Another type of Customs fraud is when a person posing as Customs officer informs the victim that a parcel containing an “illegal item” has been confiscated and that they will be penalised if they don’t pay up. And what follows after is a series of links and OTPs, which cause victims to lose tens of lakhs of rupees.
According to National Crime Records Bureau, in 2021, close to 53,000 cybercrime cases were filed, of which over 11,400 were related to impersonation
Brijesh Singh, Principal Secretary to the Maharashtra chief minister; Akshat Khetan, Founder of AUCL; and Jiten Jain, Director at Voyager Infosec, discuss the menace of Customs scams and the dos and don’ts while dealing with people online.
Edited Excerpt:
Q: Help us understand and explain how people can differentiate between a genuine query from a Customs officer or a courier company and a possible scam?
Singh: First of all, there are many red flags. For example, why are you receiving a call if you haven’t ordered something? Generally, if you have ordered something, there’s a system for tracking your parcel, and it’s available on an app. So these are usually fraudulent calls about certain packages you have not ordered, or they create a sense of urgency by saying that your parcel contains illegal items, that you haven’t paid Customs duties, or that it has been detained for money laundering and things like that. Then, these fraudsters generally pass it on to somebody who’s impersonating a government official. So what is done is that an atmosphere of fear and urgency is created, which immediately leads to a demand for money. So this is something that people should be aware of. First of all, the government would never contact you on WhatsApp or all these unofficial channels, and no demand for money would ever be made.
Read Here | Digital Arrests: Mass awareness & stringent action are the need of the hour, say cops and lawyers
Q: Another thing, as we discussed earlier, is that once a person realises that he or she has been scammed, what should be the next step? Throughout this week, and even before this, we have been talking about what people should call 1930, so if you can elaborate and add your perspective to that, why is the golden hour important?
Singh: First of all, it’s very important to note all the details about these fraudsters because they are using common infrastructure. So if there is one fraudster, he is making multiple robocalls, and if this is identified in time, then if you call 1930, the flight of money can be stopped. Also, TRAI can get into the picture by stopping and telling the telecom operators to stop these calls from these particular numbers; they can also be blocked.
There is also the TRAI DND app, which helps you report these calls. The TRAI DND 3 app would help you record and inform TRAI about suspicious phone calls. But if you are a victim or somebody has attempted to defraud you, like this, note down everything. Note down the number from which the call came, if there’s an email, if a logo has been impersonated, or if a particular UPI ID or bank account has been given. Save all these things—screenshot, if there’s an email, save it with headers. This all would become evidence when an investigation takes place. It also helps authorities to stop this criminal infrastructure from defrauding other people.
Q: You have started offering legal services to cyber fraud victims. So when you begin a procedure, what is the biggest or one roadblock you would like to talk about that you face while providing these legal remedies?
Khetan: There are two aspects to the roadblocks that we face. One is the victim, or the person with whom the fraud has occurred, or any kind of bullying has occurred, recalling and giving us the correct information of the sequence of events in which it has happened. Even before that, the bigger and more significant issue is the element of fear in the victim in giving such information because they feel that once they provide that information, they will be so susceptible to issues, such as how they will face society, what and what procedure they will have to undergo.
But it is not like that. We have a unified mechanism whereby there are systems and procedures in place through which we can help victims facing these problems.
Read Here | Stock market scams | ‘OMG’ tips to stay safe as fraudsters target retail investors
Q: If I talk about Maharashtra from January 2024 till November 2024, the amount of the fraud which has been reported is around ₹3,600 crore. That’s how big the amount is. But recovery is slightly over ₹350 crore, so why is the recovery rate so minuscule?
Jain: If you go to multiple conferences where many central government agencies report total cyber fraud in a country to a volume of ₹2,500 crore per year. And here, a state itself is alone, reporting more than ₹3,000 crore, so there is obviously an underreporting of crime across several agencies across several states. Whatever is reported, even in Maharashtra, one could safely assume the total amount of actual crime would be at least 10 times higher than this.
There are three challenges when it comes to the recovery amount. Despite this entire money flowing in the conventional banking ecosystem from one account to another, the money is already cashed out by the time you freeze the accounts or try to get the money. Then, it is converted into cryptocurrencies and taken out of India. So, using different channels of money laundering, the money is lost. So, recovering money which is once gone from your account, despite all the mechanisms of freezing the accounts, or level two, level three freezing, doing all sorts of forensic investigations, the chances of recovery are remote, and that is why you find that even though only 5% or 10% of recovery has been done, it is a great credit to the police officers who have been successfully able to do it.
So, the only cure for this problem is stringent KYC compliance in the banking and telecom ecosystem using biometrics. We should also not allow app-based accounts to be registered within the first 24 hours of activation of a SIM. So, one should not be able to create an email account, a WhatsApp account, or a different account, and we have written to RBI not to allow any OTP to come on a new mobile number for the first 24 hours. That will solve a multitude of problems of fake numbers, WhatsApp, or fake addresses sending phishing emails.
We should deploy AI to detect fraudulent transactions. For instance, a Jan Dhan account with a cumulative balance of ₹50,000 in 10 years suddenly has an inflow of ₹50-60 lakh, and the money is cashed out to the quantum of ₹30-40 lakh. So this is where I think technology should be deployed instead of sending you out the confirmation call of ₹5,000 transaction to the wealthy people. So, I think the AI has to be more democratised. The technology has to be deployed to protect the savings of even poor people, not only to worry about the savings of wealthy people who are spending on credit cards. So, I think prevention is the only cure for this problem.
For the full interview, watch the accompanying video.
