Understanding Cyber Frauds in India

Introduction

Cyber fraud is the term for illegal activity carried out over the internet and with digital devices. It includes a broad spectrum of illegal actions and fraudulent schemes carried out via different online platforms. Identity theft, financial scams, data breaches, online shopping fraud, phishing attacks, ransomware, and other malicious activities targeted at tricking people, companies, or organisations for financial gain or other malevolent reasons are all examples of cyber fraud. These crimes pose serious hazards to people’s privacy, financial security, and general trust in online transactions and interactions because they take advantage of weaknesses in digital systems, networks, and human behaviour.

Some of the types of cyber frauds in India are:-

1. Phishing

2. Online banking fraud

3. Credit card fraud

4. Identity theft

5. Online investment scams

6. Social media scams

7. Ransomware attacks

8. Job fraud

9. Online shopping fraud

10. Cyberbullying and online harassment


(1) Phishing:-

Phishing is a form of online fraud in which perpetrators pose as respectable organisations, banks, governments, or other trustworthy businesses in an attempt to deceive victims into divulging personal information, credit card numbers, usernames, or other sensitive data. Phishing attacks are most frequently conducted via email, however they can also happen over other forms of contact, such as phone calls or texts (smishing or vishing).

Here’s how a typical phishing attack unfolds:

Bait: Attackers create a convincing email or message that looks to be from a reliable source. They frequently use email addresses, logos, and other features that closely resemble the actual organisation..

Hook: The message typically consists of an attention-grabbing offer or a sense of urgency to persuade the recipient to act right away, like clicking a link or downloading an attachment.

Deception: The phishing email’s link or attachment takes users to a phoney website that imitates the real one quite a bit. After being asked to enter their personal information, victims’ data is intercepted by the attackers.

Exploitation: Once the attackers get the information they need, they can utilise it for a number of nefarious activities, such as money fraud, identity theft, or gaining unauthorised access to accounts.

 

(2) Online banking fraud

Unauthorised or fraudulent transactions made through online banking channels are referred to as online banking fraud. Cybercriminals uses a various techniques to acquire victims’ banking credentials and manipulate online banking systems, which can lead to this kind of incident. Here are a few typical forms of fraud involving online banking:

Malware: Malicious software such as banking Trojans or keyloggers infect users’ devices, allowing attackers to capture sensitive information like login credentials, account numbers, and personal identification numbers (PINs) as users access their online banking accounts.

Man-in-the-Middle (MITM) Attacks: Attackers intercept communications between users and their banking websites to eavesdrop on or alter sensitive data exchanged during online banking sessions. This could include stealing login credentials or manipulating transaction details.

Account Takeover (ATO): Cybercriminals gain unauthorized access to victims’ online banking accounts by obtaining or guessing their login credentials through methods like phishing, social engineering, or using stolen credentials leaked from data breaches. Once inside, they may initiate fraudulent transactions or steal funds from the account.

Credential Stuffing: Attackers use lists of stolen usernames and passwords obtained from previous data breaches to attempt unauthorized access to online banking accounts. They automate login attempts using these credentials until they find a match.

SIM Swapping: Attackers fraudulently obtain control of victims’ phone numbers by convincing the victim’s mobile carrier to transfer the phone number to a SIM card under the attacker’s control. This allows them to intercept two-factor authentication (2FA) codes sent via SMS and gain access to online banking accounts.

Remote Access Scams: Fraudsters trick victims into installing remote access software on their devices, claiming to provide technical support or assistance. Once installed, attackers gain control of the victim’s device and can access online banking accounts to conduct fraudulent transactions.

(3) Credit Card Fraud:-

Credit card fraud is the unlawful use of another person’s credit card information to make transactions or take out cash without the cardholder’s consent.. It’s a kind of financial scam that’s common everywhere, even in India. The following are some typical forms of credit card fraud:

Card Skimming: Skimming devices are used by thieves to obtain credit card information from the magnetic stripe when a card is swiped at petrol pumps, ATMs or hacked payment terminals. After that, they construct fake cards or use this information to make purchases online.

