India’s Scamdemic
When the email landed in his inbox around 11 am on a Monday, Satyajit Gaikwad (name changed) didn’t think much of it. It was from his work associate, Prerna Sharma (name changed) asking him if he could do her a favour by settling a vendor’s outstanding payment. Again, Gaikwad did not think this to be suspicious.
“Rest assured, I’ll personally repay you the amount by EOD. I’m just caught in a meeting right now, so decided to shoot you an email,” the missive said.
The size of the amount was normal in Sharma’s corporate training business, and since it is a startup, financial rumbles from time to time were not unheard of. The wording of the email, too, was the right mix of casual and business-like, the way Sharma always discussed work-related matters with Gaikwad.
As it happened, Gaikwad was facing something of a cash crunch himself and didn’t want to take the risk on that particular day. He replied to the email saying so, and received no response. He simply assumed that Sharma understood and didn’t expect her to waste time on formalities either.
Three days later, however, he received a second email from Sharma, asking if he was free to plan a ‘surprise’ for the team. Feeling guilty about the last time, he replied in the affirmative and the next email from Sharma asked him to purchase some gift cards as a Diwali bonus for the team.
“That was the moment alarm bells went off in my head, because I’d heard of these scams, where the cybercriminals ask you to buy gift cards for them. I immediately checked the email ID and saw that while the display name was Sharma’s, the actual email ID was completely different. Due to the fact that I received numerous emails from her in the past, I didn’t bother checking the email ID earlier. This time, I went back to her previous mail which, I realised, had also come from a different ID,” Gaikwad recalls.
Immediately, he alerted Sharma who, by the time, had received similar warnings from other business associates. The question that had everyone wondering was this: Since Sharma was being impersonated, clearly her email had not been hacked. How, then, did the scamsters know whom to email? The answer is in LinkedIn.
Since 2002, cybersecurity agencies such as Norton, Kaspersky and Group IB have been tracking a rapidly rising trend where cybercriminals have been examining LinkedIn profiles of working professionals as part of their research. According to experts, they spend hours studying an organisation before zeroing in on that one person at the top, who is then impersonated.
Using publicly available data, like email IDs, mails are sent out to employees or associates from the spoofed ID, and the targets are tricked into making payments in the form of money transfers or gift cards.
As of June 2024, according to data compiled by AAG, an IT solutions provider, LinkedIn itself is becoming a massive hotbed for phishing rackets.
“New starters that have changed their job status on LinkedIn are a key target. The criminals impersonate senior staff in their attempts to obtain personal information. Others will request employees to buy gift vouchers, such as those for iTunes, or call a given number to discuss important requirements for the job,” states Charles Griffiths, Director of Technology and Innovation at AAG, in his latest report.
Phishing and Business Email Compromise, however, are not the only threats lurking around the corners of professional networking websites. Among impersonation-based cybercrimes, those that abuse Google Maps top the list.
Google Maps follows a User Generated Content (UGC) policy, which lets users edit content on its pages. For instance, the owner of an eatery can claim it on Google Maps and add a contact number and email ID. Unfortunately, not everyone is aware of this, and before legitimate owners can put up their contact details, scamsters add their own contact numbers.
As a result, customers of establishments seeking support or information end up falling into cybercriminals’ nets instead. The con began during the pandemic with liquor shops. Tipplers wanted their drink and were happy when liquor shops started home delivery.
Unknown to them, cybercriminals added their own contact numbers to that of wine shops, and thousands of rupees were lost on a daily basis. When the wine shop con became old, they moved on to banks, and then to hospitals and clinics.
In May this year, Dr SC Tiwari, a retired professor from the King George Medical University in Lucknow, noticed a typographical error in his name on his flight ticket. He was to fly from Toronto to Delhi later in the month and, wishing to avoid hassles, tried contacting the airlines customer care using a number he found on the internet. `Soon after, he received a ‘call back’, during which the caller smooth-talked him into revealing his netbanking Personal Identification Number (PIN). The next thing he knew, Rs 94,150 was debited from his account.
