Recent events across several cities have turned the spotlight on the dangers lurking around us and the big vulnerabilities of cities and citizens. These are mostly dangers emanating from natural disasters such as the basement flooding in Delhi and the land subsidence in north India, and man-made ones like road accidents and burglaries. Yet another formidable danger is upon us and is wrecking lives in many ways.
A 63 year old senior citizen of Thane received a call from a so-called employee of a courier company who informed him that a parcel in his name that contained prohibited items had been seized by the police and that he will now transfer the call to the police official. A person in a police uniform came on the video call and threatened him with arrest if he did not transfer the money in his bank account (in this case some 50.70 Lakhs) to a so-called ‘RBI’ account until the investigation was complete when the money would be credited back to his account. The senior citizen did as he was told. Needless to say, he neither received the money back nor did he hear ever again from the courier guy or the man in uniform.
Sounds very familiar, doesn’t it? And also puts us all on guard. Yet many of us fall prey to the next such scam. There are several versions of this scam all over the country, especially targeting citizens in our metros and large cities. The scale of this criminal operation has reached alarming proportions both in terms of the number and frequency of the events as well as the sums of money involved. In fact the matter has come to acquire such significance that it needs wide coverage of what is happening and possible safeguards.
While we read in the media, mainly social media, about a new incident and modus operandi every other day, we tend to comfort ourselves saying, “Oh! I am smart, I will not fall to such a scam.” Such of us must read the press report in a popular daily under the headline ‘Sr CBI official duped of Rs 2L in parcel scam in Mumbai’. So no one seems immune from these scams. This is surely an organised racket being operated possibly from specific locations by a large number of people. A recent report in the Economic Times stated, ‘The plans come as internal government data shows individuals have lost funds of nearly $1.26 billion in financial institutions to cyber fraud since 2021, with one of the sources saying about 4,000 fraudulent accounts are opened every day.’
Banking operations
The payment mechanism is quite unlike the kidnapping ransom we have seen in Bollywood movies of yesteryears. There the kidnapper asked the victim to leave the cash beneath a specific rock underneath a banyan tree and go away. And of course not to look back over one’s shoulder. Now the operation is more refined. The victim is asked to make payment through net banking to a specific bank account. So, one wonders when the money is moving through regular banking channels (NEFT, IMPS) from one bank account (of the victim) to another bank account (of the fraudster), both banks being regulated entities, why can the recipient of the funds (scamster) not be identified, apprehended, punished, and the funds recovered?
Some say that the identity of the bank account holder is forged. In other words, the account has been opened without adequate, robust KYC processes. The Economic Times Report quoted earlier mentions some measures proposed by the RBI to curb this menace. This is welcome. Alongside, the account opening process must be made more rigorous and failsafe. Since scamsters could be opening bank accounts using forged/fake Aadhaar/PAN Cards, the bank officials must have access to UIDAI server so they can enter the Aadhaar number provided by the account opener and validate that with number, name, address, and photograph as available in the UIDAI server.
India’s Jan Dhan Yojana, has proved to be one of the world’s largest and impactful financial inclusion mechanisms, enabling Direct Benefit Transfers and empowering women. Yet, is it likely that of the large number of accounts opened, many are being used as ‘mule’ accounts, a category of accounts that is worrying authorities?
There is therefore the need for banks and financial entities to insist on Re-KYC, doing KYC again even for customers who are apparently KYC compliant. This is likely to weed out many bogus bank accounts over time. Further, KYC and Re-KYC process must be done physically at bank branches and not online. Bank customers on their part must realize that it is worth going to the bank branch physically, say once in two years for this purpose if we are to curb cybercrime and protect ourselves from financial loss to scams.
Mobile telephony
The scamster always contacts the victim using a mobile phone, often using video calling in order to intimidate the victim by posing as a police or customs official in uniform. Therefore it should be possible to establish the identity of the scamster, provided of course that the KYC has been done diligently at the SIM issue stage. Scamsters, it seems, are able to acquire large number of SIM cards with fake identities to evade identification. The tendency of telecom service providers to ‘give away for free’ SIM cards in order to drive up mobile subscription numbers is a grave ponderable. Similar is the ‘facility’ of home delivery of SIM cards …within minutes. SIM cards must be issued only across the counters of the mobile service provider against robust KYC process.
Apparently cybercrime is a matter of great worry for policymakers, regulators and indeed for the common citizen. In fact, every time our mobile phone rings and displays an unknown number, we get anxious and wonder whether to answer the call or not; always worrying that the caller could be a scamster trying to scam us. It is now urgent for us to put in place appropriate measures to curb this menace and make our lives stress-free in this respect. While policymakers, regulators, law-enforcers, and the police have a daunting task in addressing this challenge, we as citizens, must be willing to cooperate with banks/authorities (ex. for Re-KYC, new SIM Card) in establishing and fortifying systems and processes. There seems no other way if we are to build cyber-resilience into our cities.
- Cyber Scams are becoming more and more frequent, and the scamsters more proficient and innovative. Some measures that we could adopt to protect ourselves:
- Most scamsters make video calls showing themselves in the uniform of police or customs or other law enforcement agencies in order to intimidate us. It would be good if we keep our mobile phones’ internet OFF for most of the time and turn it ON only when we want to transmit/check incoming messages. Therefore, most of the time, cyber criminals cannot connect with us.
- Some criminals call us and state that a family member (who had gone out) has been arrested and kept in custody for a serious crime. They then demand funds transfer to them to close the case and release the person. Therefore, if you are going out, inform your family back home through text messages/calls of your well-being. So if a scamster calls the family, the family will know there is something fishy.
- Do not share your Aadhaar Card number/photocopy unless at a bank or some government department, and that too only if essential. It can be misused to obtain a SIM card in your name or open a fake bank account. Always use the Voter ID Card for proof of address, DoB, age, etc. Aadhaar Number should be kept secret. So UIDAI has started giving masked (Some digits masked) Cards. (Obtain a voter ID card, if you do not have one. And yes, this can be done online at the Election Commission website).
- Do not be lazy. If someone calls saying he is from your bank and wants to do your Re-KYC over phone, tell him that you will visit the branch for it. And verify at the bank by calling the customer care number yourself.
- Some scammers will send a text message asking you to click on a link to complete KYC. Do not do so. Call the bank and confirm.