As common people, we are often intrigued by the lives of celebrities and wonder if they go through the same or even similar issues as us. Moreso, it becomes hard for us to digest when news highlights a celebrity becoming a victim of a fraud scheme or getting swindled of finances. For us, celebrities are the highly aware people with a fleet of security that deters any sort of mishap in their life, let alone a scam.
But, much to our dismay, celebrity fraud not just happens but is quite common globally.
While celebrities lead a glamorous life and are surrounded by the best of advisors, their status, wealth and high-tech protection do not insulate them from hoaxes that plague the security world. In fact, the reason that A-list celebrities are always in the spotlight makes them vulnerable and easy targets of fraudsters. Many entertainers, TV hosts, and journalists have fallen prey to illegitimate incidents in recent years.
This nature of fraud makes it pervasive and dangerous, with the capability of affecting anyone, anywhere, anytime. In this article, we take a look into some of the most celebrity scams that penetrated their lives and defrauded the A-listers in the worst way possible.
1. Nidhi Razdan
Probably the worst known celebrity case of cybercrime, that reflected how tempting opportunities for even the most learned, could be a trap.
Journalist Nidhi Razdan became the victim of an elaborate phishing scam, that proposed a fake opportunity for her to join Harvard as an Associate professor. The seriousness of this scam resonated with her public decision to leave her 21-year old career behind to teach journalism at Harvard.
It happened in the year 2020 when NDTV’s senior journalist Nidhi Razdan attended and spoke at an event organised by the Harvard Kennedy School. She was even contacted by one of the event’s organizers to consider for a teaching vacancy at Harvard. Going by Harvard’s reputation, she submitted her resume and was interviewed a few weeks later for the profile. Up until now, it all seemed legitimate. To her surprise, she received an email allegedly from the HR of Harvard, confirming her recruitment, with an offer letter and agreement. The documents had the name and stamps of all the Harvard signatories and appeared genuine. More so, her former employers were also marked in separate emails for recommendation letters, only to confirm the originality of the alleged job. She even received class schedules, subject details and a detailed breakup of the classes.
Nidhi Razdan announced on national TV about her new opportunity and quitting NDTV on a respected note. The suspicion started when she did not receive her work visa and her salary was not transferred as promised. It was only when she wrote to the Dean of the Graduate School of Arts and Sciences, that she heard back they had no record of her appointment.
Much to her shock with the entire incident, she realized, even though late, that she was a part of an elaborate phishing scam, meant to steal her personal details.
Attacking a senior media person and swindling her of her financial information requires sophistication in technical and digital knowledge. Looking back in hindsight, Nidhi Razdan regrets not doing much due diligence and falling prey to a phishing scam masquerading as a tempting opportunity.
2. Sunny Leone
Bollywood actor Sunny Leone was the latest to join the victims of identity theft. In a series of alleged loan scams on the fintech platform of Dhani Stocks limited platform, her pan card details were misused to take a loan of Rs 2000. The incident messed up her CIBIL score, while the actress claimed that Dhani Stocks did nothing to resolve the matter or take action to avert the potential risks in future.
3. Sunita Gowariker
Sunita Gowariker, the wife of revered film-maker and producer Ashutosh Gowariker, registered a complaint of losing over Rs 1 lakh from her credit card. She claimed to have received a message about an unaccounted expenditure of Rs. 1,34,333.08. Upon questioning her manager, he denied any record or details of the expense.
Her incident reflected the classic example of why you should always guard your credit card information at all times.
Any person can become a victim of scams in physical and digital spaces. And when we think of celebrities, the wealth and fame drive vulnerability, inviting manipulative and intelligent frauds to breed and steam their finances, as well as reputation. With the level of visibility in celebrity life, scammers and con artists have an opportunity to gain more wealth. And when celebrities do get scammed, the one thing that is certain is the massive scale of monetary loss and reputation loss that befalls them.
However, with a little more vigilance and due diligence, scams of any level can be detected, prevented and deterred. Phishing detection apps such as FinLock may help you to prevent such scams and monetary losses.
Fraudsters never fail to surprise the world of security with just how sophisticated their actions can turn to trick vulnerable people into giving their confidential data or transferring money.
This is reflected in the incident of Jamtara, the eastern village in Jharkhand’s hinterland that became digital India’s hidden criminal society. The area that was once infamous for petty crimes has gained headlines due to the rising cyber-crime crimes. The gang active in the region, under the name Jamtara, has defrauded thousands of people across India, taking advantage of people’s ignorance of basic banking security rules.
The gang embezzles this vulnerability and masquerades as bank executives, or managers to extract confidential details of users such as their ID, password, and Aadhaar card number, under the fake pretext of updating KYC. They raise the urgency of the situation by alarming bank users that their accounts would become inoperable to gain the login id and swindle or even empty the accounts before the user realizes.
Jamtara is amongst the chain of cyber-crime gangs actively operating in different parts of India, who feed on the misinformation and unawareness of banking rules, mostly in smaller regions and amongst senior citizens. They call these targets for fake KYC updates, only to steal their personal details and make them transfer funds by causing a sense of urgency.
These crimes often termed ‘Vishing’, or ‘Voice Vishing’ involve tech-savvy social engineering tactics to convince targets to give up private information, despite knowing it might go haywire.
What is Vishing and how does it work?
When a scammer does a Vishing call, they are most likely to use their social engineering skills to trick you into sharing your personal & confidential information, including bank account passwords, and credit card details. financial data etc. The fraudsters would masquerade as executives of your bank or service providers and say that if you do not update your KYC immediately, then your account would be closed. Further, they raise an urgency by telling you to click on the link they provide or installing an app they would share, or in some cases ask for your bank account details to update KYC on your behalf.
The ones who fall into the trap, end up losing their confidential data and sometimes an empty account.
Vishing, another form of phishing on a call, also comes from a source that seems legitimate but is far from what it might seem. The goal of Vishing also remains the same as phishing- to steal your confidential information and your money.
Moreover, it has become quite easy to contact and scam people. Sophisticated scammers place hundreds of calls simultaneously, using voice over internet protocol (VoIP) technology. This enables the fraudsters to spoof the caller ID of users and make the call appear to come from a trusted source.
How to spot a vishing scam?
Below are some of the common tell-tale signs of a Vishing scam:
- The scammer who calls claims to represent your bank or service provider as a manager or customer care executive. However, unless you request contact with your registered bank relationship manager, you would not receive a call asking for your personal financial information. Therefore, if you receive such a call, the best way to spot a scam is to stay sceptical of anyone who calls you with such an offer.
- There is a frantic sense of urgency. The sense of fear is what scammers use to tap into your vulnerability to extract personal details.
- The caller asks for your information. The moment a person gives you a phone call, pretending to be a bank executive or manager, asking you for your confidential information, that’s the moment clarifying the call is not legit, and there is something fishy about the caller.
What are the suggested ways to avert Vishing?
Besides understanding how vishing works and looking for red flags, you can follow the below tips:
- The very moment you suspect the caller is trying to trap you in a vishing scam, do not feel obliged to continue with the conversation. Hang up the call and block the number, easy and effective steps.
- While on call, if you mistakenly continue the conversation and the caller asks you to respond to questions or press buttons, do not respond and hang up, rather than navigate through the instructions.
- If the caller provides you with a call-back number, it most probably is to trick you into their scam, so do not use it, instead, do your own investigation of the company details as provided and call the parent organization to confirm.
Moreover, if you already have provided your personal information or financial details to the suspect pretending to be a bank executive, who most likely is a scammer, then immediately call your bank about the matter. Ask your bank to block your account over a likely scam and block future transactions unless otherwise notified. You can also report this to National Cyber Crime Portal through helpline number 1930 and they will intervene to block the transaction from happening.
In order to prevent these types of scams from happening, you may take the assistance of India’s first online fraud protection app - Finlock
How does Finlock assist in averting Vishing?
To assist in a safe and secured digital journey, Finlock offers an AI-powered online fraud protection solution. Finlock detects and alerts its users 24/7, of any suspicious attempts, including KYC fraud on call. This best-in-class app provides real-time alerts against fraud. It also provides a transaction summary to spot any suspicious activity in your bank account or cards. Its 24/7 live support guides you with the reporting queries. Finlock also offers stolen funds reimbursement of up to ₹5 lakh in the event of online fraud.
Finlock with its smart security against online frauds identifies to build a cyber-safe future for digital India. It provides end-to-end protection from online frauds, by alerting users and guiding them through post-fraud steps.
What happens when you receive an email from an unknown source with a tempting subject or urgency raising text? Do you respond to the instructions right away or take a moment to address the email’s authenticity? What are the 4 simple questions you should ask to identify phishing emails?
A report by Google highlights that every day Gmail blocks more than 100 million phishing emails. Imagine this bandwidth of phishing emails spamming your inbox and feeding on your vulnerability on a daily frequency. Despite this huge figure, many fools the Gmail spam protection feature and flood your inbox with fraudulent messages, swindling your money and peace of mind.
While many might argue how dangerous it is for one’s safety to respond to such suspicious emails, the temptation to see what stays on the other side is hard to resist. It is this impulse or concern to click on the emails which seem to have come from trustworthy sources, raising an alarm of some sort, if action is not taken instantly. Whether the urgency of clicking on a link relates to updating your login credentials, updating KYC, take action on your bank savings, most of them hold no genuine grounds and are meant to harvest your sensitive information.
But, what do you do if such emails masquerade as coming from legitimate sources, hiding in plain sight to gain remote access to your system and infect it with malware, only to steal your confidential information?
More so, what do you do when your own employees knowingly or unknowingly compromise your system to sensitive data leak. While human resources are considered a strong force, they are also the weakest link to your security. A security breach can impact the finances as well as the reputation of a company. Phishing emails exploit this human tendency of temptation in an organization and feed on its employee’s vulnerabilities. A report by Forbes suggested that insiders were responsible for 36% of the total data thefts, both intentionally and unintentionally. This challenge of your security system is crippled by your human resource through phishing fraud has implications worse than any other cyber-attack.
Cyber-criminals are making their way ahead of the cutting-edge systems, bringing sophisticated attacks in myriad forms. Phishing emails are the most common source of attacks and ransomware on a company. With its rising popularity amongst cyber attackers, it is increasingly used to extort money or cause reputation loss of an individual or an organization.
While the extent of this issue is a major security hazard, the ‘STOP’ solution comprises 4 simple questions that you should ask yourself and teach your employees to consider, whenever you receive an email that asks for you to disclose your personal details. This when followed diligently, can avert the danger of phishing emails.
Let’s walk you through the questions one at a time
S: Does this email look Suspicious?
The moment you receive an email, look for hidden identifiers that can unveil the reality of that email. These may include grammatical errors, spelling mistakes or suspicious email IDs. Legitimate businesses have an automated system for email subject and text checking and almost never commit the error as naïve as bad grammar or wrong spelling. Hence, your first and most important suspicion can arise from identifying these elements.
T: Is this email Telling me to click a link?
Never will a legitimate business or organization, be it public or private ask you to click on a link in the email and enter your login credentials. If your login credentials have expired or need an update for some reason, they would ask you to visit the official website and access your account there.
Hence, receiving an email with a link, asking for action through it is a suspicion in itself and you must delete the email right away, without taking any action. However, if you do have a concern regarding the issue raised over email, you can connect with the company in person or over the phone available on their official website.
O: Is this email Offering something extraordinary?
Businesses do have loyalty programs that offer their clients good offers, discounts, and occasional offers, but never anything extraordinary. Moreover, if they have an offer that sounds tempting, its mention must be on your official account too. To confirm the offerings, you can also call the customer care of that business from their official website. But, refrain from taking action from the link or phone numbers provided in the email.
P: Is this email Pushing me to do something in haste?
No business would give a restricted deadline without prior intimation for an action such as claiming an offer, discount, updating KYC, applying for a job etc. So, if you receive an email that is pushing you to take immediate action and holds an urgency, then your vigilance sense must get heightened immediately to not respond through the email.
Proceed With Caution
Phishing emails are consistently expanding their dangerous territory and thus have gained the status of being an unavoidable threat in the digital age. Your best protection from such scams is to side with caution and use the STOP technique every time you find something sketchy in your inbox.
STOP - Suspicious, Telling, Offering, Pushing
Remember, a genuine company would never ask you to share your confidential, sensitive, personal information via insecure channels such as an email. If the message that a legitimate business is trying to convey is truly important, then they would attempt to contact you through verified methods like telephone, without extorting your personal details.
