Bait, Hook & Catch Part 1: 10 Common Ways India’s Cybercriminals Cheat You

With the rise of digital India, cybercrimes have risen exponentially, writes Satyen K. Bordoloi. This three-part series surveys the 25 most common ways cybercriminals try to cheat you and what you can do to protect yourself. Remember these well, for they might save you millions.

2024 began horribly for some who became victims of cybercrimes: a Bengaluru resident lost ₹96,000 trying to order alcohol online for the new year, a Mumbai actress was swindled of ₹5.79 Lakh with a fake parcel of drugs, a trader in Rajkot lost ₹5 lakhs, while sextortion and dating scams over the end of the year will emerge later. People once dreaded bank robbers, burglars and highway bandits. Today, cybercriminals, scammers and fraudsters rob multiple times more and get caught less. Proof: since April 2021, over ₹10,300 crore was stolen in India by cybercriminals.

The exception has become a rule in a nation going digital in a hurry but where digital literacy, despite the ubiquitousness of devices and connectivity, is rare. Take these simple statistics from India’s digital town square, Bangalore. The city reported 6,422 cybercrime cases in 2021, 9,940 in 2022, and a whopping 17,623 cases in 2023 marking a rise of 77 per cent. And the number of cases police cracked: 1,271 i.e. a mere 7.2 percent.

As we highlighted in Sify previously, new cybercrime hotspots are exploding all over India and let me assure you, even as you are reading this there’s someone right now trying to figure out ways to target you. How do I know this? I am targeted multiple times every year and even as I write this, I’m engaging with one such fraudster on WhatsApp for fake money for likes scams just so I can take screenshots for this series of articles.

There are two ways to keep yourself safe. Knowing the common ways by which scammers target you and keeping good digital hygiene to keep yourself safe from it. In the first two parts, we will tell you the 25 most common ways you can be cheated of your money, identity and peace of mind. In the third, we’ll know how we can keep ourselves safe.

In this first part, we begin with what the government says are the ten most common ways cybercriminals in India target people. We start with the oldest and the three most common methods used in combination with many other types of scams.

PHISHING, VISHING, SMISHING:

20 years ago, a teenage coder in California set up a fake website that mimicked that of America Online. People gave credit card details and the teenager took out thousands of dollars from them. In 2004, this became the first ever phishing legal case in the world. Today, more phishers roam free than they get caught, especially in India.

Phishing is when you are contacted by email, phone or text by someone posing as an actual institution like a bank, a service provider, a close friend etc. to bait you into providing information that could lead to digital theft of money, data, identity, etc. The result could be financial loss, personal harassment, blackmail etc. This has three variants: when a website or email is used it’s called ‘phishing’, when done via voice call is ‘vishing’ i.e. voice phishing, and when SMS is used, it is ‘smishing’.

It may be the oldest, but it’s still one of the most common because it’s effective. Look into your email’s spam folder, and you’ll see many emails promising you abandoned cash from Africa or congratulating you for winning a lottery. On your phone, you have SMSes about loans, and on WhatsApp, about digital jobs you can do in your free time. These are all baits to hook you into traps.

Phishing is used in conjunction with many other methods of cybercrimes in India, e.g. ransomware and malware are installed via phishing of some form. However, considering our particular landscape, the following are the methods most utilized to scam Indians, as identified by the Indian Cybercrime Coordination Centre (I4C) in their annual press conference on January 3rd.

KYC FRAUDS:

35% of complaints received by the I4C were related to customer care numbers, refunds or KYC expiry scams. In this, cybercriminals pose as bank employees, customer care agents or authorised personnel to trick you into revealing crucial details in the name of updating KYC or processing some refund. These data can not only allow them to withdraw your money but also steal your identity. Secondly, these scammers can also trick you into installing malware into your device that intercepts OTPs so they can manipulate you and your data at will.

SEXTORTION SCAMS:

The second-highest complaint received by the I4C was for sextortion scams where the extortionists threatened to expose sexual content relating to a victim or some other sexual information and demand money in return. Previously, women were primary targets where ex-lovers threatened to release explicit photos or videos clicked with them for money or sex. Today, these have become more generic with even men complaining of receiving emails threatening to reveal their porn habits, sexual proclivities, betrayal of their spouses etc. Anything you may consider undesirable or shameful in society, they threaten to expose to your family, friends and work colleagues while asking for money to keep it a secret. What is most alarming is that with parents giving kids unsupervised digital devices, more and more extremely vulnerable children, teenagers and young adults are falling prey to sextortion scams with devastating consequences.

