Tech-Savvy Scammers Drive Cyber Crimes Factories in India
KOLKATA, India — Cyber fraud in India is on the rise as scammers mushroom across cities, running call centers to dupe victims, including Americans and Europeans.
Delhi police recently busted a racket that defrauded close to 4,500 Americans of about $14 million. The scammers, who operated out of call centers in New Delhi, told people on their call lists that their bank accounts were being used to pay international drug cartels, and that the only way to stave it off would be to invest in Bitcoin or gift cards. The payments were then diverted to e-wallets created to swindle the funds.
India ranks third among 20 countries in internet crimes, according to the FBI’s 2019 Internet Crime Report. Excluding the U.S., the UK tops the list with 93,796 victims of internet crimes, followed by Canada with 3,721, and India with 2,901.
“The problem with cybercrimes is that even though such scams are busted, the victims are often outside India,” said Mukesh Choudhary, founder and CEO of cybersecurity firm Cyberops Infosec. “They are not present at the time of court proceedings, and the case is dismissed then and there.”
Cybercrime cases in India increased nearly 64 percent between 2018 and 2019, according to the National Crime Record Bureau. In 2019, more than 44,500 cybercrime cases were registered, compared with 28,248 in 2018.
“Today, in every major city there are call centers for cybercrime,” said Sandeep Sengupta, managing director of the Indian School of Ethical Hacking. “However, only 2-3 percent get caught. There are 800-plus companies in West Bengal [state] alone. Now, due to police raids, they are shifting to smaller cities such as Siliguri, Durgapur and Asansol. These cities have become a hub of these illegal fake scammer BPO (business process outsourcing).”
Some scammers are even shifting to small towns in the hills where police might find it difficult to reach, Choudhary said.
Jamtara a small town on the border of West Bengal and Jharkhand, for a long time was a hotbed of cybercrimes. The town was so notorious that Netflix created a series on the cybercrime factories in the region.
More cybercrime is likely in 2021, according to a report by global cybersecurity company Kaspersky, with new forms of payments, including WhatsApp Pay, which was recently launched on the Unified Payment Interface (UPI) platform, a real-time payment system in India.
“This year we have seen many UPI related frauds, and several banks have issued advisories alerting their users about the same. As more options for digital payments are introduced, we can see more similar cases in the future,” the report states.
“Cyber scams are getting busted on a regular basis, and almost all cities in India now have hundreds of call centers operating such scams,” said Choudhary. “Often the scams originate in the form of pop-ups that warn people of a malware attack. When people contact the number shown in the pop-up, they are asked to install a software that shares their screen and steals the data.”
For scammers in India, it is easier to dupe foreigners. Credit cards payments in India often require two-method authentication, including a one-time password over the phone, but outside India there may be no such checks, Choudhary said.
“There is a lot of social engineering leading to increasing cybercrimes,” said Rakshit Tandon, a consultant with the Internet & Mobile Association of India.
“Many people are not aware of terms like requesting and sending in payments apps, and scammers are able to take advantage of this naivety and make them pay. The fraudsters create a QR code and share it with victims. After sharing the QR code, the victims are often asked to share it in a payment app and the money gets deducted. Also, there is a rising number of frauds involving UPI payments.”
Scammers have even placed fraudulent call center numbers of major e-commerce companies at the top of search engines, said Tandon.
“When people call for issues like refunds, these fraudulent call centers convince people to install apps which share their screen for hacking bank passwords,” Tandon said.
“Major problem is with senior people, who are not savvy with digital life as they are still coping with the change (in financial space),” said Sengupta. “As we have new features in banking, e-wallet, mobile, apps; young generation are more proficient with the changes. The newer the technology, the less public know about it. By the time they come to the know the risks, many get duped.”
One of the earliest forms of cyber scam from India, which evolved in the early 1990s, was called the Nigerian 419 scam, named after a section of the Nigerian Criminal Code. The scammers asked people to transfer billions of dollars to the account of a Nigerian prince in lieu of a commission. The scam was often operated by Nigerians working out of India.
(Edited by Uttaran Das Gupta and Judith Isacoff.)