Phishing Fraud: Wake Up Call – For Victims & RBI

Anyone can fall victim to cybercrime. Nidhi Razdan’s phishing fraud that probably cost her not just a job but her hard work spanning more than two decades, is unfortunately one amongst many.

When such frauds happen to well-known personalities however, it creates better awareness for others to learn from and hopefully better protect themselves. Hope alone cannot however be sufficient to deter crimes – it is important for law enforcement and regulators such as the Reserve Bank of India (“RBI”) to ensure deterrence. 

Given the increased incidents of cybercrimes and financial frauds, there has also been increased intensity in awareness programs. Cybersaathi.org in fact itself is a creation of such contingency or requirement i.e., to ensure awareness about cyber threats amongst users, help them understand their rights and more importantly know how to avail of remedies. Significantly, apart from these, the strongest message that Cyber Saathi addresses, is to warn and deter criminals from committing crimes through awareness of crimes and the assurance that they can be traced and cannot escape the long arm of the law. Phishing Fraud

Read More Stories from Online Safety with NS Nappinai here.

Prompt police action in the loan-app scam including freezing of accounts with the ill-gotten gains lends support to this message. Every single financial fraud leaves a money trail and it is this trail that police attempt to follow to catch criminals. This has proven right for cybercrimes too, as the recent ‘loan app scams’ have demonstrated.

Investigation reports point to mind-boggling numbers – 1.4 CRORE transactions involving 21,000 CRORES! (One crore equals 10 million). All this in a short timespan and after many died by suicides and well after police investigations started, RBI has entered the fray with a Working Group being formed to regulate digital lending).  

The loan app scams were probably one of the boldest yet from the cyber-criminal stable. Not only are fake apps set up, which take approvals to camera, phone contacts etc., but an ingenuous scam of loans without much paperwork being the carrot is dangled for measly 7-day loans with interest amounts nearly equaling the loan amount for such short periods. Everything appears legit with ‘legal notices’ being issued and completely underhand tactics being resorted to including according to news reports, abuse of such access to phone contacts and photos, of defamation, vilification, maligning of the borrowers and even circulation of morphed pictures. Here is one response of how data sharing can be abused, to those who believe that there is no problem sharing data if you have nothing to hide.

Preaching to the Victims

Awareness messages, which appear to literally rub salt into victims’ wounds, preach to victims on how to stay safe, whilst the agile criminal moves onto more evolved methodologies for committing crimes. Yes – victims have to be careful. They cannot look for shortcuts. There are no freebies in this world. No free loans. No easy loans. No waiver of interests. No easy employment opportunities from home. They do indeed have to stop indulging fantasies. But the regulator’s job does not stop with warning or blaming the victims. The regulator is expected to prevent and protect against such scams and provide mechanisms for punitive action against criminals.  Phishing Fraud

RBI Needs to Act – AND NOW!

There seems to be despondency whenever there are reports of cybercrimes of the financial kinds, be it lottery scams, inheritance scams, employment scams and now loan scams. The criminals may be from other jurisdictions being one of the oft quoted reasons for law enforcement being ineffective. Whatever the reason for not prosecuting criminals, victims of financial crimes seek one remedy for sure – recovery of their monies lost. 

This remedy is best met through effective use of banking channels. Every scam case refers to misuse of ‘Know Your Customer’ (‘KYC’) paperwork and / or misuse of service providers such as telecom services for fake bulk SMS. Every scam investigation also attributes abuse of online / social media / app store platforms, as the means for extensive public outreach by criminals. Each of these are regulated domains (including to some extent social media), where such regulation is expected to not only ensure compliance but also protection. Yet, every investigation speaks of the inability to apprehend even habitual offenders due to fake documents being used for KYC.

RBI makes all banking and payment systems responsible for KYC compliance but such responsibility does not extend to liability being imposed on them. When victims who unknowingly share passwords could be held liable it would appear apposite to also hold banks and service providers liable for breach of compliance norms. Similarly, regulatory mechanisms ought to evolve with respect to liability of app stores<1> and online platforms. These proactive measures will not only alleviate the travails of victims but will also buttress the efforts of law enforcement agencies to trace and apprehend culprits.

Awareness initiatives cannot only focus on ‘dos and don’ts' for victims. It is more important for victims to be made aware of their rights and the remedies in law if their rights are breached. For instance, it is imperative that banks are made to create awareness of the RBI circulars on liability and the mandatory requirement for banks to receive complaints of phishing scams immediately. Banks ought to have multiple options for easy registration of such complaints and immediate action. Customers ought to receive their recompense / remedies without having to pursue litigation and even in such instances there ought to be sufficient clarity on the options for them to avail remedies. Such and other proactive measures are an urgent need of the hour if the Digital India projection including for digital payment mechanisms is to function effectively without victimizing hapless users. Phishing Fraud

*****

The writer is an Advocate, Supreme Court of India & Founder – Cyber Saathi Foundation. This column in collaboration with SheThePeople.TV takes forward the Cyber Saathi initiative to empower victims through knowledge of threats and vulnerabilities on electronic domains and remedies to combat them through laws and remedies. This monthly column will be published on the first Friday of the month. The views expressed are the author's own.

<1> Refer for a more detailed analysis on liability of App Stores for malicious and fake apps: Nappinai N. S. (2017). Technology Laws Decoded. LexisNexis (https://lexisnexis.in/Technology-Laws-Decoded)