One of the most expansive scammer markets has always been the job fraud SMS that once began with the traditional approach of physical make-shift and transformed into the cutting-edge digital landscape. Scammers find the feature of job fraud SMS very luring and useful that can enable them to chat with the target the instant they click on the link.
It is no denying that the vast population of youth in India do not always achieve the employment opportunities they seek. With resources limited and job vacancies running the challenge of high competition, stress accelerates the people to get driven towards messages claiming to offer high-paying jobs instantly. The scammers prey on these vulnerable groups by sending part-time or full-time jobs, tempting them into clicking on the suspicious link.
This fraudulent practice expanded its roots even more after the Covid-19 pandemic, when people lost their jobs and were looking for employment, side hustles to keep their expenses up and running. What happened more during this phase was scammers tuning into the desperate job seekers and sending fake jobs, interviews, recruitment SMS and charging money in exchange.
However, understanding how to differentiate legitimate work opportunities and fake ones, while searching for both full-time and part-time employment is a tricky road. Often, in times of stress, we tend to overlook the obvious signs that can refrain us from getting victimized by such scammers.
List of common job fraud scams that one must be aware of
- Gaining Access to Personal Financial Information
Scammers use the instant messaging service to send fake job interview links to job interviewers and job seekers. With a set-up that will land you in a fraudulent job offer, the illegitimate company would ask for your banking information and ID proof. The moment you send in these details, the scammers would be nowhere to be located, while you compromise your personal information.
- Lacking Verifiable Information
While, with those job SMS you would feel you finally landed your dream job, but as you inspect further, you realize that there is absolutely no data available about the company. To your dismay, you cannot even verify their website address, employee or phone number. It now hits you that you have been scammed. We live in an age of digital disruption, where every legitimate company whether big or small has an online presence, testimonials, decent following and social media engagement. So, not having any of these is a clear indication of fraud in the process.
The most common and the most popular that have encroached on your phone calls, SMS, emails, texts. You name a platform, and phishing scams will find their presence, defrauding people. Moreover, when it comes to job fraud SMS, phishing scams already have a vulnerable lot to target. Phishing job fraud SMS appear to have come from a trusted source or a well-known business. This is why when you receive a job SMS, it is vital to connect directly to the company, look for their online presence, and employee feedback, rather than trusting the SMS and beginning text communication.
- Data Entry Scams
The one job that has made headlines for scamming job seekers is the data entry job fraud SMS that comes with the promise of a handsome earning, with almost negligible skills. Well, the scam is in its details itself!
Moreover, the tempting SMS masquerade a small training fee that needs to be paid upfront, which will commence your employment journey. However, the data entry jobs rarely pay the amounts as advertised, and most are just scams waiting for vulnerable people to take the bait and become a victim, never to the very existence of the company and its fake employees.
- Pyramid Marketing
Pyramid marketing is not only illegal but holds no real basis in commerce. While there is no physical product involved in a pyramid scheme, its marketing incorporates the exchange of capital. People get job fraud SMS on pyramid schemes, which ask them to invest in the scheme and get benefits from investments made by those people who follow them into the marketing program. However, in the equation of pyramid marketing, if someone has to make money, some other person has to lose funds.
- Wire Transfers
More often than not, people receive job fraud SMS in the form of offer letter confirmation, or promising a confirmed job overseas, but with a catch. The SMS usually asks the target to send small funds to an account through a wire transfer. These people who send SMS, claim to be either an employment agency or the company’s executive.
While sometimes the claim for a money transfer might seem legitimate, no genuine company would ask wire transfer to confirm a job vacancy. Wire transfer would move the money so quickly from one account to another, that it becomes difficult to reverse and the victim loses the money forever.
Once the target receives these messages from random numbers that carry a suspicious link or a promise of a job offer, the temptation to refrain from it is the true test of your security. These scammers who leverage people’s interest in full-time and work from home opportunities are usually meant to steal your credentials and data to access business networks.
So, how do you save yourself from the inevitable job SMS fraud? If you ever receive such text messages, below are a few tips.
Tips that can stop you from getting scammed
Ignorance is bliss
Take it literally! If verifying the source of the job SMS is not possible, then simply ignore the message, no matter how tempting it sounds. Take a step forward and block the number from which you receive such SMS.
Sender is a mobile number
Usually, companies that need to send bulk SMS are required to do a proper Distributed Ledger Technology (DLT) registration with the telecom provider. Companies create a unique sender code for the SMS that identifies the company. If the SMS you received doesn’t have any sender code (usually alphabetic) and is sent from a mobile number, it is most certainly a fraud SMS.
Identify bad grammar or sentences
Some of the job fraud SMS use improper grammar or have spelling mistakes that can be identified easily. Any legitimate company never fails to cross-check the messages they send, and grammar is one such aspect that cannot go wrong with them. Therefore, look for these red flags that can eventually save you from getting scammed.
Finally, report the incident and block the suspicious number. Always remember that it is advisable to keep your safety on priority even in the most tempting of situations and never click on suspicious links, no matter the curiosity.
Installing a fraud SMS detection solution
You can also use a mobile app that can detect fraud SMS received on your phone.
To assist in a safe and secured digital journey, Finlock offers an AI-powered online fraud protection solution. Finlock detects and alerts you 24/7, of any suspicious fraud SMS. This best-in-class app not only provides real-time fraud alerts but also provides stolen funds reimbursement of up to ₹5 lakh in the event of online fraud.
In a Nutshell!
The job ad postings that are almost too good to be true are often the ones that will swindle your time and money with fake promises. With their sense of urgency and monetary exchange, even if small, you would be driven to a fraudulent agency or individual’s trap, never to see the joining letter in your email account. However, what can save you all this trouble is a sense of vigilance and assistance from online fraud protection sources.
How serious are you about your privacy? Theoretically, a lot! Practically in the digital world? This question seems to be running the rounds of scepticism and ambivalence.
According to a report by Merkle, the leading technology-enabled, data-driven customer experience management company, 86% of customers are more likely to trade their personal data to enjoy personalized offers, that are based on their interests and browsing or purchase history.
Merkle’s Q1-2022 Customer engagement report (CER) historically reported the marketing leader’s perception, only this time it focussed on customers. It lay bare the sentiments of consumers around data collection and privacy concerns while exploring their viewpoint on updates and regulations.
The customer experience management company surveyed 2000 consumers to get insights into the amount and bandwidth of data the consumers are willing to share at the expense of their privacy. What they found was a staggering figure on the customer’s true insistence and inclination on the evolving data privacy policies and how they perceive it. With 86% of people ready to trade their personal data, the survey, clearly one-sided revealed the willingness of consumers' sentiments to align with contextual and connected experiences, benefiting big business giants.
Adding to the dramatic survey results, the global CEO at Merkle, Michael Komansinski said that their studies reflect on the increasing customer awareness about what personal information they are trading with brands in exchange for personalized information. Customers today have a heightened sense of awareness and brands need to amp their strategies on customer experience so they add more value to the customer journey in exchange for their personal data.
Have consumer privacy concerns changed over the last decade?
Data security and personal data privacy consistently drive the uncertainty ride of consumer behaviour on different brand web pages. This argumentative concern is still ripe with a multitude of popular and revered businesses, inclining towards consenting consumer information in exchange for personalized data.
However, statistics of the likes of IdentifyForce which highlighted in their report that the credentials of 500,000 Zoom teleconferencing accounts were found on sale on the dark web on 14th April 2020, cripple the customer’s trust in jerk a setback on the reliability of consumer data handing by businesses.
This privacy encroachment by brands and the absolute complacent behaviour of consumers tends to take a steep uphill with the advancement in technology. As more and more products become the common and higher state of privacy reality uncovers, consumers’ concerns and expectations over their data privacy rises further. This concern can also be contributed to the emerging cybersecurity risks that occupy headlines such as Amazon scam emails, cryptocurrency scams, etc. Everyday news of sophisticated hackers penetrating the most cutting-edge systems take headlines and raises the question of how safe is a consumer's personal data with the brand.
Despite the questioning and raising eyebrows on security concerns, the consumer would somehow agree to the terms and conditions that underlines the trade of data for an enhanced consumer experience. However, what goes in the web-hole of a brand’s compliance to consumer data safety is neither addressed by the brand nor raised by the consumer.
In fact, for most people, the level of concern for privacy while browsing might decrease instead of only going upwards, hence offering brands an opportunity to build consumer trust.
However, there is a thin line between collecting in the name of personalized experience and claiming to maintain its security, where actual security measures sometimes take a backseat.
What can companies do to reassure consumers?
People talking in their friend circle, at office parties, at table discussions or at family get-togethers, will highlight how important data security is to them, lecturing others to maintain their distance from brands that are infamous for stealing personal data, and that goes to the high-profile social media giants too. However, the same majority of people, if not all will consistently rave on the same infamous social media giants, willing to provide their personal information without must questioning.
This might happen due to less awareness, understandable of how big brands keep the consumers busy by personalizing their experience, while they collect massive amounts of data. Most populations even side-line themselves into knowing what goes in, after the data is collected, choosing to keep themselves in oblivion.
While the brands take entire personal data from forms, browsing history, chats, phone calls to customer care, navigation information etc, it also becomes their responsibility to maintain secrecy with the data to reassure customers. Here is how they can do it:
- Must remain transparent about how the brands intend to use the consumer data.
- They must allow consumers to have a choice and easily opt out of data sharing.
- They can make it simple and easy for customers to choose what they wish to share or do not share.
- Brands must offer value-adding benefits to those customers who are willing to share their data.
- They should customize the company’s data-gathering strategy into different age-group segments.
While the statistics are inclined towards the drift of younger generations at the vulnerability of sharing personal data and not worrying too much about data privacy, the mature consumer base still maintains some distance and awareness on how the data would be used or in some cases misused.
In both cases, data privacy must not become less of a security concern for organizations, and should not be touted as an evolving market for the younger generation, easy to be swayed. On the contrary, brands need to address the concern more than ever with more stringent rules and policies that cannot be circumvented, especially for critical operations such as financial data, transactions etc. This will cement a robust relationship between brand and customer and lead to a harmonious journey.
One of the best ways brands can build consumer trust is by devising a proactive data security measure where customer engagement is transparent and resonates with the consumer’s expectations.
Hackers are criminal opportunists and travellers are their soft targets carrying security vulnerabilities on their backs.
You take on your travel journey to find solace, get away from the hustles or finalize your business meeting. What if amidst all the fun and adventure, you realize your mobile, email id or social media account has been hacked. You wouldn’t want to be stressed with a compromise on your confidential data, in some cases undergoing monetary loss and for some a reputation loss as well.
If you travel frequently to different parts of the world, then the data protection is an essential element whose importance supersedes everything else. While being away from home and your trusted network, you get access to unfamiliar WiFi in your hotel, in restaurants or in resorts. These free spots available at different places you head are the primary source of security threats for your devices and being extra careful is what your primacy must be.
This draws the vitality of considering data security measures before you take off on your next vacation, and we have curated come tips that can come in handy to add a safety shield to your cybersecurity:
- A strong password is the first layer of a security blanket
Your smartphone is only as smart for security as its password, so make sure to give it one that cannot be easily cracked. Moreover, if your device with a weak or no password gets stolen, you would be at risk of a cybersecurity breach, compromising your account details, and personal & sensitive information.
Therefore, a strong password with a combination of numeric, phrases and upper case-lower case letters. It will ensure that the phone or other device is difficult to break into, thus saving your personal details and saving you from monetary loss.
- Keep your vigilance high when using public WiFi hotspots
Often on your holidays, you read the sign at hotel reception ‘Free WiFi’. The mere mention of free WiFi raises your spirits and you start updating your social media account with holiday pictures. But, do you ever wonder if this free WiFi comes with a catch? Well, of course, it does! The moment you connect your device to a public WiFi hotspot, your device sends data over an unsecured network. This way you are compromising the security of your device and yourself while using public WiFi at the hands of hackers.
So, what do you do to avoid this issue?
Simple, be careful while connecting your device over an unsecured network and avoid it as much as possible.
- Turn on the two-factor authentication
Two-factor authentication grants you or anyone access to your device only after you present a second piece of evidence. While the first factor is the password, the second piece of authentication is the code sent to your mobile or email to confirm your identity.
This security shield creates an extra protection layer in case hackers try to gain access to your account.
- Keep WiFi auto-connect OFF for both your mobile device and laptop
If your device was once connected to a WiFi network, it will re-connect to the network whenever it is in the vicinity. This can be a potential threat to your confidential information. However, if you disable the feature of public WiFi connection, giving you the upper hand in controlling the network your device connects with.