While LinkedIn battles this rising threat, dating apps find themselves facing a challenge of their own. Over the last three years, cyber law enforcement agencies have been receiving information about honey trapping and sextortion rackets mushrooming on dating apps. But the slick execution and unwillingness of victims to come forward with a complaint lets the perpetrators get away with it.
“Dating apps are used to make initial contact,” says a senior officer with the Mumbai cyber department. As soon as a target ‘matches’ with the scamster, he is invited to chat on Telegram or connect on Instagram. Here, after some conversation, he is enticed into making explicit acts on video call, and then, the blackmail begins. No criminal activity is ever conducted on the dating app.
The officer adds that due to the stigma attached to the act, hardly one per cent of the victims are willing to register an FIR. The rackets, meanwhile are becoming more organised, with new innovations in the modus operandi of the con artists. Another online scam is to send emails purportedly from the Police Commissioner alleging that the recipients have visited child-porn sites and must contact the sender immediately or face arrest.
Some other mails claim to have videos of people engaged in sexual acts and threaten to post the videos on YouTube unless they pay up. The frightening part is that scamsters have been able to break into firewalls of companies and send these threats. The best way to detect their veracity is to check the email address of the sender, which will have nothing to do with the official sender’s.
Another trend authorities are tracking is the posting of nude pictures of women as their own ‘nudes’ online in exchange for money; the scamster disappears as soon as the money is paid. Here, too, the initial contact is through dating apps, and the rest of the conversation happens on other platforms. In numerous cases, the profiles are not even operated by actual women; they are just names and pictures from social media posts of women without their knowledge or consent.
Says retired IPS officer Triveni Singh: “Of course, unemployment plays a role. Some of the scamsters are unemployed people who turn to cybercrime, and prey on others who are also unemployed and looking for jobs. Particularly those who have worked in the IT industry are always the prime target for cyberslavery.”
The former cop-turned-cyber crime expert is currently the Chief Mentor at Future Crime Research Foundation (FCRF), a collective of cybercrime and cybersecurity experts working to raise awareness about cyberthreats via events, research and reports. The FCRF has been tracking the alarming rise of instances where job seekers are lured with promises of well-paying jobs abroad, and trafficked to Cambodia, Laos and Vietnam. Here, they are put to work in sweatshops controlled by the local mafia, and made to perpetrate a wide variety of cybercrimes against their own countrymen.
A large section of these scams include luring the victims to invest in bogus cryptocurrency frauds. Known as pig butchering, these hoaxes are akin to fattening up a pig before slaughtering it. Typically, they start on Instagram and, as soon as the first contact with the intended target is made, they shift to Telegram or bogus ‘investment apps’ that show increasing returns on the victim’s ‘investment’. In reality, however, the money goes straight into the scamsters’ accounts.
As the age-old swindles continue, the new cons are concerning as well. “Various official reports indicate that people are being recruited with offers of IT or administrative work, often based in Thailand. On arrival, they are met by agents who transfer them to counterparts who take them across the border to Cambodia, Myanmar and Laos,” an UNDOC report in July this year states.
In 2024 until now, the Indian Embassy in Cambodia has facilitated the rescue of 650 citizens, and 548 have been rescued in Laos and 57 in Myanmar. The racket came into the spotlight in May this year, when a protest broke out in Sihanoukville, Cambodia. Videos surfaced on the internet of Indian nationals gathered on a basketball court of the compound of a building, raising slogans to demand their passports, until local police arrived on the scene. Around 60 Indians were rescued from the compound and repatriated to India over the next few months.
The cyberslavery rackets are hardly new. In 2022, Vice News published an in-depth investigative report about young job seekers from China, Taiwan, Hong Kong, Thailand, Vietnam and Malaysia being trafficked to Chinese-owned casinos in Cambodia, and made to work as cybercriminals.
Describing the plight of a person forced into slavery, Vice reported, “He was met at the airport by four men who put him in their car and told him not to ask questions on the five-hour drive to Sihanoukville. The once-sleepy town on Cambodia’s southern coast was transformed around 2016 by a Chinese-led construction boom, which saw more than 100 casinos built catering to tourists from mainland China, where gambling is illegal. Today a half-finished city of construction sites and skyscrapers, Sihanoukville’s associations with criminality grew after its economy was ravaged by Cambodia’s 2019 online gambling ban, and then the pandemic.”
