When my phone buzzed, a husky voice echoed. Posing to be the Manager of State Bank, he informed me that that my KYC was not updated with my bank account. I was surprised for a moment. Being stranded for a long period at my working place due to Covid 19 pandemic, there was no way out of how I could reach the branch in Kolkata. I was upset for a while .The husky voice persuaded me to divulge my bank card number and the bank account. Soon I realised that it was fake call to trap me… a voice phishing. The use of phone (voice phishing) to capture such financial data from account holders, posing as officials from a bank is known as ‘Phishing’. Phishing is a cyber attack to steal user data, login credentials, credit card numbers, internal data etc. Such incidents of phishing happen every day and in great number. “Phish” is pronounced just as it is spelled the word “fish”-the analogy is of an angler throwing a baited hook and hoping you bite. The moment you bite you are trapped.
India has over 350 million internet users and 80 per cent of them use the internet for financial dealings and transactions and are thus susceptible to Cyber crime. This figure is projected to grow to over 500 million by the year 2022. As per Government reports, many hubs across India have flourished as part of the ‘Cybercrime as a Service’ Industry. Maharashtra recorded 2,945 cases of Cyber Crime till September 2018 and most of them were in Mumbai.
In Delhi, in 2017, as per the Delhi police, only 84 FIRs were registered at the cyber crime cell. Until April 2016, 110 complaints were lodged, but only 26 FIRs were registered. In Chennai, as per reports, 5,703 complaints have been received by the cyber crime cell in the past five years. Bengaluru registered the most number of cyber crime cases in 2018. It saw a whopping 5,035 FIRs registered at the lone cyber crime police station in the city. All this statistics shows that this industry of ‘Cybercrime as a Service’ is an organised form of services and is a formal affair.
The caller usually pretends to be a bank representative or someone from the bank’s technical team. In most cases, the caller sounds professional and provides a convincing reason for calling the customer. After giving a false sense of security, the caller then tricks the victim into giving away their personal and confidential data such as: one-time-password (OTP), credit/debit card number, the card’s CVV number [Card Verification Value — 3 to 4 digit number printed on the flip side of the card], expiry date, secure password, ATM pin, Internet Banking login ID and password and other personal information.
With the increasing use of smart phones and internet banking, various types of cybercrimes are posing threat in day to day life. Till date, it was advised by the bank not to share the PIN or OTP number of your debit/credit card with an unknown person. But now days the modus operandi has changed. With more digital money transfer and wallet services available, fraudsters have discovered new ways of online phishing. During the corona virus pandemic and the sudden shift of working from home have presented cyber crooks with a one of a kind of opportunity to make a quick buck.
With such crucial information at hand, the fraudster can easily carry out illegal financial transactions using the victim’s name. Or, for duping users, they generally ask the targeted consumer to download a mobile or desktop application such as ‘Any desk’, ‘Quick support’ and ‘Team Viewer’ to resolve the KYC issue. These applications allow remote access to the user’s account, including PIN details. They then siphon off funds from the target’s account. In this new way of Pay tm KYC, fraud money can be phished out of your account even without OTP.
According to estimates, in the year 2017 alone the global cost of cyber crime reached as much as $608 billion — about 0.8% of the global GDP. If we look at India for the same period, the cost of Cyber crime amounted to a loss of $18.5 billion. In 2017, India witnessed one case of cyber crime every 10 minutes and most of these incidents were not reported.
Pakur, Giridih Deogarh, Sahebganj and Dumka
Pakur, Deoghar, Godda, Sahebgang and Dumka apart from Jamtara have become the new hub for cyber crime in the state of Jharkhand. These areas are now been patronised even better by cyber criminals. There have been numerous cases registered against legitimate ‘Call Centers’ in Gurugram, Noida, Hyderabad, Kolkata, Bengaluru, Anantapur. All this is done as part of the large and flourishing ‘Cybercrime as a Service’ in India. Giridih has earned the sobriquet of “Cyber Zone”. So is the town of Deogarh in Jharkhand. Giridih’s Binsmi village has 1,000 dwellings and is home to about 900 cyber cheats. With a population of 25 lakhs approximately, Giridih was once known for its mica, and later for its collieries and steel-producing units. But the benefits of industrialisation have not reached most of its residents who continue to lead tough lives. Jharkhand is a tale of simple, democratic technology put into the hands of restless minds and impoverished bodies.