- Invest in a VPN
VPN or virtual private network makes your online actions untraceable by encrypting the conversation or actions. With VPN, your connection becomes secure since hackers would not be able to see your IP address, which otherwise is openly visible to hackers on public WiFi.
- A reliable anti-virus and security solution is your best friend anywhere you go
Antivirus is the robust defender against malicious viruses that intend to damage your laptops and compromise your information. It is the basic and essential element that every device must-have.
And for your mobile devices you should have a cyber security app like Finlock that will work in the background to protect you from fraudulent attempts by scammers so that you can enjoy your travel.
This is especially pertinent if you travel a lot because then you would sometimes be bound to connect to an unfamiliar or unsecured connection. Having an anti-virus would act as a line of defence against malware and malicious hackers.
- Say no to public charging stations
Many hotels offer public charging points for your computer or other communication devices. While this might sound convenient at first, it must only be used in case of emergencies. Moreover, upon using them, make sure to change your account and device password to ensure your mobile, laptop or tablet is not affected by malware.
- Back up is a wise decision always
While you deploy technological solutions to shield your personal information from hackers, there might be occasions when you lose your data. And when you lose your device, its cost would be nothing in comparison to the data, personal account details, documents, plane tickets, hotel reservations and other critical login details that your device contains.
This is why backing up the data in a storage system before you head for travelling is a must to ensure you have access to the crucial information and can travel without hassle.
- Keep your operating system updated
Another crucial element for travellers is keeping their operating system up to date to eliminate the attempts from hackers to penetrate your device and get compromised. When your device has an updated OS, it ensures protection by identifying and solving the vulnerable spots.
- Come back to basics- Do No share your personal information
While adopting numerous technological solutions amalgamated vigilance is helpful, simply not sharing your personal information constantly on social media is the traditional yet effective technique.
- Never leave your devices unattended
When travelling, make sure all your devices are well attended to and physically protected to prevent a stranger from using them for unauthorized or malicious purposes. You can try using a biometric password to eliminate access to the device by an unknown person.
- Invest in personal cyber insurance
The speed through which we have adapted digital technology in our personal and professional life is too fast to track. While this shift is ascending, cyber risk is forming a deep connection with the technology. Therefore investing in personal cyber insurance can protect you from being liable for the damages that stem from theft. This is especially essential when you travel considering the possibility of data theft rises exponentially.
Finlock offers personal cyber insurance coverage of up to ₹5 lakh that will ensure hassle-free recovery of money stolen in the event of online fraud.
The mentioned tips are prime to protecting your security while travelling, but these can also be applied to your devices when at home. Cyberthreats exist everywhere and no place is secure from these risks. So, make sure you adopt as many tips as possible and above all stay vigilant against malicious people.
While you enjoy your holiday, it is vital that you keep cyber security at an even higher level to keep away the stress it can potentially induce.
The fraud we have all been acclimatized with at least once through SMS would certainly be the KYC scam that drives with an urgency to complete our KYC. It was the same case for the 81-year-old retired banker from Mumbai who got defrauded of Rs 7.5 lakh in a KYC fraud incident. The retired private banker became a victim when he received a message on his mobile number from an unidentified accused on 17th January 2022. The message masquerading as a scam stated that his SIM card would be blocked if he did not update his KYC details urgently. The trap worked in the scammer's favour when the octogenarian gave him a call on the number, who identified himself as the customer care executive. The build-up gave the accused an opportunity to download a screen sharing application and obtain a different number to guide the retired senior for the next steps of the deception.
While swindling over the senior’s vulnerability, the scammer caller asked him to make a transaction of Rs 10 and provide him with the complete banking details. Upon initiating the payment and receiving the bank account information, the fraudsters drained the octogenarian of ₹7,52,000 through a series of transactions.
By the time the senior banker could realize the unauthorized transactions from his account, he was already robbed and the only resort he had was to lodge a complaint with the police and alert the bank. While the case was registered for impersonation and cheating under the relevant sections of the Indian Penal Code and Information Technology Act, no arrests have yet been made and the probe is continuing.
While cases like these are orchestrated by the sophisticated criminals finding a vulnerability in a person through SMS, divulging one’s personal information to strangers, acquaintances or even known, is a matter of being aware and refraining to give in to the lucrative or urgent demands.
One of the many cases that Indians are bombarded with on a daily basis, the KYC SMS scam is real and it has proliferated across India, victimizing thousands of people. The fraudsters would make use of the technology by sending you a text message, pretending to be a company representative or bank employee to extract your personal bank account details. Once they succeed in their siphoning of your details, there is nothing stopping them from exhausting your bank account.
While all the banks, both public and private as well as RBI have issued notices on KYC SMS fraud and urged the people to never divulge their personal details, there would still be some who fall into the trap, especially the senior citizens who are more prone to these cyber frauds.
And the question that usually surfaces is, how do we identify the SMS as a fraud? Here is how to do it-
KYC Missing; New Proposal; Bank Account Closed; Urgent Action Needed
If you see such phrases in your message, BEWARE!
The RBI has clearly stated that banks will not pressurize their customers into completing KYC on an urgent basis. Moreover, no bank will ask for your personal details including bank account number, credit card information etc.
So, if someone does, then it is exactly the trap that drains you of your hard-earned money and your sleep, with investigations piling up for the police and no confirmed resolve.
KYC tends to be a vital and critical step for banks to be able to verify their customers' identities. It is done when a client opens their bank account and the bank receives their information. To enable the bank account, the customer has to prove their identity through a set of documents which is usually a very simple procedure that is not tied with punitive restrictions. So, all the whirl build-up by KYC SMS on urgency, KYC expiration, account blocked or renewal are the untrustworthy communications that deserve no attention from customers.
For all those still having a hard time separating safe SMS from the scam, keep these mantras handy:
- Stay calm & don't rush - Think twice with a calm mind before you click any link. While customers need to be very careful on which link they click and with whom they communicate their personal information, the need enhances multifold when they receive messages stating urgency from the bank.
- It's not your bank - Remember, no bank would ask you to update KYC over a message link. The banks across India have clearly highlighted over multiple platforms that they would never ask a customer to divulge their personal information over messages or call, let alone KYC update. If any customer receives such an SMS, it is only wise to not engage with the suspect and report the issue to the bank.
- Sharing is not caring - Never share your mobile number, account login details, personal information, copies of KYC documents, card information, PIN, password, OTP, or other confidential data with anyone, not even your family or friends.
- Technology at your assistance - You can also take the help of a mobile cyber security tool such as the Finlock app that uses advanced technology to detect fraudulent SMS for you. Finlock also offers cyber insurance up to ₹5 lakh to cover the losses due to fraud.
The usual modus operandi in the case of a fake KYC SMS would include unsolicited communication via SMS, asking you to engage in divulging certain personal details, account/login details/ card information, PIN, OTP, etc. In some cases, the scammers would even ask you to install an unauthorised or unverified application using a link for a KYC update. Now that you are aware of these techniques, you can avoid such SMS.
It was 2019 when customer data of India’s largest bank SBI (State Bank of India) was exposed to a major data breach. Customer information including partial account numbers, mobile numbers, transaction details, and account balances was compromised from an unsecured server. The nation shattering incident happened from the Mumbai data centre of SBI, where the server hosted SBI quick service. The server stored two months of customer data from SBI quick.
Something went wrong with the Fortune 500, top-ranked State Bank of India, which disastrously exposed its vulnerability to the fraudsters and ramshackle its name openly.
An error of judgment or mole in technology?
Well, SBI simply forgot to protect its server with a password, baring its massive data to be exploited and misused by scammers.
What remained unknown was for how long the server remained open and unprotected. This open access exposed in public, the outgoing messages of the customers in real-time alongside the daily archives of over two months, hence putting the financial details of millions of customers at risk. Worse still, the database included customers’ partial account numbers. The incident is now known as one of the worst cases of negligence and a basic security blanket could have been potentially used to profile the high net worth customers as targets for future frauds.
While the issue was resolved right after it went through its initial investigation, SBI nullified any claims of data risk and issued that the customer's financial details are completely secure with them.
What commenced as an act of clearly avoidable negligence from SBI by adopting the Password protected mandate on its server, was dismissed by the bank. The severity of a situation is alarming and it dismays the very step towards building a robust and cutting-edge safety net to protect customer data. The complications of a breach of this magnitude that victimize millions of its users are massive, and it causes users to lose trust in the foundations of the financial systems in the country.
Reiterating the breach in security, it wouldn’t come as a shock to you on knowing that according to a report by Surfshark, India ranks third in the global data breaches, with over 86 million people affected by the year 2021.
Data breaches are at an all-time high in India. On average Indians lost over ₹16.5 crores to the malware itself in 2021, according to a report by IBM Security and Ponemon Institute. While there are many factors to blame for the increasing vulnerability faced by Indians, the major one observed recently was the global pandemic that swept away security practices and victimized people. The pandemic witnessed data security taking a backseat when the health sector needed a boost. However, the irony is medical record data breach in India was at a record high during the pandemic, surfacing the lack of a security blanket and the need for a robust strategy that overcomes these loopholes.
Based on public information, Indians became the victims of more than just the infamous SBI data breach, some of which need mention:
1. Air India
It was March 2021, when Air India announced that it suffered a data breach of around 45 lakh users. The massive breach caused the information of its users leaked, including their name, mobile number, date of birth, email address, credit card information, ticket information, passport information, and frequent flyer data. It is unquestionably considered one of the most serious data leaks of all time, with the most vital documents at the mercy of scammers.
2. Domino’s India
On 22nd May 2021, an internet security researcher Rajshekhar Rajaharia unearthed the 18 crore Dominos’ India online leak. The breach exposed the names of customers, their email addresses, mobile number and GPS location. It was further highlighted that the credit card details of at least 10 lakh people in India were compromised in the leak.
The famously infamous Facebook India data breaches are known to all. The social media giant is notorious for its massive data leaks, and in the April of 2021, Facebook had an incident when the information of its 60 lakhs Indian users was compromised. The leaked data included Facebook ID, personal email ID, phone number, relationship status, date of birth and past locations of the users. Facebook commented on the data breach and mentioned that the scammers misused the company’s import tool, used to find friends. While Facebook claims that they have resolved the issues, going by its reputation on user data safety, the statement hardly holds value, especially when the leaked data set is reportedly posted on an online forum easily accessible to anyone.
Mobikwik, one of the most popular Indian digital wallet services, was the victim of a data breach that led to the data leak of 110 million Mobikwik users. The stolen information included users’ KYC documents, credit card details, Aadhaar card information, and mobile numbers.
India’s second-largest brokerage firm, Upstox became the victim of a data breach in April 2021. The leak exposed the KYC and contact details of 25 lakh Upstox users. According to Upstock, the data breach occurred from a third-party data warehouse. One can only imagine the seriousness of losing information on one’s stock information, and while Upstocx claims to have resolved the issue, the expanse of this leak still lingers.
The rapid shift from office to remote work in India was also a tremendous disruption of data security programs. The shift made it evident that as modernization and technology disruption enters the business and personal world, with tools as sophisticated as AI, machine learning, security analysis, data breaches will significantly become more cutting-edge. This draws the need for better security structures and leading-edge security programs at both public and private levels. People also need to be extra careful when they get to know about their stolen data. They should immediately change the credentials of the accounts that are compromised.
These major companies spend millions on data security but individuals can secure their devices at a very low cost by using cyber security apps like Fraud detection apps or phishing detection apps.
The curious case of Bishop Mittal, an Indian-origin tech support owner and scammer, involved in the defrauding of hundreds of victims across the US and India is every tech scam’s underline story. He and his associates were found guilty of swindling millions under the pretext of tech support issues to induce them to pay for them in order to get it resolved occupied headlines in 2019.
Bishop Mittal, 26 would rope in vulnerable people by placing pop-up ads on their computers and convince them of serious concerns, only to have them pay for fake issues. His associates and co-conspirators confirmed buying malicious pop-up adware from publishers across the globe. They would place these fake pop-ups on the victim’s computers deliberately. When the victims would call the technical support centre for resolving the issue, the conspirators would gain remote access to their computers. Once they had remote access to the computer, the fraudsters would fabricate a fictitious cause of computer technical fault, including the presence of a virus or malware. They would then induce the victims into paying for malware clean up or other associated services.
The conspirators would charge the victims somewhere around $200 to $2400, in order to make their system operable, and free from fake malware or virus. This tech scam went on for a long time, affecting hundreds of people and defrauding them for approximately $3 million.