Carding: To verify the legitimacy of a credit card, thieves use information that has been stolen to make modest purchases. After verification, they move on to bigger transactions or sell the card information on the dark web.

Account Takeover: Hackers gain unauthorized access to victims’ online accounts by obtaining their login credentials through phishing, social engineering, or malware attacks. They then make purchases or transfer funds using the compromised credit card information.

Identity Theft: Fraudsters steal personal information, including credit card details, social security numbers, and other sensitive data, to impersonate individuals and open new credit card accounts or make unauthorized transactions in their name.

Card Not Present (CNP) Fraud: Criminals use stolen credit card information to make online or over-the-phone purchases where the physical card is not required. They may also use this information to set up recurring payments or subscriptions.

Lost or Stolen Cards: If a credit card is lost or stolen, unauthorized individuals may use it to make purchases until it is reported as lost or stolen by the cardholder.

(4) Identity theft:-

Identity theft is a kind of criminal activity in which someone steals another person’s personal information and uses it fraudulently, usually with the intention of making money. Numerous personal details, like social security numbers, credit card numbers, passport numbers, bank account information, and more, may be included in this stolen material. For victims of identity theft, there can be severe repercussions that include emotional pain, credit score impairment, and monetary losses. Here are some ways to avoid identity theft and how it usually happens:

How Identity Theft Occurs:

Data Breaches: Cybercriminals may gain access to large databases containing personal information through hacking or other means. These databases could belong to government agencies, businesses, or financial institutions.

PhishingFraudsters may deceive people into giving their personal information, such as usernames, passwords, or account numbers, by sending false emails, texts, or phone calls.

Skimming: In an effort to fool victims into disclosing personal information, such as account numbers, usernames, and passwords, fraudsters may employ phoney emails, messages, or phone calls.

Dumpster Diving: Thieves may sift through trash or recycling bins to find documents containing personal information, such as bank statements, credit card offers, or utility bills.

Social Engineering: Attackers have the ability to coerce people or customer service agents into providing personal information over the phone or in other ways.

Stolen Wallets or Purses: Physical theft of wallets or purses containing identification cards, credit cards, or other personal documents can lead to identity theft.

(5) Online investment scams:-

Online investment scams are fraudulent schemes that prey on individuals looking to invest their money with the promise of high returns or guaranteed profits. These scams typically operate through websites, social media platforms, emails, or online advertisements. Here are some common types of online investment scams:

Pyramid Schemes: Rather of actually selling goods or services, participants are guaranteed large rewards for bringing new members into the programme. The plan eventually collapses, leaving the bulk of participants with losses, as it depends on constantly onboarding new members to pay returns to current ones.

Ponzi Schemes: Ponzi schemes, which are akin to pyramid schemes, offer investors large returns by utilising the money from new investors to settle rewards owed to previous participants. When there aren’t enough new investors to keep the plan going, it fails, leaving participants with large losses.

High-Yield Investment Programs (HYIPs): HYIPs promise unusually high returns on investment, often with little or no risk. However, many HYIPs are fraudulent schemes that fail to deliver the promised returns and ultimately collapse, causing investors to lose their money.

Forex Trading Scams: Some online platforms or individuals claim to offer opportunities to trade foreign currencies (forex) with the promise of high profits. However, many forex trading schemes turn out to be scams that manipulate prices or fail to execute trades as promised, resulting in losses for investors.

Cryptocurrency Scams: With the rise of cryptocurrencies, there has been an increase in online investment schemes related to cryptocurrencies, including fraudulent initial coin offerings (ICOs), fake investment platforms, and Ponzi schemes disguised as legitimate cryptocurrency projects.

Affiliate Marketing Schemes: Some online investment scams involve recruiting individuals to promote investment products or platforms in exchange for commissions or referral fees. While legitimate affiliate marketing programs exist, some schemes may involve promoting fraudulent or high-risk investments.

