BENGALURU: The first two months of the lockdown saw a sharp spike in cybercrime, with a majority of them directed at elderly people and single women. According to City Crime Records Bureau data, March and April together saw 1,308 cyber crime cases with a jump in bank fraud and scams in which people impersonating government officials trick people into transferring money for welfare schemes or a government-run relief fund.
“Cyber attackers pretending to be bank officials make calls (vishing) or send emails or SMSes (phishing) to customers, asking them for their account numbers, credit or debit card numbers, CVV, OTP etc,” a cyber crime police officer said. From January to April, police registered 2,103 cases. Figures for May have not yet been released. “Six of every 10 cases we see are related to senior citizens,” the officer said.
Although banks do warn customers against revealing account information, an expert points out another serious problem. “No one really wonders what happens before a transaction reaches the OTP stage. Where did the criminal get card and CVV numbers?” said Nagendra Rao, former bank official and bank-related cyber fraud expert. A cyber crime police officer who also wished to remain anonymous agreed. “Data leak is a big issue.
We have found that staff of private mobile network providers, hospitals, insurance companies, banks, online platforms, etc, have all sold data. With most services now being outsourced, it is very easy to access data and the risk of that being sold is very high,” he claimed. The officer said that in several cases, elderly people who had been swindled, used their debit cards only at ATMs. “They don’t even know how to do online transactions, but their cards were used in a distant part of the country. It’s likely that card numbers and CVV were leaked from banks, but banks are focussed on the OTP alone. Efforts to solve such crimes and reduce them should start from the root cause, which is the leaking of card data,” he explained.
Investigation
While strengthening information security can help prevent crime, once an offence has occurred, police struggle to catch up. “Despite the creation of CEN stations with about 40 officers each, it’s not enough. A bunch of tech-savvy boys sit in remote districts of Jharkhand, UP, etc, making it difficult to track them.” he said. However, Nagendra said banks can adopt simple measures to reduce scams. For instance, linking OTPs to specific transaction, rather than making them valid for a certain time period. A OTP should be valid only for a specific amount and for a specific merchant.