Technical support scams have become a global industry-wide problem, where fraudsters deploy tactics that scare and trick the victim into giving in to their false claims, only to have them defrauded. They provide unnecessary technical support that is the creation of their scam, including fixing the software, system or issues that do not exist. The sole purpose of these tactics is to either scam you of money or place malware in your device through remote access and steal your confidential information.
India specifically has become a breeding ground for both fraudsters and victims, with over 69% of scam encounter rate in 2020 itself, according to a report by Microsoft. While 7 out of 10 consumers in India encountered technical support scams in 2020, a Microsoft survey highlighted that Millennials and males were most susceptible to losing money from such tech scams.
While these technical scammers are highly sophisticated and adept at what they do, how does the general public become aware and protect themselves from these cutting-edge fraudulent acts?
The best solution would be to gain knowledge on how the technical support scam works and find ways to keep yourself away from any contact. Let us guide you through a combed strategy for securing your system, money and the stress they bring.
How do tech support scams work?
Fraudsters might call you directly on your phone, pretend to be technical representatives and assist you on a computer/laptop issue. They might even coax the caller ID in order to enable a legitimate tech support number display from a genuine company. These scammers would then either ask you to install their applications or click on the link they provide to gain remote access to your system. When they gain remote access to your computer, these fraudsters misconstrue general & normal messages as prospective technical problems.
Fraudsters would initiate a virtual contact with your system by the display of fake error messages or popups on your most visited websites, with contact support numbers with the prospect of enticing you to interact with them. They might also lock your browser while displaying messages and pop-ups that remain on your screen incessantly. These fraudulent pop-ups are aimed at frightening you into giving your spoofed technical support hotline. Once you call the fake tech support, these scammers trick you into paying upfront for the fake technical issue or stealing your personal data.
How to protect yourself from a technical support scam?
The simplest way you can spot a technical support scam is by being aware of the signs of common giveaways that reflect on the popups or messages not being legitimate. Moreover, there are some pointers to keep handy, just in case you encounter a technical support scam.
- Genuine software companies such as Microsoft and Apple do not send unsolicited emails, pop up messages or phone calls, requesting your personal details. They do not reach out to you for providing technical support to fix your laptop or computer. In simple words, if you won’t ask Microsoft or Apple for advice at their designated email id and phone number, they won’t offer technical support.
- If you call a software company’s technical support, they would not ask you to open event viewer or settings to look for error messages.
- Software companies never ask for payments in the form of gift cards or cryptocurrency such as bitcoins.
While you look for these small yet vital elements, be sure to stay vigilant by adopting the following factors:
- If, in case you initiate a call with a technical support scammer, they might ask you to either download their software or pay upfront. In the former case, these scammers are simply seeking a way into your system through remote access. So, BEWARE! Never install an app or software from suspicious sources, which is potentially dangerous for your confidential data and leads to a virus penetration into your system.
- Look for the email address of the technical support you have interacted with. The easy way to spot a scammer is to check their “from” address, which might look legitimate, however, clicking on it would reveal their actual address.
- Run a security scan as a preventive measure to identify and wipe out any malware in your system.
While it is important to identify if you are being scammed, sometimes you may not be able to differentiate between fraud or genuine calls. In such cases, it is worthwhile to have Finlock’s premium plan. It provides you with a cyber insurance cover of up to Rs. 5 lakh. Besides this, the Finlock phishing alert app can protect you from downloading apps that may compromise your privacy or accessing malicious web links.
These scammers only have control of your system as long as you allow them to defraud you through the known and sometimes masquerading tricks. While such scammers have a specific slab of victims who can easily fall prey to their tricks, such as the elderly, awareness of these frauds can keep your data and money safe, to a good extent.
The best way people can protect themselves from technical scams is by being wary of the process in which way these scammers are targeting victims. Moreover, staying vigilant of unsolicited contacts from tech companies, especially suspicious, purported employees should be on your priority list.
Every Taxpayer nightmare: To be the potential victim of a swindler hiding under the pretext of offering a tax refund via a legitimate-looking SMS. These “Income-tax refund fake SMS” have the potential to dent your bank account balance badly.
As the first deadline for IT return nears, so does the expanding landscape of cybercriminal rackets targeting the tax slab population with fraudulent acts. Their scam SMS purportedly coming from the Income-tax department asks users to submit a refund application. And, in case you are wondering these scamsters impersonate regional banks, then allow us to widen your statistics on it.
According to a combined investigation conducted by the CyberPeace Foundation and Autobot Infosec Private Ltd, fraudulent messages purportedly from national banks such as ICICI, State Bank of India, Axis Bank, HDFC and Punjab National Bank have been doing the rounds for over a few years now. These innocuous messages targeting major Banks are intended at extracting personal data and in turn trigger a host of other criminal acts, including banking frauds and data theft.
Twitter threads have been flooded with personal experiences, where people receive scam messages that appear authentic and tempting to click. One such incident is shared by a Twitter user Karthik, who received a personalized message claiming to remit an unclaimed overdue tax refund of Rs 34,259. While nothing seems to be suspect in such messages, what can catch your eye is the link attached with the message, which in this case was Bitly. It as observed and complained from people across India was created by a Russian domain.
While vigilant people like Karthik would report such frauds online and make others aware of the concern, there might be some who would fall prey to the tempting dose of tax-refund, click on the link and open a can of worms that would eventually attack their personal information and account.
Impact of Income-tax Refund Fake SMS Fraud
The phishing scam of Income Tax refund taking the SMS platform has affected almost every taxpayer, wavering on the uncertainty of whether or not to click on the link, which is always suspicious.
It is this increasing Income Tax refund fake SMS landscape adopted by fraudsters that have influenced the Income Tax department to release a cautionary statement via their Twitter handle stating-
Following the warning, the Income Tax Department also alerts the general public that in case a refund is due to them, the IT department would not send a link to their mobile number. Moreover, entering the credit card or debit card details on these sites should be avoided at any point, considering they can be a phishing scam waiting to steal your personal account information, only to incur losses.
This already thriving cybercriminal scope tool leaps during Covid-19 when the Income Tax department of India announced that it would immediately issue refunds of up to 5 lakhs. This motion was to help the taxpayers tide over the uncertain situations during the nationwide lockdown. However, there were many taxpayers whose outstanding tax demand from the previous year was also pending. This tax demand needed to be adjusted against the tax refund announced by the IT department. To consider this announcement and situation, the IT department had been sending out emails to these taxpayers to communicate with them about the tax refund adjustment and was asking them to respond to the emails sent out. The taxpayers had to respond via their income tax account on the IT e-filing website.
This situation was taken as a breeding ground for income tax scams, where fraudsters sent out similar messages, that seemed almost genuine. This tactic of scamsters to always work in a similar pattern to the government announcements to seem legitimate often misconstrues the taxpayers, and sometimes victimizes them of financial and data fraud.
How do you differentiate fake SMS?
Simple, to start with, the IT department of India would not send you a link, rather would suggest you visit their official website and enter your login details to process the necessary requirements. Moreover, it is recommended to never share your confidential information such as card details, account number, OTP, Aadhar number etc to anyone. Additionally look for shabby language, spelling errors, suspicious links and other slight changes from normal to identify fake from real.
To keep your cyber safety and security on priority, the Finlock app gives you protection in your hands. With its intelligent technology, it can easily detect such fraud SMS. And if there is any weblink disguised as an IT website, the Fraud detection app can detect that too and save you from falling for such scam tricks. Moreover, Finlock offers a cyber insurance cover of upto 5 lakh to cover any losses you might incur due to fraudulent activities.
In a law enforcement breakthrough operation on one of the largest Nigerian cybercrime gangs that were becoming a pain in the neck around the world, 11 of SilverTerrier scamster members were arrested in December 2021. With the arrest, the infamous notorious gang operations that crippled the business industry through its business email compromise scams brought to light even the wider penetrating issue persisting in the cyber landscape of companies.
With the affected victim bandwidth of 50000 individuals and companies combined, the SilverTerrier are suspected to drive business email compromise as their key arrow strategy of targeting. What began in the 2014s as a bunch of novices based in Nigeria wanting quick money, took to BEC as their entry into the cybercrime world. The syndicate grew into active groups, accused of victimizing thousands of organizations under the pretext of business email, to attack, exploit and make them vulnerable to data compromise.
While the arrest of 11 members of the SilverTerrier syndicate, following a long-term Interpol tracking is a significant catch and might help identify the past, ongoing and future fraud projects under them, the landscape of business email compromise (BEC) remains a vast ground to be mitigated completely.
This incident is the smaller picture of how business email compromise scams (BECs) are corrupting the financial and reputation stance of businesses & individuals. Muddying the water, even more, digital transformation and disruption have advanced the trail of BEC scams. Patterns evolving include highly sophisticated, socially engineered and personalized emails to both companies, and individuals, where one compromised account becomes a breeding ground for the orchestrated plan.
What is a Business Email Compromise or BEC scam?
A Business Email Compromise scam usually follows an email message from criminals which appears to stem from a legitimate source, making a request. Such emails might trap victims such as a masquerading CEO asking the assistant to purchase gift cards for employees, a vendor your organization deals with, sending the monthly invoice with updated mailing addresses or a freelancer receiving an email message from the brand he/she works for, to send instructions on how to wire the month-end payment.
In each case, hundreds of thousands of people are victimized by the use of fake emails and fake email scams, appearing authentic in terms of every element, and every version marauding the people of their money and peace of mind.
Examples of Business Email Compromise scams
The Bogus Invoice Scheme- The most commonly affected by the bogus invoice scheme are the organizations that have foreign suppliers. Scamsters pretend to be suppliers and request a fund transfer to an account that is owned by the fraudsters. With attention to detail and a little persuasion, most often than not, companies tend to fall prey to such fraudsters.
CEO Fraud- Scamsters pretend to be the CEO of the company and send fraud emails masquerading as legitimate, to the employees in the finance department, requesting fund transfers to one of their accounts. The fraudsters misuse the position of the CEO and loot the organization of capital, without anyone suspecting until the money is wired.
Account Compromise- A company’s official email account gets hacked and is misused to request the transfer of invoice related funds to the vendors who are listed in their email contacts.
Attorney Impersonation- Scamsters pretend to be someone from a law firm, hiding under the pretext of handling something confidential. This scam often targets lower-level employees, who usually do not question the authenticity of the request made and respond without asking much.
Data Theft – Scamsters target bookkeeping or HR employees to obtain confidential, sensitive data, personally identifiable information, tax statements or financial records to create an ecosystem for potential attacks.
How do Criminals Carry Out BEC (Business Email Compromise) Scams?
A BEC scammer might do one or more of the below-mentioned acts to scam businesses and individuals:
- Hoax a website or an email account with variations that might go unnoticed to deceive victims into believing the account is authentic.
- Use malware through malicious software which infiltrates the company system or networks. The malware gives the scamsters access to legitimate email threads about invoices and billing financial transactions. This data enables scamsters to time and send messages to bookkeepers so they would not even question the authenticity of fund transfer requests and gives them undetected access to the business or individual confidential data.
- Send spear-phishing emails that appear to stem from trusted sources to trick victims into revealing sensitive and confidential information. This data gives scamsters access to company accounts, financial data, and calendars to carry out the BEC schemes.
BEC is often a starting point to break employees and carry out a larger cyberattack on companies.
How to Protect Yourself from Business Email Compromise (BEC) Scams?
- Vigilance is the key factor for protecting oneself from BEC scams, so be careful with what level and kind of information you share on social media platforms.
- Steer clear from clicking on unsolicited emails, attachments or links that ask you to verify your account or update data. Look up the suspicious email, address, and phone number online to check for the legitimacy of the scamster.
- Examine the URL, phone number, email address or spelling mistakes for slight variations that might trick a person’s attention and eye and eventually gain your trust.
- Verify the purchase and payment by calling in person to ensure that the account requesting fund transfer is legitimate.
- Prevention is better than cure, here comes the need for personal cyber insurance that may provide you with a cover against your monetary losses.
- Enabling a multi-factor authentication is another method restricting the mistaken fund transfer and gives you a safety cushion to think twice
- You can use smart phishing detection tools to get informed whenever a phishing attack is made on your device
Considering BEC scams are not circulated with fishy attachments or malicious links and are repleted with the tendency to evade even the well-devised traditional solutions, the only way out is consistent awareness, and employee training to help spot the scam on time.
And, while you incorporate training as a solution, don’t forget to stay vigilant and careful with what information you share on social media. Don't give the scammer an upper hand in guessing your password by completely making your life public. Moreover, before you click on a link, even if it seems legitimate, think twice about its contents and examine any difference which might be tricking you into gaining your trust.