The attention shifted to India after the same pandemic left scores of young men and women unemployed, and as the number of willing Indian perpetrators grew, so did that of the Indian victims. Today, embassies in scam-affected countries have detailed advisories on their home pages, including names of Indian recruiters involved in trafficking the victims and helpline numbers to call in case one’s family member falls prey to these rackets.
China, however, has had a much longer history with India when it comes to exploitation of Indians via cybercrimes. Ketan Raikwar, an Indore-based cybersecurity investigator has, for the last one year, been tracking the proliferation of online betting rackets - rigged apps and websites on which after small initial wins, the users lose money consistently, but also keep betting more in hopes of winning back their losses. Using basic ethical hacking skills, Raikwar was able to break through the surface of these platforms, to alarming results.
“The perpetrators have created at least 12 illegal payment gateways; one not registered with any authority, and hence, not governed by any rules. These allow users to deposit money into the betting account without scrutiny, which basically means that the money simply disappears. As a concept, the fact that cybercriminals now have the ability and resources to create their own payment gateways should scare us,” he warns.
He saves the most disturbing findings of his investigation for the end: all these payment gateways are linked to Chinese banks. In other words, the victims’ money is going straight to China.
The Chinese connnection has also been observed in other cybercrimes, says Singh, who works with law enforcement agencies across the country.
“Over the years, we have seen evidence linking China to a variety of cybercrimes targeting Indians. These include part-time job rackets, investment scams, instant loan apps and digital arrest scams,” says Singh.
Loan apps took the country by storm in the pandemic, when unsecured loans at varying rates of interests started being given out through apps available freely on legitimate hosting platforms. Due to the large-scale unemployment and financial crisis, lakhs of people borrowed money through these apps. It was only while these loans were being recovered that the predatory practices, like threats and blackmail using morphed pictures, started coming to light.
Today, the digital arrest scam has reached the same proportions. What was earlier known as the ‘drugs in parcel’ scam or the ‘FedEx’ scam has now become the number one threat to Indians, with Prime Minister Narendra Modi issuing an advisory alongside every law enforcement agency in the country. In October, an elderly woman died of a heart attack when a fraudster told her that her daughter had been caught in a sex racket. In the same month, a young woman from Ahmedabad was made to strip on camera.
An engineer lost over a crore. Victims are threatened into dissolving their investments to pay the rogues. “It is a highly organised structure and there are multiple modules, each with fixed functions. One module only imitates CBI officers, and another, ED officers. Both modules are trained to speak in the language of officers of these agencies, using specific phrases. The other modules takes care of training, and another of finances. With a turnover of crores of rupees, digital arrest scams now have entire modules functioning as Finance and Accounting departments.
Their job is to route the money through mule accounts,” says Singh. Mule accounts are bank accounts set up and operated by common citizens, and used for a short while by cybercriminals to park their funds or move their money, so that the money trail gets harder to track. In 2022, the Mumbai Cyber Police had busted a gang that was setting up bank accounts under bogus identities. These accounts were set up and sold to cybercriminal gangs to receive the proceeds of their crimes, so that the money is not traced to the criminals themselves. The gang even had a rate card—the higher the transaction limit of the bank, the more expensive the account.
Today, people with no connection to cybercrimes are approached and encouraged to let cybercriminals use their bank accounts as mule accounts for limited periods of time, so that the money can be moved continuously.
“I have found Telegram accounts where people are openly encouraged to ‘lend’ their accounts in exchange for three to five per cent of the money that is routed through their accounts. And bear in mind, this money is in crores of rupees,” says Raikwar. He adds that the scam itself is basically simple. Users are asked to predict which colour will appear on the screen, and the winners are paid double the amount they have bet. After the first couple of wins, they are added to WhatsApp or Telegram groups, where they are offered ‘insider tips’, which are actually misleading lures designed to make them lose.
