With the dawn of digital age, cyber fraud has become a part and parcel of our lives. From scam calls to unsolicited text messages, it impacts us in some way or the other. Jayendra Chaithanya T explores some of the techniques these criminals use to trick us...
They usually strike around midnight
Investigators have found an uncanny resemblance in the methodology used by many cyber crooks — most of them seem to attack bank accounts around midnight — between 11.30 pm and 12.30 am. This is because all banks have set a maximum withdrawal/usage limit per day, and for most banks the ceiling is of Rs 40,000. By operating around midnight, these criminals are able to withdraw the maximum allowed amount for two days within a span of one hour.
Such a modus operandi was used in a few cases that have been reported in the recent times, say Rachakonda cyber crimes police. Account holders had received information from bank executives who identified such suspicious withdrawal of Rs 40,000 just before midnight and another Rs 40,000 within the next 30-45 minutes. This is exactly what happened to a techie from Ramanthapur who later approached the police.
He claims to have received a phone call from a bank executive at around 12.10 am. The executive asked him whether he had done two online shopping transactions and the techie replied in negative as he had been sleeping. The bank executive then advised him to block his card instantly as two online shopping transactions had been carried out using his card for the maximum limit. Based on investigation, police found that both transactions had been done within a time gap of three minutes. The first transaction was done at 11.58 pm and the second was at 12.01 am. Rs 80,000 had been swindled from the victim’s card in total to purchase mobile phones.
The banking system follows the 24-hour format, which means, you can carry out back-to-back transactions for the maximum limit between 11.59 pm and 12.01 am, Rachakonda Assistant Commissioner S Harinath. “Most of the time, attackers keep a close watch on transactions done from accounts of the victim. It’s likely that the victim’s card was cloned during some previous transaction and the PIN was also noted,” the officer added. In the techie’s case, cops have traced the attacker’s IP address to a North Indian city and efforts are on to nab the accused.
They track and clone your card details
Most cyber criminals use a device called skimmer that is about 3.5-inches long and 2.5-inches wide and can compromise the debit or credit card security of unsuspecting citizens. The skimmer is a device that uses a magnetic reader to read the details of an ATM card.
In the case of the techie who lost Rs 80,000, police suspect the criminals could have cloned his card to conduct data theft. Police, over time, have arrested several gangs for cloning debit and credit cards of public who use them at ATMs, restaurants, pubs and clubs.
Police say these incidents usually happen in upscale areas of the city where the criminals expect rich customer to visit. In a recent case detected by the Rachakonda police, a team led by former IT Engineer from Tamil Nadu was caught for cloning credit cards of foreign nationals by collecting their bank data online.
There was also a case reported in Cyberabad where two employees of a pub were held for skimming ATM cards of customers and sending the skimmer to New Delhi to make clone ATM cards with the stolen data.
A senior cyber crime police official said skimming and cloning are very big rackets in the country. The kingpins hire youngsters in dire need of money and use them for the illegal activity. “In the Cyberabad case, the employees working in the pub were receiving Rs 2,000 for every card’s data they stole and they used to do it at least seven to eight times a day,” said an official.
By the time the racket was busted, the damage had already been done. The crooks had cloned over 100 ATM cards and used them to swindle money which was deposited in the gang kingpin’s account.
They even circulate false customer care numbers
Modus operandi of cyber crooks change like seasons in a year, say cops. When many cases of cyber fraud using one particular strategy are busted, others adopt newer methods. Two new modus operandi have surfaced in the recent times. One is targeting Closed User Groups (CUG) and other is to place false customer care phone numbers of banks.
Explaining another case that happened in a city, a police official said one such gang gained access to some mobile network databases and identified CUG connections. “One member of the CUG would get a call from the crook who under some pretext asks for ATM card details and PIN number. If the first person refuses to share information, the crook calls another member in the CUG and uses the first person’s name and asks for ATM card details. They also keep the first member’s line engaged so that the second member cannot contact them before sharing the details. Some gullible persons fall for this trick and divulge information,” the official said.
In the second technique, criminals ensure that the false customer care number that is published on the internet appears on top of the search results. If any unsuspecting customer tries to call the number, believing it to be the bank’s contact person, to register a complaint the attackers take all the details and use the same to swindle money. In some cases, these attackers do not swindle money immediately.
They bank on you to deal with your data carelessly
Indians are enjoying technology but are not participating in ensuring their personal safety and security. Many citizens are worried about the leaking of Aadhaar number, but neglect the information they share via mobile applications and social media sites. Stressing on the need to restrict sharing of personal information including photographs, Additional SP, Crime Investigation Department (Cyber Crimes), U Ram Mohan Rao, while addressing the gathering at a programme, held by the Federation of Telangana and Andhra Pradesh Chambers of Commerce and Industry, said that recently there have been incidents where some cyber crooks from Bihar have been spying on the social media accounts.
He said that it would take 13 billion years for a person to hack Aadhar data of the Indians as our systems are highly secured. The data that is available to the fraudsters is mostly shared by the owner himself or his associates for other purposes ignoring the safety, and thus landing into wrong hands.
“The latest trend is to follow the profiles of Facebook users. By observing posts of a person like the statuses, pictures of houses, children, their schools and admissions, the crooks in Bihar are assessing the financial conditions to identify a prospective target and kidnapping their child. Here, the offenders do not need to conduct a recce as the user is sharing everything and the data is readily available,” said the Additional SP.