Real Estate Investment Scams: Scammers may offer opportunities to invest in real estate projects through online platforms or advertisements with the promise of high returns. However, some of these schemes may be fraudulent or involve high-risk investments with little transparency or oversight.

(6) Social Media Scams:-

Social media scams are fraudulent activities that target users of social networking platforms such as Facebook, Twitter, Instagram, and LinkedIn. These scams exploit the trust and connectivity of social media networks to deceive users into providing personal information, sharing sensitive data, or falling victim to financial fraud. Here are some common types of social media scams:

Phishing Scams: In order to disseminate misleading messages or posts, attackers create phoney social media accounts or pose as reputable people or businesses. These messages might include links to phoney websites intended to steal credit card numbers, login credentials, or other private information.

Fake Giveaways: Scammers create fake social media profiles or pages claiming to offer giveaways or contests with valuable prizes such as gadgets, gift cards, or vacations. To participate, users are asked to provide personal information or pay fees, but the promised prizes are never delivered.

Romance Scams: Fraudsters create fake profiles on dating or social networking sites to establish romantic relationships with unsuspecting users. Once trust is established, they may request money for various reasons such as medical emergencies, travel expenses, or business investments.

Investment Scams: Scammers promote fake investment opportunities or trading platforms on social media, promising high returns with little or no risk. Victims are encouraged to invest money in these schemes, but they ultimately lose their funds as the investments turn out to be fraudulent.

Fake Customer Support: Scammers create fake customer support accounts on social media platforms to impersonate legitimate companies. They respond to users’ complaints or inquiries, tricking them into providing personal information, login credentials, or payment details.

Malicious Links and Downloads: Scammers post links or files on social media that lead to malicious websites or malware downloads. Clicking on these links or downloading files can infect users’ devices with viruses, ransomware, or other types of malware.

Survey Scams: Fraudsters lure users with promises of rewards or incentives for completing online surveys shared on social media. However, the surveys are often a ploy to collect personal information or to generate revenue through ad clicks.

Impersonation Scams: Scammers impersonate trusted individuals or organizations on social media to solicit donations for fake charities, emergency funds, or disaster relief efforts. Users unknowingly send money to the scammers instead of legitimate causes.

(7) Ransomware attacks

Ransomware attacks are a type of malicious cyberattack where cybercriminals encrypt files or lock users out of their systems and demand a ransom payment in exchange for restoring access or decrypting the files. These attacks can have devastating consequences for individuals, businesses, and organizations, often resulting in financial losses, data breaches, and operational disruptions. Here’s how ransomware attacks typically unfold and some preventive measures:

How Ransomware Attacks Work:

Encryption: Once inside the system, the ransomware encrypts files on the victim’s device or network, making them inaccessible. Some ransomware variants also lock users out of their systems entirely, displaying a ransom note demanding payment.

Ransom Demand: The attackers then demand a ransom payment, usually in cryptocurrency such as Bitcoin, in exchange for providing the decryption key or unlocking the system. The ransom amount can vary widely, ranging from a few hundred to millions of dollars.

Payment and Decryption: If the victim decides to pay the ransom, they may receive instructions on how to transfer the cryptocurrency to the attackers. However, there’s no guarantee that the attackers will provide the decryption key or unlock the system even after payment.

(8) Job Fraud:-

Job fraud, also known as employment scam or job scam, involves fraudulent schemes that target job seekers with false promises of employment opportunities in exchange for money, personal information, or other forms of exploitation. These scams can have various forms and targets, including:

Fake Job Postings: Scammers create fake job advertisements on online job boards, social media platforms, or websites, offering lucrative positions with attractive salaries and benefits. However, these jobs do not exist, and the scammers may use the opportunity to collect personal information from applicants or solicit payment for fake background checks, training materials, or job placement services.