Stay Vigilant! Stay Safe!
Did that romance scam break your heart or maybe your pocket?
We live in a world where the thought of being lonely hits every day, otherwise why else would we have virtual dating apps, social media romance and not so latest to join the bandwagon of virtual marriages. As indispensable social media is to the millennial, scams in every shape and form are deemed to happen. And fraud by someone you met virtually and developed a relationship with are the ones that rip off not just your bank balance but also your heart.
Or so it happened with a Pune resident in 2021, when she met someone while playing a virtual game. What started as a friendship online soon turned to a kindled romance and later to the transfer of funds to the “online” friend. Before she could even question the “online” friend’s intentions, she realized she was out of ₹15 lakh in just two years of meeting the person. She reported the incident to the police and it was later confirmed that she was the victim of an elaborate and sophisticated online romance scam.
So, is it true love or true crime that you are getting into with the virtual dating app you so fondly navigate every day?
The year 2021 2021 reported an 80% jump in romance scam cases over 2020 and in the last five years more than $1.3 billion were lost in such scams in the US alone, according to a report by the Federal Trade Commission (FTC). And 33% of the total romance scams happened on social media alone. This staggering figure is not meant to scare you but definitely alert you.
One might wonder if there is any way to identify scammers who are masquerading as your perfect match online? Well, if you haven’t been romantically scammed yet, then you are in luck, as we have curated just the listicle for your attention that will prevent you from falling into the trap of such fraudsters.
Identify Signs of romance scams
- Profess love too quickly
You meet someone online, spark an interest and start a conversation, where you share your likes and dislikes. The conversation goes on for days and out of surprise, your online friend professes to love, or in some cases even proposes marriage. All this without meeting the person physically even once.
What does it tell you? Like it or not, a scam is not its way to rip you off your heart and money.
- The NRI lie of a romance scammer
By far the most common online romance scam to surface and make headlines is the NRI scam. Your online friend is most likely to lie about living overseas, while in truth, the person might be living in the same country, or worse, the same city. They might refrain from meeting personally on the pretext of long distance.
Such lies mushroomed during Covid-19 when romance scamsters found the best period to fake their identity, take the relationship forward before they are ready to ask for a money favour, or in some cases claim extortion in exchange for personal information. These scamsters initially masquerade as high-profile individuals such as a doctor, in the military, working in an oil rig etc.
- Want you to pay for some expense through a lie
Once the romance blossoms, your online friend will cook up a lie, usually small where they would very conveniently, and indirectly ask for money favours. Such lies usually relate to asking for a plane ticket, customs fees, visa charges, gambling debts, by saying they will pay you back. But we all know how this end, neither do you see your money back nor the one who breaks your heart.
- Claims to need money for an emergency
Your online friend aka scamster might put you in a tough spot by asking for a money favour for an emergency. These fake emergencies can be finances for surgery, accident, family issue etc. Moreover, they would ask you to transfer money by wiring, gift cards or reload cards, rather than the usual bank account transfer to keep themselves safe and prevent the reverse transaction.
All the above scenarios will reflect a sense of urgency. Be it pretending to fall in love or asking for a money transfer. Every incident would seem like there is a hurry. And that is the biggest catch.
What to do in case of an online Romance Scam?
Do not get Scammed!
Well, easy for people to say this, but falling into a trap and getting mugged in the name of love is trickier than it sounds. Let’s understand how to prevent it from victimizing you.
If you suspect a romance scam, follow the following:
- Stop communicating with the person you are suspecting, immediately.
- Do not wire the person money and do not send them gift cards.
- Talk to a trustworthy person, who can be your family or a friend, tell them about the concern you are facing and how you got into the situation.
- Do your own search by the details your ‘online friend’ has shared with you. Look for the job type, employer, country they claim to live and their social media life. You might find something which will rest the case in your favour and save you from undergoing the entire trouble.
- Perform a reverse image search of the “online friend” to check if they are associated with some other name or personal details that somehow do not add up.
- Raise your voice on social media about such scamsters, to make others aware and prevent them from becoming victims.
- You can also report the cyber fraud to the Cyber Crime Reporting Portal in case of monetary damage done to you by the fraudsters.
Spread the word and raise vigilance. Most people shy away from sharing their stories or reporting the fraud of online romance scams for the fear of being judged, questioned, mocked by others. While vigilance is the key to preventing such scams, someone somewhere might still fall into the trap of such frauds. What makes the front seat here is how aware you are of these situations and how soon you identify something fishy, while not letting your vulnerability hold the steering.
It has been 12 years since Instagram was launched and its unparalleled growth has witnessed over 1 billion users accounts, sharing approximately 100 million pictures every day. What started as a means to share photos and keep connected, with fresh features than the once overpowering Facebook, Instagram has become a major means of small-business ideas, promotions and a haven for influencers.
With popularity at a massive scale, owing to innovative social media networks, unique visual twists, and a great way to stay in touch with family, friends and trends, Instagram is a staple in the modern world. But, the success story of every platform, no matter how big or small, follows the scary story of scams, financial frauds, reputation dents and personal information or data misuse for extortion or other criminal offences. Instagram is not just the gleeful place for posting vacation pictures, remembering day-night outs with friends, updating family photos or trying to fall in the rat race of influencers.
While Instagram does not have robust competition in terms of popularity, so does the surge in scams on the platform. The transparency of Instagram influencers, creators with their personal data such as email id, available on their profile, without a security shield makes them susceptible to scams. Under criminal infringement, such creators or budding Instagram entrepreneurs are at the vulnerable stage of getting scammed through the myriad online and offline means.
Most Common Instagram Scam Emails doing rounds on the platform
The world’s most popular social media platform has unknowingly invited cybercriminals who are penetrating into the sophisticated ways of targeting users through various means, such as:
Incorporate the use of bogus websites through links. When you click on the suspicious link you would be redirected to a fraud website that will ask for your login credentials or bank account information, under the pretence of the authorized body.
Bogus Brand Collaboration Requests
Fraud requests from an imposter or non-existing websites, offering to pay you for money in exchange for promoting their products. They, then steal your personal details, financial data once you provide them for payment, only to misuse it later.
Fake Investment Offers
The promise of handsome capital return in exchange for a small investment in different schemes, which most likely steal all your money.
The tempting zone of awarding a prize through the contest, where you are required to you are your personal information for payment purposes, only to have it abused.
Selling Likes and Followers
The rat race of more followers might turn ugly with fraudsters asking you to pay a small fee in exchange for more likes, followers on Instagram, leading to financial data being stolen.
Imposter Brand Accounts
The sheer ease and no-control of counterfeit products being bought and sold on Instagram, under imposter accounts, promising the delivery of goods, with no cash-on-delivery option, masquerading as a big brand.
Non-existent Job Offers
Extorting your personal information, such as bank account details, home address, phone number etc., by falsely claiming to be hiring managers, for misusing the data against you.
How do Instagram Scam Emails work?
There is no one way hackers feed on the vulnerability of an Instagram user.
Fraudsters might send you or someone you know a phishing email, masquerading as an authentic email, with a link under the pretext of Instagram, stating your login/password has expired. This link will redirect you to a page, which might not seem very bogus. These crooks then ask you to identify yourself by logging in to your Instagram account. And if you happen to follow these steps as they ask, that is when you have become their victim. Once they have your login details, it is not hard for them to extort other sensitive information or misuse your account for their benefit.
Another very common scam highlighted by Instagram users has been the fake copyright notices through emails asking to prove the user’s innocence. The hackers usually follow a standard, yet genuine seeming email stating “Hello Instagram user, we have recently received a complaint about a post on your Instagram account. Your post was reported as infringing copyright.
Your account would be removed unless you raise an objection to the copyrighted work. If you think this determination is incorrect, please fill the objection by clicking on the link below.” The email would be followed by an appeal button, containing a short link, which when clicked, will redirect you to another website.
There, you would be required to fill in your Instagram account details, causing your worst fears to come true.
How to stay safe from Instagram Scam Emails?
First things first, there is no greater security shield than the shield of vigilance! While you can go ahead with complaints against the scamsters, let’s start with keeping your senses wide open to recognise the threats and stay as far away from engaging with them as possible.
Moreover, you can adopt the following strategies to keep yourself safe from Instagram scam emails:
- Unless you are an influencer, a public figure or run your business on Instagram, it is recommended to keep your account private to mitigate the scamsters engaging with you or your personal data.
- Use strong passwords and two-way authentication to maintain a robust shield, difficult to be penetrated.
- Stay away from clicking on suspicious or for that matter any link that comes from a stranger. If you have the online fraud detection app on your phone, it can identify such fraudulent intent phishing weblinks.
- While buying from Instagram business profiles, make sure they are authentic, verified and have a genuine testimonial.
- Keep a tab on your login activity to ensure suspicious activity.
- Regularly review the third-party applications to make sure they are not stealing your data. You can use the phishing alert app to see which apps have access to your private data or have malicious intent.
- Do not respond to emails that seem unsolicited.
- If an email with a deal, discount or offer seems too good to be true, it is highly likely to be fake, so stay vigilant.
The intensity and bandwidth of Instagram scams are paving for an alert for active users on the platform. While you can always complain about the potential threat or scam, wouldn’t it be better if you stay in a safety zone by adopting simple yet effective measures while operating the Instagram account? Moreover, it would be healthy for your peace of mind, and you are more likely to gain the trust of your followers, thus more business, if you stay vigilant and promote the same.
Digital fraud of any kind is highly sophisticated and difficult to track, due to its existing characteristics. But it should scare off creating or for that matter scaling your Instagram account. Rather keep your eyes and ears open to threats that might be breeding under your nose, only to hit when a vulnerability rises.
Keep Safe, Keep growing!
According to Hornetsecurity team statistics, Amazon email scams, especially phishing emails have been on top of the global assaults, with a staggering 17.7%. With the rate of Amazon scam emails circulating around, you could be at the target of fraudsters next. Or you probably are, as we talk, without even realising it!
In a recent case of Amazon email scams, more than 2000 customers in one week, in the UK complained of receiving phishing emails claiming from the e-commerce giant and asking to fill out a form. The email claimed that the account of the recipient users has been locked and the users have to fill out the form, to complete the authentication process for the account to be unlocked.
Following bulk complaints on the email fraud, The UK’s national reporting centre for fraud and cybercrime action fraud issued an urgent warning to all the Amazon customers, raising an alarm about the issue and requesting them to not fall prey to the scam email.
While for some filtering out real from sus is hard for obvious reasons of how close to real these impersonator email appears, some on the other hand can be recognized easily by their poor draft, generous offers and unimaginable discounts or over the top claims.
So, let us delve into the type of Amazon scam emails impersonating as authentic, that has been hovering for a while, feeding on innocent users.
What are Amazon Scam Emails?
Amazon has issued an advisory on its website that if Amazon customers receive emails from the brand that looks suspicious, it might be a case of a phishing email. These phishing emails would contain a link inside it, when clicked on, would redirect you to a website that is not legitimate. This website will ask for your personal details relevant to Amazon, such as your username or password. It may also ask you to install unwanted software in your system.
Phishing fraud is a type of cyber-security scam that is conducted under the disguise of a trusted source to extract sensitive information and expose it to cause major loss of finance and reputation. Phishing emails are the weapon of cyber-criminals with the intent of stealing your personal information and infesting malware into the system and networks.
If you click on such a link, it is highly likely that you would become a victim of a phishing cyber-attack. While averting such emails is not possible in the digital age that we live in, we do have our security in our hands and can save ourselves and our confidential information to become a breeding ground for scammer’s benefit.
But, how do we stop these Amazon email scams from attacking us and protecting ourselves?
How to protect yourself from Amazon scam emails?
- Do not click on any suspicious links or open any attachments that seem phoney. If you did open the attachment or clicked on the link by mistake, make sure to not follow any further instructions. Moreover, it is highly recommended that you enable a two-step verification process in your account which will add a layer of security shield to your Amazon account.
- It is advised to Amazon users to enhance their vigilance of fake emails by spotting inappropriate grammar or spelling errors in the email content. Business giants like Amazon hire professional content specialists and copywriters. Moreover, the content written undergoes proofreading as well, which is a clear indication of Amazon making no such mistakes and such emails are definitely scams.
- If you receive emails claiming you have won a lottery, become a premium Amazon member, received a grand prize etc., never open such emails and delete them right away. Amazon does have a multitude of offers, but it never sends emails claiming you won something without ever participating in it or for that matter for free.
