safeguarded against by the government. Crimes done below the radar by cybercrime gangs need to be eradicated as soon as possible by the relevant authorities to ensure greater cyber security. While there are redressal mechanisms like the cybercrime portal, there is little to no public data about how many registered complaints are getting converted into FIRs. When this data was sough under the RTI, the figure released by the Government was only representative of how many people visited the website, rather than how many complaints were effectively tackled by the police cyber department.

Here Dr Mali reminded the audience that the onus is also on concerned citizens and victims to ensure that their complaints are converted into FIRs and proper investigations are carried out. Often, victims get lazy about cybercrime and only call or email the police station. They fail to give an exhaustive complaint and do not follow through to see if action is being taken.  Thus, victims need to visit a police station or email their complains and then make sure to follow up the police station. Moreover, the cybercrime.gov.in portal is only a forwarding portal, not a formal complaint mechanism. Lack of awareness and greed are main causes for people becoming victims of cybercrimes. There needs to be some self-discipline followed by users on the cyber space.

When online abuse on takes place on platforms like Instagram and Facebook, people often just want to find out the IP address of the perpetrator and are not interested in filing a police complaint. This is incorrect because legally, the IP address of a perpetrator can only be given directly to the police. If citizens seek out cybercrime investigators to find out IP addresses, those investigations are illegal and use nefarious means to obtain the IP address, and hence cannot be used as evidence in the court of law. This is why its important for victims to use legal channels for redressal against cybercrimes.

Crimes like pornography occur when kids getting blackmailed by people befriending them o social media and sending them pornographic videos. Sometimes, the criminal records the child reacting to these pornographic videos, and then uses these reactions to harass and extort the child and their family. Such practices result in trauma for the child, and need to be prevented. The most important solution to such problems is for schools, counsellors and parents to be aware of such crimes on the internet. At the same time, parents cannot expect every website or platform to be banned and protected, children should be made aware of what is good and bad on the internet.

The reason why credit/debit card frauds are rampant is because small amounts are often stolen and sometimes the police doesn’t take complaints or register such small cases, allowing the perpetrators to roam free. While there are remedies, they are unfortunately not very efficient, and available only to specific people. This is why it’s important for all citizens to stay aware.

Smt. Malkani thanked both the guest speakers for their talking points and requested Dr Mali to provide an accessible guide on the format for how to file a complaint regarding cybercrimes. With this, the Social Sanchar moved into a question-answer session. Some questions were submitted by school students directly to VCAN, and others were submitted via WhatsApp and Twitter and live questions were from Facebook and YouTube.

To know the questions taken up and answered, both  by Dr Balsing Rajput and Dr Prashant Mali  please see the video, the Q&A starts at 40:56 minutes.

Some of the Q&A from the session are shared below:

Q-    If a victim of online fraud is in Mumbai and the crime committed in other part of India or the world, what is the court’s jurisdiction?

A-     You can file a police complaint wherever the crime occurs. The police can transfer cases between states. Consumer law lets you file a case at the place your staying when the crime occurs, not necessarily needing you to permanently reside in that place.

Q-    What is ethical hacking?

A-    Hacking itself cannot really be ethical, intruding into another network is always illegal. However, hacking with consent for an audit or testing is ethical. There are platforms that allow for penetration testing and such tests.

Q-   Why should we not share personal information on online platforms? How do we know if we are a victim of cyber bullying?

A-    Anything that is threatening or harmful that is propagated on social media, including naming and shaming, are all cyber bullying, as well as character assassination and stalking. In such cases, the victim should take the help of police to understand what the crime is.

Q-    What is Polymorphism?

A-    Polymorphism virus is malware that can geolocate the area—changes the nature of the malware. There are firewalls that detect such activities.

Q-    What is the legal status on use of VPNs in India?

A-    There are no laws regarding the use of Virtual Private Networking (VPN) in India.

Q-    What action can be taken against someone distributing explicit images?

A-    If you are sending obscene photo or video without consent, then it is crime under section 67 or 67a of the IT act. If the pictures are of someone below 18 years, the crime committed is child pornography. These are all unbailable crimes.

Q-    Is using the dark net allowed?

A-    If you’re carrying out illegal activities on dark net, those activities are still illegal. If there is no illegal transaction, i.e. if you’re using the dark net for anonymity, then it’s not illegal.

Q-   What legal recourse is there for matrimonial frauds?

A-    There is an advisory body, but no regulatory body, with guidelines to prevent matrimonial fraud. Matrimonial websites are required to follow intermediary guidelines under the IT act. There is also usually a dispute resolution link on matrimonial websites.

Q-    What can we do to detect a new fraud pattern not seen earlier?

A-    Abnormal activity or anything that is unusual is what you can detect as online fraud. There is no pattern to online frauds beyond the usual types of fraud.

Q-    Can we reliably substantiate the users with biometrics in the context of cyber threat?

A-    (Dr Rajput) Biometrics used with proper security frameworks are necessary and the benefit of using them is greater than the threat. (Dr Mali) Biometrics aren’t the most secure system, fingerprints can be copied and there are many operations that duplicate Aadhar cards.

Q-    How safe are digital payment modes like UPI and Google pay?

A-    While every system can risk being hacked, unless the user doesn’t share too much information, using the systems should be safe. Technologies are always evolving and becoming safer.

Q-    How does cyber risk insurance work?

A-    Off the shelf cyber insurance policies are alright for protecting small data systems. Larger IT infrastructure then usually needs to do a risk assessment and get a bouquet policy. Cyber risk insurance policy has higher premiums as there are too many unknowns to predict all the different cyber risks. However, smaller risks can be prevented by simple insurance policies.

While the time available for the session had ended, Smt. Malkani thanked the speakers for their clear and informative answers. The remaining questions would be sent across to the two guest speakers for them to answer, and later published on website alongside the report.

With this, Smt. Malkani closed the session for the day, affirming that there was much work ahead and that VCAN would make sure to take the cybersecurity initiative forward.

An online memento of appreciation on behalf of VCAN was presented to Dr Rajput and one to Dr Mali. Smt. Malkani then thanked VCAN’s trustees and the viewers for joining the session and ended the digital Social Sanchar.

To view the video of the event, click here

To view the press coverage by the Mid-Day, click here

To view the PPT of Dr. Balsing Rajput, click here

**Please be advised, the information in the presentation was prepared by Dr. Balsing Rajput, Superintendent of Police, Maharashtra Cyber, Mumbai, India, and was presented at the TogetherVCAN’s Social Sanchar held on 5th September 2020.
All Rights are reserved with the Author and due acknowledgement is to be given to the Author should this presentation in part or in full be used by anyone anywhere. The contents of the slideshow presentation are by the Author and not by VCAN.
The presentation file is lengthy, therefore please wait for it to be fully downloaded before clicking on individual slides. It is advisable to use Google Chrome to download the presentation.