Raikwar’s concern is more around the promotion than the scam itself. Thanks to Meta’s ad feature, any user can post an ad across Facebook, Instagram and WhatsApp to promote their product or service. This feature is being used to lure the victims to the apps and websites, where, under the guise of betting, their money is looted.
“What’s more? The perpetrators have now tied up with content creators with significant follower count. These influencers post Reels promoting the racket, but also delete these Reels within 24 hours, so that they can’t be held accountable for promoting criminal rackets. But in those 24 hours, scores of victims are drawn to the rackets, and lose money every hour,” says Raikwar.
Meta’s ads have also turned out to be a boon for scores of other rackets, like those claiming to offer expert stock market or investment advice in exchange for a fee. These rackets thrive on pictures of legitimate celebrities, like actual advisors, actors and in some cases, news anchors. One of the most targeted faces in this regard is Pune-based Chartered Accountant Rachana Ranade. Using publicly available pictures of her, posters have been created and posted all over the internet; all of them offering ‘admission’ to her ‘academy’, while in reality they are all scams. Ranade’s team has clarified time and again that she has nothing to do with these ads, and all of her courses are offered only through her official social media accounts with blue-tick verification.
A recent example happened in Tamil Nadu last month, when an associate professor at a government college saw a YouTube ad offering stock market advice. The prolonged con involved teaching him basic stock trading concepts, adding him to a group where screenshots of supposed profits were shared, and encouraging him to open an account on a platform with a promise of high returns. Over a period of three weeks, the victim deposited close to Rs 76.5 lakh on the platform. It was only when he tried to withdraw his ‘profits’ and was asked to pay a processing fee of Rs 50 lakh that he realised he had been scammed, and approached the police,
And now, agencies face a new formidable threat: Artificial Intelligence. Using AI-powered Deepfake technology, cybercriminals are generating videos of celebrities endorsing betting or gaming apps. Earlier this year, CloudSEK, a Bengaluru-based cybersecurity research firm, investigated a widespread scam where deepfake videos of celebrities like Virat Kohli, Mukesh and Anant Ambani, and Ryan Reynolds were being used to promote a betting app.
Meta’s apps were flooded with these ads, and CloudSEK found that the deepfakes were generated by bot accounts on Telegram using sample videos of required length for as little as Rs 500 per video. CloudSEK had, at the same time, also launched its free deepfake detector tool, which lets anyone run a video through its interface and check for deepfakes. Says CloudSEK co-founder Bofin Babu, “Since then we’ve observed a significant increase in the reporting of deepfake-related incidents across various sectors.
Notably, fraudulent activities, where deepfaked audio and video are used to impersonate top executives of organisations, leading to unauthorised financial transactions and data breaches are on the rise. We’ve seen deepfakes being employed to create misleading political content to manipulate public opinion and discredit public figures. The accessibility of deepfake technology has lowered the barrier for malicious actors, resulting in a broader range of misuse cases that are more sophisticated and harder to detect without specialised tools.” Entities like CloudSEK continue to track the growing use of AI for nefarious purposes larger than just cybercrimes. For instance, currently, deepfakes are not only used for individual scams, but are also part of larger disinformation campaigns
“An interesting trend we’ve noted is that most deepfake videos are not entirely ‘fake’; instead, only selected parts are edited to spread misinformation, making detection even more complicated. We predict that in the future, deepfakes will pose even greater risks, potentially being used in cyber espionage, corporate sabotage, and to undermine democratic processes by disseminating false information during critical events.
This trend will likely continue as deepfake creation becomes as simple as basic video editing. As deepfake technology continues to advance, it’s crucial for both individuals and organisations to stay informed and utilise detection tools like ours to combat these emerging threats,” says Babu. Using technology and persuasion, the scam race is a cat-and mouse game between criminals and law enforcement with the former using faster and inventive tools to fleece the credulous.