- If you receive an email that reflects a sense of urgency or threats forcing you to randomly click on the link or open an attachment, it is an alarm in itself and such emails need to be deleted at once.
In a situation when you are at crossroads of what to do with the Amazon scam emails or the one that you consider suspicious, we recommend you follow the tried and tested STOP technique.
S.T.O.P Method very clearly defines four simple questions that you ask yourself in the event of receiving an Amazon scam email:
S: Does this email look Suspicious?
T: Is this email Telling me to click a link?
O: Is this email Offering something extraordinary?
P: Is this email Pushing me to do something in haste?
And voila! You have the answer to something you were fretting over with the fear of getting scammed. All you have to do is follow the STOP technique and prevent yourself from a great deal of financial loss and anxiety.
What to do if you've been scammed by Amazon fraud emails?
Unfortunately, cyberattacks have become so sophisticated that it is difficult to mitigate their existence completely. These attacks have become a part of our security issues now, more, so because of the extent of public information availability and accessibility.
However, in the event of such an email scam or Amazon phishing email attack and your information or finances loss, you must immediately report it to your bank or credit card company of potential fraud and get your account and credit card blocked to prevent further misuse.
Moreover, you should also report the incident to the law enforcement and cyber-crime department.
Apart from reporting the issue immediately, you must change the login id and password details of your Amazon account to prevent further personal data or financial loss or misuse. While you take all these quick actions, you must also remember to stay vigilant against Amazon phishing emails circulating in an attempt to steal you of your personal data, money, reputation and lead to increased stress.
Amazon Scam Emails in a Nutshell!
Amazon is the biggest retail giant the world has witnessed to date and while it connects globally to millions of sellers and buyers ensuring a safe, streamlined and smooth e-commerce operation, it is also a breeding ground for scammers. Scammers see this retail business as an opportunity to exploit and extort as much financial and reputation loss as possible, despite Amazon’s cutting-edge technology.
Almost each of us has fallen for the fake emails, despite feeling something is off or seems phoney with either the offer, representation, too generous with discounts or doesn’t sound like Amazon. Whether it is an order confirmation email, a login failure email. Asking for feedback, offering discounts, making you a premium member email, the scams have circumvented every single vertical of Amazon fraud emails to cause havoc in the customer’s mindset, dipping sales and tarnishing reputation.
However, adopting the above pointers and staying vigilant, besides raising complaints with the relevant authorities is the right way to go about protecting yourself and averting such scam emails from fooling other people too.
The digital disruption in millennials has brought a multitude of get-rich verticals, but none like the roller-coaster of cryptocurrency. The hype is so big that when friends and family meet for fun or functions, the indispensable discussion of cryptocurrency never misses the light. Whoever has more of this virtual currency stored in, is lauded more for their business shrewdness. And why not, since the cryptocurrency inception, it has benefited a common man, millions, even though they might understand less of its safety, usefulness and future.
But why is it that this virtual currency is coming in the bad books of being vulnerable to frauds that can probably rip a person off entire savings? A recent incident of Elon Musk impersonators stealing more than $2 million from the investors in cryptocurrency frauds is one such example that highlights the security breaches on a rise. Moreover, if a fraudster can impersonate Elon Musk, one of the smartest men alive of our time, then there is a serious concern encompassing cryptocurrency than what meets the eye.
Adding to this potentially damaging trend on the rise, cryptocurrency has become the victim of the underlying problems of cutting-edge technology. Hackers are using the most sophisticated systems to plunk down your life savings and leave you high and dry.
The situation is graver than you can imagine, with the startling figure of 7000 consumers losing $80million since October 2020.
So, what causes cryptocurrency scams and who are the hackers behind these sophisticated breaches? To deep dive into the question, it is first pertinent to gain some insight into the common cryptocurrency scams-
The common cryptocurrency scams
A threat in the times of the digital world is inevitable. But if you know the threat, have some knowledge on how it and from which direction it can attack you, then you can strategize your measures. This holds true to cryptocurrency scams, where knowing what frauds can make your investment vulnerable to breach, can help you prepare against it.
While cryptocurrency scamsters are smart and sophisticated, you can stay one step ahead of them by expanding the common cryptocurrency scams you are up against.
- Ponzi schemes
A scheme where a victim is tricked into investing in a company that is practically non-existent. Imagine the level of persuasiveness and adeptness in their hacking profession would a person be to make you invest through a get-quick-rich scheme. Cryptocurrency becomes the ideal targeting tool as it is the on-its-innovating stage with no tangible appearance and has a difficult to track profile.
- Pump and dump
A common scam where fake investors persuade you to buy shares in companies that have little cryptocurrency presence, concealing false data and leaving the victim with worthless stocks.
- Fake celebrity endorsements
A classic case of a fake influential scam is where fraudsters hijack a celebrity’s social account or create fake ones to encourage investing in fake cryptocurrency.
- Fake exchanges
The most common and very prevalent fraud is when a scamster masquerading as an investor sends you fake emails or links with messages promising cryptocurrency in return. The catch, though, is that you would be required to pay a small fee, that apparently is not mentioned in the deal, you would never see back.
- Impostor apps
One of the worst cases of the smartphone world is cybercriminals spoofing legitimate cryptocurrency apps. These apps are uploaded on the play store for people to install, only to steal your personal data or plant malware in your device to steal your cryptocurrency wallet login details.
A riding name in the cybercrime market, phishing is one of the most common and highly adopted methods to conduct cryptocurrency frauds. Such fraudsters use every possible means of texts, email, social media to seem like a legitimate source. These sources dupe you into opening their message and steal login card credentials to cryptocurrency wallet.
How you can identify and tackle some of the most common types of cryptocurrency scams?
Cryptocurrency scams manifest in different forms, masquerading as valid sources, exploiting digital means to gain access to your cryptocurrency funds. This hoax does not always breed on people who are looking for get-quick-rich but can be sophisticated businesses with a fleet of security.
While avoiding a cryptocurrency scam entirely might not be possible, there are some elements that can identify real from fake. Staying vigilant is the best bet against such scamsters extorting cryptocurrency.
Let’s have a look at some tried and tested ways of protecting you from cryptocurrency scams:
- When the offer is too good to be true, there might be some catch behind it. It is recommended to get it checked multiple times, look for loopholes and probably skip the deal entirely, instead of giving in your details.
- Before you install a mobile app, always look for customer ratings, reviews, logo authenticity to weed out the real from the fraudster app.
- Engage in the practice of double-checking every time you receive a URL, email or social media message. Technology has surely offered some amazing benefits, but it has also enabled spoofing to cause a sophisticated breach of your personal data and finances. This makes it vital to ensure who you are dealing with, check their authenticity and look for credible information before engaging in any cryptocurrency transaction. You can fraud prevention apps that can notify you of each doubtful activity happening on your phone.
- Be aware that you are a target. Now that you are living in the millennial and are in some way associated with fintech or cryptocurrency, then you are at a target of potential fraud activity. The world is an open book in this age and the digital world has enabled access to every information from anywhere. The least you can do for your safety is to stay vigilant.
- Follow vigilance with being prepared. Create a system that can track such infringements. The system can be as simple as maintaining double-checks or as complex as using technology.
- Keep expanding your knowledge base. The complexity of cryptocurrency fraud will continue to evolve and expand its behaviour. The best fight against it is to educate yourself on what you are standing against.
- Safe browsing is a security blanket where not downloading unknown or suspected apps on your mobile and not visiting questionable, potentially harmful websites is the right way to go.
- The best form of safety is to avoid clicking on suspicious links, which no matter how tempting they sound might steal your personal data.
In a nutshell!
The increasing trail of cryptocurrency scams is a cry for much attention and high vigilance in the investment vertical. It is a matter of being stripped of your hard-earned money, that impacts not just you but your family as well. While this scam has been masquerading amongst the most reliable and trustworthy people, the real truth behind such scamsters remains questionable.
This calls for enhanced vigilance on your part to not fall prey to such fraudsters. While it is easier said than done, garnering significant knowledge on cryptocurrency before investing and asking questions that bring you satisfactory answers is one step to secure investing.
While the cryptocurrency is here to scale in businesses and for individual investors, following the above tips and evolving your knowledge, can keep you in the safety blanket against cryptocurrency scams.
Without a question, the time we are living in is seeing technological advancements that probably none of us thought of around a decade ago. It wouldn’t be wrong to say that our real existence today relies heavily on the virtual cyberspace we have created out there.
The digital banking system has proved to be the most noticeable perk of this cyber reliance. This has totally transformed the banking and transactional experiences of people. From bank counters to the billing counters of shopping centres, the long queues have diminished now.
But the vulnerabilities are parts and parcel of every perk adopted by the masses and these online transactions stand no exclusion to this list.
We all keep on encountering a number of scam calls or weblinks while surfing the internet probably on a daily basis. Despite tons of efforts by authorities to make people aware of online scams, we tend to make mistakes quite often (humans after all!) and these mistakes cost us our hard-earned money.
This article is all about undoing the same mistake and recovering the money lost to cyber fraud and if you are someone who is an avid internet user, you need to read it till the end.
Recently the government of India launched Citizen Financial Fraud helpline number 1930 for the victims of cyber frauds and also announced that the previous helpline number 155260 will be phased out gradually.
How does fraud reporting work?
The cyber cell deals with the menace in 4 gradual steps which are as follows;
- Reporting and Initiation of action
As a victim who lost money to cyber fraud, the individual is supposed to call 1930 thereafter police personnel will ask for minimum details and evidence of the scam. They will generate a ticket number for the complaint. Alongside this, the cyber police will also intimate the beneficiary bank and wallet merchant to ‘stop’ the transaction and put the amount to a halt.
- Trailing And Freezing
As soon as ‘stop’ intimation is given, the system will stop the flow of funds and will report back to the portal.
If in case the money has already been transferred, an alert will be sent to freeze the beneficiary account and render it unfunctional for online or offline transactions.
- Formal Complaint Filing
The complaint confirmation of step 1 is received in form of an SMS containing the reference number and a link to www.cybercrime.gov.in
The victim will then be required to file a formal complaint on the link provided within a span of 24 hours for further proceedings, to begin with.
- Getting the money back
After the complaint is registered formally on the portal, the police will swing into action to revert the money to the victim's account and investigations will kick start to trace the fraudster and book him/her under penal laws.
Note: In case the formal complaint is not lodged within 24 hours of calling the helpline, the frozen account will be set free and the concerned account will be able to do its transactions normally.
This portal will be of great help in real-time incident reporting, escalation and resolution of the issue. However, It will always be an appreciable thing to not fall for the online scams in the first place itself by surfing the internet responsibly and staying geared up with online fraud preventive apps such as FinLock on your device. Finlock plan also gives an assurance through cyber insurance of Rs. 1 lakh that makes the recovery hassle-free.
No matter which social media platform you open on your mobile today, you will see investment ads running all across the internet, somewhat driving you to invest. The extent of investment ads is so deep that it is now an indispensable part of our digital lives. While some exude authenticity and smart financial moves for a person, others come with an investment trap, pretty hard to identify. And just like every financial independent person finding ways for economic security in their life, falls prey to the shady ads offering high returns. The fake investment ads feed on not just the vulnerable people, but high-profile intellectuals too, with their cutting-edge masquerading talent.
When fake endorsements of Prince Harry and Meghan Markle can circumvent the internet to promote Bitcoin-related investments, we can only ideate the penetration of this scam in our daily lives. This nexus of scam advertisements has risen from merely 8,000 in 2016 to 34,000 in 2021, according to the FCA(Financial Conduct Authority). While it can be partially blamed on the rampant internet usage, there is a lot of contribution of the get-rich-quick attitude for the surge in scam investment ads over search engines and social media.
We all have someone in the family who has been a victim of such fake investment ads but seldom do we take our learnings from such incidents to become more vigilant on a platform as sensitive as the internet. Therefore, to ease your discomfort towards fake investment ads hiding behind the claims of huge return of investment, whilst stealing your hard-earned money, we have curated a complete guide to understanding the type of fake investment ads and how you can anticipate their truth.
Let’s dig in then.
Types of Fake Investment Ads
1. Advance fee scheme - This scam investment ad persuades the person to pay money upfront, never to hear from them again. Scammers in this case usually target those people who have lost their money before in some scheme and lure them with the offer to recover their financial loss. This, however, comes with the catch of paying a refundable fee, in the form of a deposit which when paid to the scammer is lost forever.
2. Boiler room scam - The famous Hera Pheri scam, where fraudsters create a makeshift office to convince people of their existence and persuade them to invest in their schemes has only turned more sophisticated. Boiler room scam has turned to the digital world now, and both physical and digital offices run away with your money by the time you realize it was fake.
