The Indian Cybercrime Coordination Centre has warned that Indians could lose more than ₹1.2 lakh crore over the next year to cyber fraud. The Home Ministry-affiliated department says that the quantum of losses could amount to 0.7% of GDP.
Speaking to CNBC-TV18, Ankur Puranik, Cyber Security Expert, and Ruzbeh Raja, Information Technology Consultant and Visiting Professor of Law at the University of Mumbai, shed light on how fraudsters exploit artificial intelligence to impersonate voices and deceive victims.
Edited Excerpts:
Q: We know the information is readily available. Our voice samples are readily available. It is these samples that the scamsters are using to actually dupe innocent people. What would be your piece of advice?
Puranik: We tend to put a lot of content on social media which is public and it is easily available to these cybercriminals. They can extract this audio, and that is exactly how they try to clone the voice. The bigger the audio clip, the more accuracy towards the voice. We normally take flights, and we put statuses on Facebook and social media – I am flying to so and so place. We are giving free information to cybercriminals that my phone is going to be switched off for the next one hour or two hours or, if it’s an international trip, maybe for four or 10 hours. And this is the exact thing that these cybercriminals take advantage of. They know your phone is going to be switched off. Even if your family members or friends are going to call you, you’re not going to be reachable. And this is exactly what they do, and they know when to do this. So we should try to restrict putting this information on social media. I know it feels good to tell people I am travelling abroad or whatsoever, but you’re putting yourself at a big risk.
Secondly, always educate your family about such things that if at all there is such a call received from my end, you can have a code word which only you and your family members know about So this code word can be exchanged to really make sure whether it is you or somebody else.
So, resources are many. It’s about how we protect ourselves. So it is about you and your family getting educated about this, everyone being educated about how this voice cloning works and making them aware and to have some protective means wherein you exchange some kind of code word before any transaction is processed.
Q: Your expertise is the legal aspect of cybercrime. So, when you deal with the victims of cyber fraud, how many cases? I’m just looking for an average figure. How many cases of voice cloning do you come across?
Raja: Right now, it’s very rampant. Out of about 10 cases related to phishing and cyber fraud recently, there have been 50% cases which were related to some sort of voice element in them, whether it was gaining confidence by impersonating a voice or changing the tone of voice or pretending to be some very important person or pretending to be the CEO of some company. So about 40 to 50% of newer cases relate to voice samples and voice element in the fraud.
Q: Speaking of legal remedies, I actually want to talk to you about that. A lot has been said, written, and covered about cyber fraud, but as far as legal remedies are concerned, what exactly can be done in order to first make the reporting process easier for victims and then secure a conviction if we get to make arrests?
Raja: So there are two aspects of reporting and taking any legal action. One is filing a police complaint, that is the criminal aspect, and the other is the actual recovery of money. If any money has been lost or if any damage has been done, any monetary compensation is required. So that falls under the civil aspect of the Information Technology Act. The Information Technology Act covers both these aspects, but people don’t know that the police and the investigation agencies will only help them to punish the criminals or the offenders. They won’t really help to get back the money unless that person voluntarily gives the money. For getting back your money, there is a separate procedure for claiming compensation and damages. That is under the civil aspect – Section 43 under the civil contraventions of the Information Technology Act.
Q: Have you observed a pattern here? Who do you think are the most vulnerable targets as far as these kinds of scams are concerned? Imagine if you’re getting a call from your loved ones and if there’s a sense of panic in their voice or they’re asking for immediate help. It is very obvious for anyone to fall prey to that. But have you observed a pattern? We have seen in scams like FedEx scam that women were targets or senior citizens were the most vulnerable lot. In this case, who do you think are the targets?
Puranik: They observe you, they observe the social media and they know exactly what kind of people sit with you, whom you interact with, what is your because they don’t want to end up entering into a call or a conversation where they are not well to do financially. So, somebody who can come under that emotional pressure. When it’s an actual call, they try to put that stress in the voice. So, at that time, your logical brain shuts down basically. When your logical brain shuts down – any person, it can be you, it can be me, you know, your logical brain is put to shut. So this is the psychological aspect of it, which I’m not too good at, but I know how it works. So, I know about what psychological games they play. So they try to put this part logical part of your brain to shut and then you or your family members tend to agree and accept to any terms and conditions.
They make your sound or your voice sound like you’re in distress, you’re in an emergency. So at that time you don’t think about anything whether I should do or not do. So of course they do target victims who are from a little well-to-do families who are being observed, college students, the young generation or the old people who are there, who can fall to this prey because they are not educated about all these things, you know. So, grandfathers and grandmothers fall prey to this more.
