While cybercrimes are increasing with cyber crooks inventing a variety of more complex scams exploiting technology, the police are also picking up pace. In an interaction with the editors and staff of The New Sunday Express, C Vamsi Krishna, Deputy Inspector General of Police, Economic Offences, Criminal Investigation Department, shared how fraudsters are quick to gain the trust of victims, without giving them a chance to think. But people should not fall prey to such shenanigans. He also speaks about the procedural and legal challenges investigators face. Excerpts from the interaction …
How is the cyber crime situation?
Putting it on a scale is a little difficult as we have to compare. As the figure stands, the numbers are increasing rapidly. Since last year, there has been around a 30-40 per cent rise. When compared with 2021 or 2020, the increase is around 50 to 60 per cent. If we go backwards, it is even more. The rate is exponential. Most of the present crimes are cyber crimes. Traditional crimes are decreasing, but are not completely down. Cyber crimes are bound to increase further because of more technology and easy usage.
A major challenge seems to be awareness. What is the department doing about it?
It is a combination of factors. We cannot say one particular factor is a reason for increasing cyber crimes. In cyber crimes, the change in technology is rapid, so is the change in modus operandi which is varied and diverse. It depends on the creativity of those perpetrating the crimes. They can come up with something like a job fraud or a catchy advertisement, so that people fall prey. It is all about taking advantage of trust to deceive someone and it differs from case to case. When awareness is created, it should be generic as we cannot make it specific as crimes keep changing every day. The easiest advice one can give is that the person should be aware where to cut the line and from where he should start suspecting. That is what is important. Apart from awareness, there are also several other factors.
How do scamsters gain victims’ trust so quickly?
They try to push and hurry up their potential victims, without giving them a chance to think. Also, fraudsters take advantage of greed among victims.
Why is it so difficult to crack cybercrimes?
Technology is evolving fast, and each technology has its own complications when it comes to investigation. Some messages come with normal encryption, while others come with end-to-end encryption. A simple step makes things very complicated. For the backend investigator, it is complicated because of technology, encryption, changes in modus operandi and new apps. Jurisdictional issues, legal complication over evidence being available elsewhere like in foreign jurisdictions, privacy issues, accused sitting in some other state. investigators having to go in teams to trace the accused in some remote places and so on. All these factors put together make it complicated, be it a fraud of Re 1 or Rs 1 crore. It is very easy to commit fraud because there are several apps to provide anonymity.
What about laws related to cyber crimes?
Cyber crimes keep evolving and keep changing their nature. The Act should be dynamic as well as applicable for times to come. A very specific Act cannot be made and it is not possible. It has to adjust itself to changing technologies. The Acts should be worded carefully.
In a fraud, when money is transferred into a particular account by a victim, why is it difficult to crack the case? Already, KYC details of fraudsters would be available with the other bank...
Fraudsters do not want money to go into their accounts and create multiple mule accounts. Fake accounts can be created through stolen KYCs or documents which are easily available in the darknet. Unless we have systems in place at every branch, it cannot be ensured. Also, thousands of people in rural areas offer their accounts on rent to such fraudsters. It is difficult to retrieve money from a fake KYC account.
People can also transfer money with a lot of ease because of UPI. Does this also play a role?
The RBI came up with the latest guidelines from January 1. They have changed five rules. Any payment above Rs 2,000 to a new recipient, a window of only four hours is allowed. If one realises that it was a fraud transaction within those four hours, the money will be returned if a request is raised. The problem begins if the money is transferred to a mule account. Sooner a victim raises a complaint, the better it is. Complaints have to be filed immediately on portal cybercrime.gov.in or by making a call to 1930. MHA data reveals that in the last four years, around four lakh people have raised complaints and Rs 1,100 crores has been saved. Not everyone wants to file an FIR. Most people just want their money back, and do not want to file a complaint, which is not right. There are hundreds of complaints on the portal but most of them don’t get converted to FIR as victims do not want to file complaints.
What are the profiles of the accused?
Their general age group is between 18 and 35. Most accused are not graduates, while many are just 10th pass. It is easy money and easy crime.
What about child pornography?