ONLINE BOOKING, FAKE FRANCHISEE, QR CODE SCAMS:

You see a QR code advertised online that promises you a great offer. You scan it but unknown to you, it installs malware on your phone. Or you wanted to book a restaurant for a family event. You surf online, find the place, pay and book it but when you arrive, the place is not there. Sometimes you get a great deal on a hotel for a holiday, but it isn’t there when you arrive, or it is substandard. These have also become all too common in India.

Cyber fraudsters keep finding new ways to scam people. The only way to beat the #cybercriminals is to #BeAlert & be aware. Please note that EMI Deferment does not require OTP sharing. Do not share your OTP. For details on EMI Deferment scheme, visit: https://t.co/wP3Xux99vI#SBI pic.twitter.com/2GZSHX3ONa

— State Bank of India (@TheOfficialSBI) April 5, 2020

An SBI ad warning customers of OTP fraud which is growing in India.

AADHAAR SCAMS:

Time and again intrepid reporters have unearthed vulnerabilities in Aadhaar only to face harassment by state or central agencies. But as per the I4C, 11% of complaints were linked to Aadhaar-Enabled Payment System (AePS) scams. AePS is a payment system where if your bank account is connected to Aadhaar, you can use it as an identity to access your account and use it for things like balance enquiry, cash withdrawal, remittances etc. Since doing this does not need SMS or OTP, scammers have siphoned people’s money by cloning their biometrics.

MALWARE:

8% of complaints received by the I4C were about malware. In any of the phishing emails, SMS or other messages, if you see a link disguised as a harmless download, or a pop-up ad tempting you to click, this could lead to malware being downloaded onto your laptop, phone or tablet. At times, scammers try to coax you on a call to do the same. These kinds of malware can be used to steal your data, hijack your system completely, hold files hostage for ransom or even spy on you. Pegasus was one such malware purportedly used by governments worldwide to spy on rebels and dissidents in their nations.

ILLEGAL LOAN APP SCAMS:

This is one of the most dangerous scams because this has led to deaths and suicides. These scams lure victims with easy qualification processes where all you need to do is download an app and supply a copy of your identity card. The interest rate is of course high, but during an emergency, you don’t think straight. However, once you take the loan, your nightmare starts. Not only can downloading the app install malware on your device where theft of your personal and financial data can take place, but if you don’t pay them at the stipulated time, they harass and blackmail you non-stop. In extreme cases, people have been asked to pay back three times the amount in just three days of the loan, leading to suicides. In 2021 six people have been reported to have committed suicide in Hyderabad itself due to such harassment.

BAIT AND SWITCH / FAKE ONLINE STORE OR SERVICE:

When the actual service centre of a water purifier said they had a backlog of service requests and couldn’t attend to him, a friend tried Google search for a solution. He got another number that offered the same service, only quicker. My friend fell for it only to realise the service he had got was not up to par, the parts not legit, and he ended up spending more time and money on it. Thus, anytime you are lured into attractive deals or offers, it could be cyber criminals baiting you by switching them with inferior products or services that have hidden fees or subscriptions where you lose more money than save.

These are the most common ways cybercriminals in India try to target you and me, as highlighted in the Indian Cybercrime Coordination Centre (I4C) press conference. However, there are many more ways which they talked about and some they didn’t. We’ll tackle them in the second part of the series.

In case you missed:

• Bait, Hook & Catch Part 2: 15 More Common Ways Cybercriminals Cheat You
• Bait, Hook & Catch Part 3: Digital Hygiene Habits to Protect You from Cybercriminals
• RBI’s e₹ – will the Digital Rupee transform or trammel India
• Landscape of Fraud: India’s Cybercrime Heatmap from Jamtara to Bharatpur via Surat
• Protecting Children & Teens from Pornography & Sexploitation via Mobile & AI
• One App to Rule Them All: The Phenomenal Rise of Super-Apps
• Part 2: The Truth about Aliens: Literal & Philosophical
• The ‘Unreal’ tomorrow of cinema
• The swap revolution supercharging India’s mobility
• Truth about aliens amidst us: literal & philosophical