Cyberscams: modus operandi
Digital Arrest
● Scammers posing as executives of courier agencies call up people to tell them that a package in their name has been found to contain drugs
● A second scammer makes a video call to the victim, posing as a CBI or ED officer. Sometimes, he ‘transfers’ the call to the ‘ED officer’ because ‘the case has become too serious’
● Victims are coerced into paying large amounts of money to ‘settle’ or ‘manage’ the case or as fines
● They are told that they are being arrested ‘digitally’, right there on the video call, and that the money is the only way to ‘buy their freedom’
Investment Advisor Scams
● Victims are lured through paid ads on social media, which use pictures of actual advisors without their knowledge or consent
● Clicking the link in the ad takes the victim to a WhatsApp group where ‘tips’ are shared daily
● Within a few days, ‘premium packages’ and ‘platinum programs’ are introduced, which assure better advice and ‘insider tips’
● Once enough money is collected, the WhatsApp group is abandoned and the scamsters disappear
Betting Apps/Websites
● Social media ads using deepfake videos of celebrities entice users to install apps or visit websites that host a simple betting game
● The first few rounds give out good returns, luring the user to bet more
● As soon as higher amounts are bet, the ‘winning streak’ ends and the user starts losing
● After a point, even if the user deposits more money, it does not reflect in the betting wallet
Cyber-Slavery
● Agents comb through profiles of job seekers on professional networking and recruitment websites
● Well paying jobs with benefits like accommodation, insurance, travel etc in countries like Singapore are promised
● Once the candidates leave India, they are completely at the mercy of the agents, who take them to sweatshops in Cambodia, Laos or Vietnam
● The victims are made to perpetrate cybercrimes like crypto investment fraud, part time fraud etc from these sweatshops
● Those who want to leave are given the option of buying their freedom by earning a certain amount from their cybercrimes
The Psychology factor
Cyber psychologist and psychotherapist Nirali Bhatia cites her own experience before diving into the psychology of the scammer and the victim.
“I received a call from a person claiming to be from the Army Public School who said he wanted me to conduct a session. I told him I don’t charge the Defence Forces for one-time sessions, but he insisted, using words like ‘government mandate’, and tried to hurry me into accepting charges. I ultimately told him to let me talk to his superior and he stopped calling. I shared this information on a WhatsApp group I am part of, and seven others responded saying they had received similar calls,” says the founder of Cyber B.A.A.P, an anti-cyber bullying platform.
Through the experiences narrated by her felllow group members, Bhatia learned that the callers would ultimately scam the victims into scanning QR codes, purportedly to accept payments. In reality, these would be reverse QR codes, pre-programmed to debit money and not credit it.
● The underlying factor at work for both scammers and victims in most cybercrimes is greed. Victims give in to greed, while scammers exploit it. A lot of scams, like bitcoin investment, part-time jobs and stock market advice, work on this principle.
“As we have also seen, cybercrime today are well researched, targeted and executed with a lot of patience. On top of that, there is so much information on the internet. There is enough research that says that never in human history has there been so much information as today, and it leads to a cognitive overload. It is like entering a casino; the bright lights and music and all those slot machines and card tables in a closed space end up overloading your senses. You enter thinking you will only bet ₹2,000 but end up losing ₹20,000,” she says.
● The digital arrest scams capitalise on the basic human emotion of comply-and-conform as a response to any figure in authority.
“You see a policeman while walking on the street, you automatically walk carefully. It works the same way with digital arrest scams,” says Bhatia.
● With cybercriminals, their psyche is impacted by the use of the internet, particularly the fact that a lot of their crimes are text message-based.
● It takes away the element of empathy and blinds them to the impact they are having on the victims. For them, the impact is the money coming into their account which is a positive one from their perspective. In a more personal setting, unless it is a really hardened criminal, one wouldn’t be able to scam more than one or two people in a day. This is exactly why digital arrest scamsters don’t target more than a couple of victims in a day. Seeing the victims crying and begging on video call can have an effect.
Today, the digital arrest scam has reached giant proportions. What was earlier known as the ‘drugs in parcel’ scam or the ‘FedEx’ scam has now become the number one threat to Indians. With a turnover of crores of rupees, they now have entire modules functioning as Finance and Accounting departments