Work-from-Home Scams: Fraudsters offer work-from-home opportunities that promise high earnings with minimal effort, such as envelope stuffing, data entry, or processing payments. Victims may be required to pay upfront fees for training or materials, only to realize that the promised work does not materialize, or the tasks are illegal, such as participating in money laundering schemes.

Advance Fee Fraud: Scammers posing as employers or recruitment agencies ask job seekers to pay upfront fees for job applications, interviews, or processing visas or work permits. After receiving payment, the scammers disappear, and the job seeker never hears back about the job opportunity.

Overpayment Scams: In this kind of fraud, con artists impersonating employers mail fictitious checks or money orders to prospective employees as payment for labour or as reimbursement for out-of-pocket expenses. Subsequently, the con artist requests that the victim deposit the cheque, retain a portion as payment, and wire them the remaining balance. But the first cheque turns out to be fraudulent, and the victim loses the money they sent to the con artist.

(9) Online Shopping Fraud:-

Online shopping fraud, also known as ecommerce fraud, refers to deceptive or fraudulent practices that occur during online shopping transactions. These scams can target both consumers and online retailers, leading to financial losses, identity theft, and other negative consequences. Here are some common types of online shopping fraud:

Fake Websites: Scammers create fake online stores that mimic legitimate ecommerce websites, offering products at discounted prices to lure unsuspecting shoppers. However, after receiving payment, the scammers either deliver counterfeit or inferior goods, or they never deliver anything at all.

Payment Fraud: Theft of credit card information is used by thieves to make unauthorised purchases on online stores. This could entail making sizable purchases before the cardholder discovers and reports the fraudulent activity, or it could entail utilising stolen card details to purchase goods for resale.

Account Takeover: Hackers gain unauthorized access to users’ online shopping accounts by obtaining their login credentials through phishing, social engineering, or data breaches. They then make purchases using the compromised accounts or change account details to prevent the legitimate owner from accessing their account.

Triangulation Fraud: Fraudsters create fictitious internet shops to serve as middlemen between honest vendors and customers. Upon making a purchase on the fraudulent website, the con artist utilises pilfered credit card details to purchase the item from an authorised vendor and arrange for direct shipping to the customer. The discrepancy between the buyer’s price and the item’s cost from the authorised store is what the fraudster makes money off of.

 

Delivery Interception: Criminals intercept packages during the shipping process, either by rerouting them to a different address or stealing them from doorsteps or mailboxes. This allows them to steal the contents of the packages or use them for identity theft or resale.                                                    

(10) Cyberbullying and online harassment:-

Cyberbullying and online harassment are terms used to describe the use of digital communication tools to harass, threaten, or intimidate people or groups. These tools include social media, messaging apps, email, and online forums. For victims, these actions can have detrimental emotional, psychological, and occasionally bodily effects. The following are some typical instances of internet harassment and cyberbullying:

Harassment: Sending abusive, threatening, or derogatory messages, comments, or emails to an individual repeatedly, with the intent to cause distress or fear.

Cyberstalking: Continuously monitoring, following, or harassing someone online, often by tracking their social media posts, location, or personal information without their consent.

Impersonation: Creating fake social media profiles or accounts to impersonate someone else and harass them or damage their reputation.

Doxing: With the intention of intimidating or hurting someone, sharing or publishing their personal information—such as their phone number, home address, or financial details—online without their permission.

Exclusion and Outing: Excluding someone from online groups or conversations, or publicly disclosing private or embarrassing information about them without their consent.

Flaming: Engaging in hostile or aggressive online discussions, arguments, or debates, often with the intent to provoke or upset others.

Revenge Porn: Sharing intimate or sexually explicit photos or videos of someone without their consent, usually as a form of revenge or to humiliate them.

Trolling: Posting inflammatory or offensive comments or content online with the intent to provoke emotional responses or disrupt discussions.

Mr. Ankit Kumar

Mr. Ankit Kumar

Forensic Science Geeta University Panipat

https://blog.geetauniversity.edu.in