3. Forex scam - The largest and the most liquid financial foreign exchange in the world has also been the scapegoat on many occasions for fake investment ads. Trading in foreign currency is always risky and many fake forex ads promote easy access to the exchange market through software or some courses. This highly sophisticated scam may turn out to be an unregulated act where your finances will not be invested as promised and you will end up transferring your hard-earned money to an offshore account, only to find it gone forever.
4. Offshore investing scam - For all those trying to avoid or reduce your taxes on your income, scammers are finding vulnerable gaps in your vigilance through offshore investing scams. These fake investment ads promise high ROI and profits if you send your money to an offshore account. Also known as tax-avoidance schemes, they are highly risky and might leave you to pay even more money in penalties or taxes, not to mention the high chances of you losing all or some of your money.
5. Pension scam - Targeting the most vulnerable of the lost, the retired people who have saved their life savings in FD or Locked-in retirement account (not eligible to be withdrawn until 55 or older). Such fake investment ads impersonate as a special Registered Retirement Saving Plan (RRSP), and promote lock-in your funds with high return, or get you 60-70 % of your money from the locked-in retirement funds. While the investment tends to be worthless, it causes a retired person to lose their life savings as well.
6. Pyramid scheme - The fake investment ads running across digital and physical platforms promoting pyramid schemes have engulfed the entire world and challenged even the most financially equipped nations. Pyramid schemes recruit people with the promise of enhanced finances and money multiplied on every addition of a person. However, for every person to join the chain, they have to pay a certain amount. While people do make some money and profit in their initial days of investment, it soon boils down to a big scam that gulps the entire families of their finances and life savings.
Signs that reflect an investment ad is a scam:
- Claims of low risk in investment and high returns
- Trying to convince you that it is based on insider information and hence less risky
- Insisting on investing right away
- Business or individual seller with no registration to sell investments.
How can you protect yourself from being deceived by an investment scam?
- Verify Business - Be sure to confirm authenticity by checking the background of the business or individual selling you an investment. A person or business needs to be a registered and licenced seller to be able to offer investment schemes, as well as a disciplinary history in the domain.
- Quick Rich Schemes are Scam - The quick and easy rich scheme is always a scam and no matter how lucrative they sound; you need to stop yourself from being lured into such scams.
- Don’t Trust Unknown Sources - Steer clear from fishy promotional ads, emails, phone calls, or even in-person meetings that can potentially cheat you of your money.
- Don’t Rush to Invest - The urgency factor in investment is one of the prime signs that the ad is a scam. All the talk of; only for your scheme or the scheme will expire tomorrow is simply a way to lure you into the trap and steal your money. Always do some research on your end.
- Do not fall for some rich couple having a luxurious holiday giving testimonials for an investment scheme. Remember if the video of Prince of Sussex can be misused for an investment scam, there is very little you can trust without inquiring about the actual facts.
The increasing number of investment frauds is impacting millions of lives where people invest their life savings in the hope of receiving high returns. This hoax has been crippling the entire financial domain and is consistently becoming a challenge to overcome. Senior citizens are more likely to fall prey to such internet frauds but they can avoid this if they take precautions in advance.
However, with some information and staying vigilant on the prospects where you invest, you can easily avoid such scams. The best way is definitely to not fall prey to high return schemes and always double-check the registration of the business or individual who is trying to sell you the investment scheme.
It is the small step towards awareness that can save your finances and lead you to security.
Can you recall your phone buzzing off and giving you moments of joy because the message you received is awarding you a life-changing amount? Or Do you remember that call from a stranger promising you lacs and crores citing your phone number was lucky? If your answer is “YES”, you probably have somewhat an idea of the tip of the iceberg and you have to read the article till the end to know more about lottery fraud.
What Is Lottery Fraud? How exactly is it executed?
As the very name speaks volumes about itself, Lottery fraud is an online fraud with an intent to rob off your hard-earned money by deceiving you into believing that you have won a lottery.
As shown in the image above, this is somewhat how a random lottery fraud email or message is going to look like. You get out of your senses in a sudden rush of joy and land in trouble. You are taken into confidence that you have won a huge lottery and to claim it you just need to pay off the minor government taxes imposed on your lottery amount. You accept this offer and follow the steps as instructed by the email or phone call, thus. enabling the scammer to succeed in his plans. Not only have you transferred the processing fee to the fraudster but you have also handed them over your card details which means all your account balance.
Below are some of the common lottery frauds that you need to be cautious about:
- RBI Lottery - RBI does not offer any lottery. There have been cases where people have been duped into paying to get huge sums of money from their winning from fictitious ‘RBI Lottery’.
- KBC Lottery - Kaun Banega Crorepati (KBC) is just a game show and doesn’t indulge in giving away money to people. All such schemes in the name of KBC are scams.
- SnapDeal Lucky Draw - this is another case of scam where fraudsters have been misleading people by using popular brand names to name their con schemes.
What to do if you have already fallen into the trap?
If you have been caught up in any such scam wherein you not only lost your valuables but also ended up sharing your financial credentials, you need to;
- Contact your bank via customer support and request them to block your card and all the transactions associated with your account thereby leaving no room for the fraudster to misuse your card in the future.
- Reach out to the website of the National Cybercrime Reporting Portal and file an official complaint submitting all the evidence you have in the form of screenshots and transaction reports.
How to prevent these lottery scams beforehand?
- Don’t trust the good news coming from sources wherein you never contested for a lottery.
- Rely on your intellect and don’t pay heed to offers sounding too good to be true.
- Avoid entertaining or engaging with emails loaded with tons of graphics and quintals of grammar errors.
- Do not interact with the links without a padlock sign (must start with https://)
- Never pay taxes on lottery amount upfront. That’s not how the lottery system works.
- You might even receive couriers promising you cash awards, ignore them.
- Just don’t pay heed to emails from Yahoo/Hotmail/Gmail extensions giving a lottery. If you actually have been shortlisted by the Kaun Banega Crorepati team, you would get email from their official email address.
- Use a fraud protection app like FinLock that not only forewarns you about potential scam websites these frauds require you to visit but also assists you at every step in filing the complaint if you have fallen prey to the gimmick.
It needs to be summed up by answering the question ‘How exactly do these scammers get the very first hold of your name, number and emails to lay the trap around you?’
The answer to this lies in your ways of surfing the internet. There are hundreds and thousands of insecure websites and public WIFIs wherein you don’t hesitate to fill in your crucial details in exchange for maybe some silly subscriptions or game reports. These websites sell your info to scammers and what follows next has already been explained.
The crux lies in responsible usage of the internet and visiting only the secured and trusted websites.
Nowadays, app stores and various internet platforms have a plethora of apps providing instant loans thus enticing us to use them to meet our ever-growing financial needs. Lockdown induced by the Covid pandemic has stressed families financially and the offer of availability of loans instantly is something hard to ignore. While this may seem a boon from a broader view, the closer picture depicts this has paved gateways for scammers and fraudsters to come up with newly devised ways to cheat us, such as instant loan app fraud.
In order for individuals to not get scammed, they should be pro at distinguishing between original apps and fake ones launched with not so good intent. The reason, why you need to be a “Pro”, is because being a layman would find it extremely difficult as the scammers spend a lot of endeavours to make their apps look more original than the Original Ones themselves.
Financial frauds are growing at an explosive rate ever since the pandemic has hit us hard. As the cases keep on rising, being well versed with correct knowledge and awareness can gear up us to save our finances.
According to RBI, till last year more than 80 Android Application stores were occupied by 1100+ instant loan providing apps. Shockingly, close to 600 apps of these were laid down as a trap by scammers to rob off individuals falling prey to their gimmicks.
Here are some signs that indicate the instant loan provider application is not legit
- The Lender App is not concerned about your KYC details
In an age where the government is insisting everyone keep track even of their minimalistic transactions, these apps would be ready to lend you the amount without any sort of documentation and regardless of your past record/CIBIL score.
- Compels you to act instantly
They will often exert uncalled-for pressure on you to apply for a loan immediately. The whole motive behind this is to scam you before their cover is blown by some previous victim's report and the app store platform is snatched away from them.
- Won’t disclose their concrete charges
These lenders won't reveal the actual details of applications and would vaguely promise you a 0% ROI (Rate of Interest) on the repayment of debt. Back out from these luring ASAP.
- Lender's website isn’t credible
Usually, these websites are devoid of an authentic SSL certificate. Hence, you wouldn’t be able to spot the padlock symbol before their domain name/on their website. These websites are incapable of securing your data and financial credentials and cannot be authenticated. Hence, it's always a wise decision to avoid trusting lenders with such low trust score websites.
- Absence of a verifiable physical address
To avoid legal consequences these apps/websites won’t ever reveal verifiable office address/contact details. If you can’t locate these details on their website, you have your warning indicator.
- App taking irrelevant permissions
One methodology used by these instant loan app fraud companies to recover lent money is to extract contacts from your phone and then blackmail you to harass them. Many times they even message or call your contacts to put pressure on you and humiliate you. In several cases, it has been found that such companies have stolen personal photographs from users’ phones and posted them on disreputable websites. So, whenever a loan app is asking for permissions to read your contact, SMS, gallery, etc., immediately stop there.
Here are the measures you can take to sideline the instant loan app fraud
- Check if the Lender is approved by RBI
The very first verification you have to do is check if the app is registered with RBI. Apps not adhering to RBI norms may cause you present and futuristic troubles. A list of approved lenders by RBI can be found on the Sachet portal RBI.
- Be vigilant about the loopholes
Unlike authentic RBI approved loan apps, fraud ones don’t or seldom have a website. Even if they have managed to acquire a spot among listed apps, a thorough run up through their websites privacy policies and reviews section will prove to be a wise and cash saving decision for you.
- Do not fall for low interest rates
The most common way these apps lure you is via offering an extremely low or negligible rate of interest on the repayment. Such apps extract out heavy pre-payment and processing charges from you.
- Install a good Cyber Fraud Protection App in your device
Usually, these lenders direct you to insecure and threatful links in order for you to submit your details in the name of the loan request application. Having a fraud protection app like FinLock installed on your device is always an ace move. It not only saves you from scammy websites and fraudulent apps but also guards you with Cyber Fraud Insurance worth Rs 1,00,000.
With the rapid fast penetration of the internet among the Indian populace, senior citizens are also not untouched by the digital space and ease of shopping/transactions offered by the internet. Elders of your family being newbies to this world of webspace, become an easy target for scamsters to meet their obvious motives. And so there is a need for digital literacy for senior citizens too. Here are some tips for senior citizens to protect them from cyber fraud and phishing attacks.
Loneliness and social isolation of senior citizens also make them ideal prey for cybercriminals on the hunt.
The National Crime Records Bureau (NCRB) also stands by the above statement when it says that senior citizens are the most vulnerable beings towards any sort of crime or fraud.
The last published crime statistics by NCRB in 2020, revealed a total of 24,794 criminal cases against elderlies that are reported in 2020 alone and more than 81000 cases were found to be pending in courts.
Reasons behind senior citizens being a soft target for criminals are many, but if a few key points are to be looked upon then they are:
- The generation gap and their inability to keep up with the technological advancements.
- Isolation from the mainstream public thus less awareness about surrounding and patterns of prevalent cyber crimes.
- Sluggish defense mechanism, low analytical abilities and slower response rate.
Dos and Don'ts for Senior citizens to prevent cyber frauds while using the internet
- Educate them not to click risky links: No! If that company is hell-bent on awarding you its major portion of revenue that too, free of cost, you have to ask your elders not to give their details there. We are living in a time-zone where no one is gentle enough to offer you a cup of tea as a giveaway, someone offering millions of dollars or I-phones for free isn’t genuine in any given condition.
- Prefer a variety of passwords: Though it’s an easy practice, but having the same password across every social media, email and bank accounts is a terrible approach. Either you yourself do it on behalf of elders, who are technically not well versed or guide them to use different passwords for different accounts. This toughens the game for fraudsters.
- Keep a watch on who they are interacting with on internet: The loneliness of your elders created out of the generation gap makes them trust any random stranger on the internet who connects with them sweetly. There have been Incidents wherein senior adults fell easy prey to the cons of scammers on social media and provided them with their banks and personal life details.
- Educate them about government cyber security portals: When oldies are an easy target for scammers because of their technically laggard awareness, it’s your foremost responsibility to teach them to file a report on National Cyber Crime Reporting Portal. Alternatively, you can also save Cyber Crime Reporting Helpline 155-260 on their cellphone and ask them to use it when in need.
