Issues Related to Digital Fraud

Reference:

Along with the US, the United Kingdom, Canada and Germany, India is also among the top five countries targeted by phishing attacks. According to a report, phishing attacks have increased by 58.2% in the year 2023 as compared to the previous year.

Different forms of fraud:

Phishing:

Under phishing, fraudsters steal information through emails, links or fake websites of legitimate institutions like banks, insurance firms and government departments.

Smishing (SMS Phishing):

Under smishing, fraudsters use messages impersonating institutions like Aadhaar services or digital wallets to lure users into clicking on a false link. 

Vishing (Voice Phishing):

In vishing, fraudsters impersonate fake bank representatives or other officials to dupe victims for OTPs, account details, etc. through phone calls or voice notes.

Increasing misuse of AI in cybercrime:

Cyber ​​threats have evolved into a purely AI-powered form carefully designed to take advantage of human vulnerabilities.

Personalized phishing

• Through AI, attackers are able to examine social media profiles and construct highly targeted phishing emails.
  • For example, sending an email imitating a local job portal with a claim of a high-paying job.

Deepfake technology:

• AI-generated voices and videos are used in vishing calls to replicate credible individuals.
  • For example, using deepfake voice calls of officials to authorize financial transfers.

Polymorphic malware:

Polymorphic malware is a type of malicious software that constantly changes its code to hide its identity. AI-powered malware constantly evolves its code, bypassing traditional antivirus programs.

Chatbots for smishing:

AI bots mimic human-like conversations in messaging platforms like WhatsApp or Telegram, making fraudulent processes more believable.

Interactive smishing:

AI chatbots can pretend to be customer service agents of gig platforms (such as Zomato, Swiggy, Ola, etc.) and extract payment details by luring fake ‘refunds’.

Voice spoofing in vishing:

• Attackers use AI-generated voices to mimic regional accents and dialects.
  • For example, scammers impersonating regional language officials.

Hybrid smishing vishing attacks:

Fraudsters use a combination of SMS and voice calls. In this, SMS is used to send fake messages to fraudsters. Acts as a lure which increases the credibility of the call made.

Measures to tackle cyber attacks:

Technical measures:

• AI-powered cyber security platforms like Quick Heal and K7 Security can be used to detect phishing links and malware or anti-spam and anti-phishing browser extensions.
• Spam filters and anti-virus software are the first line of defence while multi-factor authentication and encryption provide strong protection against emerging threats.
  • Multi-factor authentication (MFA) is widely adopted by Indian digital payment platforms like PayTM and Google Pay.
  • This makes it mandatory for users to go through multiple verification steps to log in to their accounts.
• Currently, many Indian banks and e-commerce sites use encryption to protect sensitive data during transactions.
• Major telecom companies in India have already introduced free AI-powered ‘spam call detection’ tools that display warnings for numbers previously reported as spam calls.
• Industries such as banking and IT need to conduct regular cyber security awareness programmes.

Personal measures:

• Contacting your bank’s helpline number
• Reporting the incident on the cyber crime reporting portal (cybercrime.gov.in)
• Changing hacked passwords and monitoring accounts for unauthorized activity
• Avoiding sharing personal details or clicking on links received from unknown sources
• Using tools such as Truecaller to identify and block spam calls
• Participating in extensive digital literacy campaigns

Legal measures available in India:

• India has a comprehensive legal framework to deal with cyber crimes. The Information Technology Act, 2000 covers offences related to phishing, smishing and vishing, which carry penalties and imprisonment.
• The Indian Computer Emergency Response Team (CERT-IN) mandates organisations to report data breaches within six hours.
• In cases of phishing, especially where some money laundering is involved, the cyber cell freezes the account of the accused and helps the victim transfer money from the frozen account.
• Information about the accused can be obtained from his KYC details and then efforts are made to arrest the accused.
• Citizens can report any digital frauds or cyber crimes in India on the National Cyber ​​Crime Reporting Portal (NCCRP).