This is a major concern. We get a lot of tips from the National Centre for Missing & Exploited Children (NCMEC) and MHA on a daily basis. We follow up all of them. It is a little worrying trend and it is increasing. It is also a social concern.
Recently, there were bomb threats to schools. Is it a difficult case to solve?
The difficulty is because of technology. Perpetrators have access to various facilities, including vanishing emails, temporary emails, VPNs and more, which are not illegal. But putting these into illegal use is where the problem starts. The accused search for a particular service which does not leave a log or data, and they search across the world as there are no boundaries for technology. But for an investigating agency, the regular procedure has to be followed. Unless these complications are removed, investigations are bound to be complicated.
How well are policemen trained to handle cyber crime cases?
Training is not a one-day affair, especially when it comes to cyber crimes. This has to be ingrained into everyone, both the instructor and the person being tutored. The situation in Karnataka is far better than other states. Most policemen are trained in level 1. At CID, we train policemen in three levels -- L1, L2 and L3, which is the most advanced. Today’s L1 content may be outdated in a couple of years as technology keeps evolving. A lot of relearning is needed to catch up with technology and the changing modus of criminals. VPNs and encryption levels are changing. Training has to be continuous. We need to keep updating our content. In the last one year, at CID alone, we have trained over 30,000 policemen. Apart from CID, training happens in training departments, police academies, police training colleges, district levels and online also.
Does a tech background help investigators?
Yes, definitely. It helps in understanding quickly,. and that is the only difference.
In conventional crime cases, the police have a deadline. Is that the case with ransomware incidents?
Ransomware cases vary based on factors such as the type of ransomware, backup timelines and malware characteristics. Investigation feasibility relies on adherence to guidelines, governing data backup methods and specifying how and where backups should be done.
Do you believe that the evolving nature of cybercrime and corresponding training adjustments may alter traditional policing methods?
Policing extends beyond technical aspects, such as information and comprehensive analysis of crime methods. While technical expertise is crucial, a thorough understanding of laws is equally essential for handling each case effectively.
What is your take on the use of the dark web in the state?
The dark web is accessible to anyone. Criminals specifically favour its use because of its ease of access through open-source networks. The challenge for us is to trace individuals because of encryption.
How can people ensure that their contact numbers are not shared when providing it at different places, including banks?
The forthcoming Data Protection Act stipulates that sharing data requires explicit consent, with a mandatory disclosure of the intended purpose. Entities handling data must inform users about its specific use and place where it will be used.
Cooperative banks engaging in fraudulent practices against customers constitutes an economic offence. What do you believe is the underlying reason for such crimes?
While regulations and procedures are already established, there is a deficiency in enforcement. If the rules are diligently implemented, such occurrences can be mitigated.
What are some dos and don’ts to avoid falling victim to cybercrime?
Question everything you see and hear. Take a moment to question why someone is offering you money or a job without you initiating the request. Before using mobile applications, thoroughly review their privacy policies to understand proper usage rather than learning through trial and error. Many reported cybercrime cases involve exploiting real identities and fake cryptocurrency platforms. Be alert if someone contacts you claiming to be a relative or friend. Verify their identity before trusting them. Don’t believe everything you encounter on social media without verification. Mistakes often happen in moments of haste or urgency. Stay informed about online payment systems and fraud trends to protect yourself. It’s crucial to remain vigilant and updated in the rapidly evolving landscape of online security. To avoid falling victim to cyber threats, ensure that all your applications are regularly updated. Download and use apps only from trusted and authenticated websites. Refrain from clicking on any suspicious links or downloading content from unknown sources. Additionally, be cautious when receiving video calls, as they may pose a risk of sextortion.
What is the recommended timeframe for reporting, and where should one report such incidents?
There is no specific golden hour. The sooner the incident is reported, the better. If someone falls victim to fraud, it is essential to report it promptly upon realisation. Victims can contact 1930, the national cyber crime helpline number, or visit cybercrime.gov.in. Reporting promptly facilitates connecting with financial institutions linked to the fraud, enabling the freezing of funds. Additionally, contacting the jurisdictional police to file an FIR is crucial. It’s also important to get in touch with the bank immediately to block the account, preventing any further transfers and minimising the risk of additional fraud associated with that particular bank account.