- Install fraud prevention app on their smartphones: In today’s fast-moving age, you cannot remain 24/7 close to the elders of your family. When you are away from them and not assisting them in their web space activities, they become a soft target for cybercriminals.
It is always an advisable and wise move for you to install an online fraud protection app like FinLock on the smartphones of elderly in your family. The AI-powered app not only warns its users of suspicious links or websites but also detects and alerts in case of potential sim swap attempts and UPI frauds. And all this is backed up by Rs. 1 lakh cyber fraud insurance if any uncertainty happens.
Several adults look forward to learning about the internet and matching up with the technologically advanced youth which is of course a very positive thing to do. Your responsibility as a well-wisher is to ensure that they achieve their goals safely.
Can you recall a telephonic encounter with a stranger throwing tips and tricks to dig out your UPI pin? We guess the answer is a YES and most probably that’s the reason you are here. Mobile wallets like GPay, BHIM, Paytm, etc. have proved to be a boon in terms of inter-bank and intra-bank transactions. But, as we all know every technological advancement comes with a loophole, these wallets are no exception to it. That is the reason you must know how to report UPI fraud online.
Within a few couples of years of its launch, the UPI apps have proved their mettle but at the same time fraudsters and hackers have figured out ways to steal your hard-earned money. There are instances wherein the scammers trick you into clicking malicious links via SMS or emails, or scanning QR Codes which then directs you to a UPI gateway prompting you to enter your PIN in order for you to receive a payment/claim a gift. The moment you enter your UPI pin, the amount instead of being credited gets debited right under your nose. Alternatively, the fraudsters meet the same motive by tricking you cleverly on phone calls as well. You losing your money to such a con implies a UPI fraud.
Thousands of UPI users have lost lakhs and crores of worth in total falling prey to gimmicks of scammers, the recent case being that of Vinod Kambli, a renowned cricketer who lost Rs 1.14 lakhs to a UPI scam. If you or someone who is known to you happens to be a UPI scam victim, continue reading.
How to respond to a UPI fraud or a monetary loss due to a UPI scam?
As soon as you notice suspicious transactions happening with your account or you have already been a victim of a UPI fraud, be very immediate to take screenshots of transactions, note the transaction ID and beneficiary account details.
This is the info that’s going to pave chances for you to get your money back. Change your PINs and MPINs thereafter. Take the following actions if you have lost your hard-earned money to a scammer or a UPI fraud
1) Lodge a Complaint with Cyber Cell
A UPI fraud can turn the entire table for you within a matter of seconds, hence, you are required to be quick with your response. Lodge a complaint within 2 hours of fraud by calling the cyber cell helpline number 155260 or filing a complaint at National Cybercrime Reporting Portal. You can also rush to your nearest cyber cell and lodge a written complaint about the UPI scam you have been the victim of. Also, this reporting of the UPI fraud will help you to keep a track of the proceeding of the case and action taken during the investigation.
2) Report the UPI fraud To Your Bank
Immediately contact your bank giving the representative the complete details, the quicker you report UPI fraud the safer your money will be. Though time-consuming and less preferable, you can alternatively mail your respective branch along with all the screenshots and shreds of evidence you collected.
Request the representative to block your bank account which will be processed after a few verification steps, this will put every transaction at a halt. Reporting within 3 days of the fraud increases your chances of loss recovery.
3) Contact The UPI Platform
Since you have been the victim of a UPI fraud, you must be using either of these UPI payment apps viz Gpay, PhonePe, Paytm, Bhim, etc. Call the toll free numbers of these service providers to register your complaint. These platforms often provide you with details that strengthen your complaint lodged with the bank and police.
What can you do to prevent UPI frauds from happening?
Be super-vigilant while surfing the internet and avoid giving your precious credentials such as mobile numbers, emails addresses, etc. on random websites, hoping you will get freebies in return. In the end, these are details that act as lead for the hackers to get in touch with you with evil intentions.
Do not provide your UPI pins to any person regardless of the organization they are calling from. And remember you don't have to enter your UPI Pin to receive money.
Install an active protection app like FinLock that helps you recognize potential threats and fraudulent UPI QR codes well in advance. And not just this, if under a worst-case scenario you still happen to make the mistake, the application provides you top-notch assistance in reporting the fraud along with giving you an insurance cover of Rs. 1 lakh.
Fraudsters aren’t smart souls but simply the evils booming on your carelessness and lack of alertness.
In a world driven by technology, the internet has become a staple in our daily lives. Tech Giants across the globe have invested billions of dollars to curate a network of devices that drives you to utilise their ease of usage and access through the power of the internet. This has led to a stark increase in the utilisation of heavy bandwidth and data across the globe, causing people to invest in broadband and fiber connections that offer strong reliable data at cheaper and more affordable costs. But your home Wi-Fi can't accompany you on your next trip out of the house. This results in you craving those sweet unlimited data packs while not shelling out the seemingly hefty prices of your limited mobile data plans. Thus, you give in to your cravings and indulge in a free public Wi-Fi hotspot nearby that may expose your system to the cyber security risk that occurs while using public wifi. But here is why that Wi-Fi toggle might cost you a lot more than you might think.
Public Wi-Fi's can be found in a number of locations, be it your nearby fast-food restaurant or even a transport hub like the railway station or the airport. These areas boast the lure of “Free Wi-Fi" but the cost of scouring your social media on these networks might be your privacy. Public Wi-Fi hotspots are often used as hunting grounds by attackers and hackers who can join into the same open Wi-Fi network you are enjoying and steal valuable private data that can pose imminent future problems. You can stop them to some extent by using a phishing alert system on your phone.
Types of Cyber security risks while using Public WiFi Hotspot
Man in the middle attacksOne of the most common examples of these attacks is known as “Man in the Middle attacks”. This is essentially a technique in which an attacker eavesdrops on your conversations between your device and the internet server by stealing the data between those two junctions. The most troubling aspect of these attacks are that these are undetectable to an untrained eye, and can prove deadly to your private log in details or even your bank account credentials.
Malware Distribution attacksAnother major attack that is rampant in these cases is a Virus or Malware distribution attack, where a hacker can inject a backdoor to your phone or computer’s operating system and can trigger it whenever he/she desires, causing each and every personal data string on your device be subjected to being stolen or misused. This is deadlier than a “man in the middle” attack because once the virus is injected into your device, the hacker can exploit this backdoor even if you are not connected to the same public Wi-Fi network, making it easier for the attackers to steal vital information whenever they feel like it.
Cyber stalkingAttackers can also utilise these free Wi-Fi zones as stalking areas whereby utilising special software and gadgets, they can see in real time each and every website you are accessing from the confines of your personal device. Almost every public hotspot remains unencrypted, and therefore attackers can even check messages or files you have sent while using the Wi-Fi network, and can accomplish additional crimes like identity theft and bank frauds easily and frequently without even running the risk of being traced or detected.
Analysing these aspects of attacks and exploits that are achievable just through an open Public Wi-Fi hotspot really puts into focus the value of privacy and good decision making in our daily lives. Just by indulging in a few minutes of online shopping or having a chat with a friend to pass some time, you are leaving yourself vulnerable at the mercy of hackers and attackers who won’t think twice before emptying your bank accounts and misusing your login credentials in a matter of seconds. Seems like a very hefty price to pay for a few minutes of free internet.
Tips to secure your system while using a public Wifi Hotspot
Here are some methods through which you can better protect yourself from the cybersecurity risks while using public Wi-Fi:-
a) If you are signing up for public Wi-Fi access, don't share your personal information and avoid accessing websites where you are required to enter any log-in or financial information such as your internet banking accounts or transactions on e-commerce sites.
b) Restrict hackers from accessing your files stored on your personal device through the open Wi-Fi network. You can do that by going to Network and Sharing Center on your PC, then Change advanced sharing settings and then Turn off file and printer sharing.
c) Using a VPN is one of the most effective tricks to secure yourself from a potential data leak as it encrypts the data accessed by your device and makes it harder for people on the network to track your activities.
d) Turn off “Auto-connect to WiFi networks” on your device to prevent your personal device to automatically connect to a nearby unsecure public WiFi hotspot.
e) Only visit credible sites using HTTPS (indicated by a lock sign in the address bar) as these are secure sites that use an added encryption to ensure that your data doesn't fall into the wrong hands.
You know this already that Virtual is the new life. Be it News, Entertainment, and Oh, Shopping, everything has shifted online. It has become almost impossible to not get our personal information like email, name, mobile number exposed to online world.
Every e-commerce company, these days, has your card details. Wonder what the effects might be once their databases are compromised? Well, let’s not forget the recent data breaches that have taken place in companies. And there you need to know about cyber insurance in India and things it covers.
Need of a Personal Cyber Insurance
Cyber-attacks and their impact on business are in the limelight right now and data breaches have been around for quite some time now. There is a lot that goes out to the reach of the fraudsters such as your email, card details, mobile number, and addresses.
Let’s look at some of the very massive and huge data breaches that took place.
- In April 2021, Facebook data leak of 533 million users
- In April 2021, breach of 500 mn Linkedin users
- In February 2019, account details of 422 mn SBI customers compromised
Definitely the fraudster is not going to wait now that they have the information they need to move ahead.
Let’s talk about the after effects.
If a business undergoes a cyberattack, there are two risks that comes in parallel: the cost of handling it and the reputational.
Going back to a study done by Accenture and the Ponemon Institute in 2018, the average cost of a malware attack on a company is over $2.5 million and it takes more than 50 days to recover from the attack.
Speaking of recovery, it is pretty normal for businesses to proceed with cyber insurance that will endure their losses and help them recover. Rising cases of cyber threats explain the need for cyber insurance companies in India.
Beyond just businesses, do you think individuals are safe? Are you safe?
Now that every tiny personal detail is out in the air, it is very obvious before a fraud trade gets placed with you.
Wondering what to do? / How to protect yourself from being exposed to financial losses due to cyber crimes? As we said, we have the answer and i.e. – Cyber Insurance.
Just like businesses, individuals can also opt for cyber insurance plans. Most of the insurance companies in India offer retail cyber insurance plans.
This is a new concept in India and you might be wondering, is there a need for Cyber Insurance? Or is it just a western fad trying to make its way to blend in?
We have answers and we don’t want to keep all the knowledge about Cyber Insurance with us. So, you know what to do, right?
Personal Cyber Insurance in India – What is it?
Retail or Personal Cyber Insurance, as the name says is an insurance policy that has been designed to ensure financial safety of individuals from digital frauds carried out through phishing, malware or sim-jacking.
Annual premium varies depending on the protection cover you tak. Premium is not subject to the age of policy holder as it is in the case of life or health insurance.
Some plans not only cover monetary losses but also provide cover against legal defence cost. They also cover third party loss as cyber data breach of an individual may lead to monetary loss of others too.
How Personal Cyber Insurance is helpful?
For starters, if you have the policy, it will help in providing potential coverage of losses from the attack and will help you recover from it, in ways big or small.
However, one thing that you must know about Cyber Insurance is its objectives and the protection it will offer. The best practice is to understand the coverage before signing up for the scheme.
Recently, Global cyber insurance industry was valued at $7.8 billion in 2020 and is making a swift growth at 21% CAGR extending its reach to $13.9 billion in 2023 and $20.4 billion in 2025.
You can clearly see the growth rate of this industry compared to other insurance products/options.
Let’s address the elephant in the room as well when we are mentioning ‘’cyber threats’’ and ‘’cyber attacks’’. It is significant that people understand and have the required knowledge of how cyber insurance is a boon to both i.e., their business and to them.
Cyber Insurance – Why Do You Need It Though?
Before you get any ideas, ladies and gentleman, Cyber Insurance isn’t some silver bullet that aims to take care of your cybersecurity issues. No No.
But having an insurance plan than not having it is a good idea especially when your hard-earned money is at stake. It is like having a safety net which aims to safeguard you in case you go through a loss via cyber threats.
The Pandemic has certainly taken a toll on online payments. With more and more individuals moving to the digital means for processing payments, cyber threats have made their way.
With an increase in individuals browsing social media websites for entertainment, there is also an adverse increase of incidents like cyber-attacks, spyware, phishing emails, and so on.
According to a survey of Indian consumers by FIS in April 2021, 34% of participants reported financial fraud over past 12 months. This figure rises to 41% for those in the age group of 25-29 years.
You probably could be the next victim of a cyber threat. You never know, do you? Better safe than sorry!
This is where cyber insurance comes in.
Regular Cyber Insurance Plans in India Vs FinLock
Let’s look at the comparison for both the options.