Cyber criminals using paid advertisements for duping citizens

Prof. Triveni Singh, S.P - Cyber Crime, UP Police

With advancement of technology, cyber criminals are also getting smarter. Every day we get SMSs of part-time jobs or instant loan applications etc. Nobody can expect that an SMS like this can become a big crime where people lost around Rs 50,000 to Rs 2.5 lakh and if it is calculated for the entire country, then it will be a huge amount. To regulate the bulk SMS industry, the Department of Telecommunications has come up with a blockchain based DLT platform to control cybercrimes. For example, if you want to send bulk SMSs then you require three things, first you have to have a registered entity - it can be an individual or a firm. If the entity wants to send bulk SMS, then it asks for a code from the telecom operator and for this, documentation must be submitted. 

According to government policy, the text of the SMS must also be validated, verified and approved. If anyone searches for part-time on Google then the paid advertisements appear first and the cyber criminals are taking advantage of that. The link opens to a WhatsApp number and then they take it to Telegram and provide a virtual payment address and ask for some amount that will get doubled. It starts with part-time jobs, instant loans and it operates as a ponzi scheme. Hackers are collecting small amounts of money from victims in the form of registration fees, administrative fees etc.

Lakhs of cyber criminals are running paid advertisements on Google and their links appear first on the search engine. Thousands of people are becoming its victims. The link creates a dashboard where instant loans, jobs, free recharge etc lure people to use them. Same happens in crypto platforms as well. The scam has amounted to Rs 4,200 crore in the last three months. 

Front-end companies are used as a mule account to route the money. Crypto firm Binance’s money trail showed that 90% of its money generated in India went to China. After discussing with SMS aggregators, we found out the traffic was routed from Hong Kong. Hackers are operating SMSs from Hong Kong and the money of payment aggregators goes to Dubai, which should be coming to India instead. The regulatory weaknesses of our country are being exploited by China. In the Binance case, the money went from Razorpay to Jpay and then to crypto exchanges Binance. The firm claimed to use a mixer technology to send cryptocurrency to millions of bitcoin wallets. When further investigated, we found out that all the wallets are managed by Chinese nationals.

Because people are not aware about the cyber frauds, they are getting duped by hackers. For example, if your phone is facing some problem, you immediately search for the nearby call centre or customer support. After the call gets connected, the hacker convinces the victim that he/she is calling from the customer support, and that’s how the fraud gets started. So, we need to have solutions that can detect the fraud at the initial stage. 

The payment gateway operators are still not regulated by the RBI, otherwise, these kinds of crimes would have been stopped. In the case of cryptocurrency, we need to track the crypto criminals so that no one can withdraw money through cryptocurrency platforms. Fake crypto wallets are getting shared with people not aware of whether it is legitimate or not. Fake crypto exchanges are operating along with crypto miners using illegal ways to cheat people.

Recently, we have registered a case in Noida for ransomware attack with a renowned insurance company, 10 days after it took cyber insurance. The hackers claimed Rs 15 crore from the insurance company. So, the question is, how did the cybercriminals know the company has taken cyber insurance recently? This is a major concern. If someone suffers from cybercrime, they can contact 1930 that is a Pan-India number created by MeitY and can share the details of the cyber fraud whether it is debit card fraud, withdrawal of money, etc.