Jamtara, is a small sleepy town which has gained notoriety in cyber crime and is known as cyber capital. Have you ever heard about this place?
Amidst the malnutrition and poverty, this little town is often frequently visited by police teams of different states. Hardly known for its connection to the great reformer for women liberation, the quiet railway attention is known for its notoriety.
Only a few hundred metres from the Vidyasagar railway station is the place where Iswar Chandra Vidyasagar lived for 18 years, taught girls in a thatched school, and distributed medicines from a home clinic. Some of the articles used by him are still lying there but the place which should have been a tourist destination does not get any visitors these days. Many of its ‘phishing’’ experts have never left town, but their reach spans the nation.
More than 50 p per cent of cyber crimes in India are traced back to Jamtara, leaving cyber cops with sleepless nights and on toes. Fraudsters’ posing as bank managers are traced back to this town, this belt is clearly digital India’s underbelly. Smart phones make the world a less unequal place for the Jamtara‘s youth involved in cyber crime.
In September, Delhi Police busted a gang of six people who were running a phishing scam and were operating from Jamtara. The gang was exposed on the complaint of a victim who had called up a toll-free number of Axis Bank from Google which was later found to be fake as no one picked that call. He received another call from another number posing to be a bank employee. The victim was sent a link on which he was supposed to click to resolve his issue with the bank. However, he was duped of 63,800 as soon as he clicked on it
Over the past decade, especially since the mobile boom, Jamtara’s unemployed youth found working on phones an easy way to make quick money. There are innumerable mobile towers but hardly any signs of development of this district especially on the 17-km road leading from district headquarters Jamtara to Karmatar. The road runs parallel to the railway line, is pockmarked with large potholes. The only thing that catches the eye in this semi-urban setting with a population of about 2,00,000 are the dozen mobile phone towers erected in the fields on either side of the road. And it is these towers that hold the key to Jamtara’s infamy. Records at the Kamtara police station reveal that in between April 2015 and March 2017, police stations from different states have visited the station more than 23 times. Arrested around 33 accused, registered suo moto over 80 cases in between July 2014 to 2017 against 230 residents of that area.
These areas that have always been notorious for thugs have the next generation in the pipeline. The only common factor is a team of two youngsters, one with a basic mobile phone and the other, a smart phone. The basic phone is used to make the call even as the smart phone is on standby with an e-wallet opened. The caller identifies himself — anecdotally. State Bank of India users are vulnerable due to their sheer number and hence, phishing potential — and declares that the account is up for verification or expiry. Once the card details of the individual are entered, the transaction mostly requires a One Time Password (OTP) to authenticate. At this point, the caller tells his prey that he has sent across a code for him to repeat to him. Once the caller reads out the number, the transaction is complete.
Where the money goes?
The money that is sent to e-wallets from the victims’ accounts is usually transferred to multiple platforms — youngsters recharge villagers DTH and mobile accounts in exchange for lesser amounts of money. In other cases, funds get transferred into wallets on e-commerce sites, which the criminals then use to make extravagant online purchases. While it isn’t easy to spot the spoils of these e-thefts, there are little hints sprinkled across Jharkhand’s villages. Several modest houses for instance, have been transformed into classier middle-class homes in the last two years.
One of the kingpins was arrested in December 2019, but data reveals that phishing and hacking has doubled during the Lockdown months. In June 2019, cases were 672 which doubled to 1006 in June 2020 Can the government and police curb the menace completely?
The targets of Jharkhand’s e-robbers have spread across the country, and range from businessmen to housewives to retired army personnel and celebrities.
Do not share your bank login with anyone, even if the person claims to be a bank employee. Check the statements regularly to ensure no fraudulent transactions have been made. Do not click on malicious link. Always check a link before clicking on it oneself.Report to the bank immediately.
The author is an Associate Professor & Dean of Faculty of National University of Study and Research in Law, Ranchi. Views expressed are her own