Jago Grahak Jago

Fraud Alert: Believing in Profile Photo Cost Rs28 Lakh; Loan App Menace Continues

A significant difference between the real-world and technology-enabled virtual world is that things are not what we expect or want them to be. Especially when you are on social media, not everyone you come across may be a real person and therein lies the big danger. The trust factor should be factored out in the virtual world, or each experience there will end up as a hard lesson. Consider this example of an official who transferred Rs29 lakh to someone who had used the profile photo of a company’s managing director (MD) on WhatsApp.

Believing in WhatsApp Profile Photo Cost Rs28 Lakh!

The cybercrime department of the Bengaluru police is searching for a person who posed as the managing director (MD) of a private company and hoodwinked its human resources (HR) manager into transferring Rs28.8 lakh online.

In his complaint, Nirmal Jain, who owns the company, has said that the fraudster sent a WhatsApp message to Thirupathi Rao, the HR manager, claiming to be Paras Jain, the MD.

“The WhatsApp profile contained the MD’s photograph and the message said that it was his personal number and that he was in a meeting and was not to be disturbed. The person then asked Mr Rao to transfer money to three bank accounts online on an emergency basis. Mr Rao carried out the instructions and transferred Rs28,89,807 to the private bank account numbers mentioned in the message. The fraud came to light when he informed the senior officials about the transactions,” says a report from The Hindu.

This incident raises many questions about whose money was transferred and the gullibility of the HR manager but highlights why profile photos posted on social media, and even WhatsApp numbers, may be fake. Ideally, if you receive threats or requests from unknown numbers,  you can report the person and block the number on WhatsApp.

We are relatively lucky in India that the deepfakes are not yet duping people in a serious way. Deepfakes use existing image or video and replace them with someone else’s likeness using artificial neural networks to create an alternative and unreal episode.

Deepfake audio, or even video, can be used for calling gullible users and requesting them to transfer funds, or to accompany strangers by faking an emergency. This is more like a sophisticated version of hacking into email accounts and seeking funds from friends and acquaintances of the user through ’emergency’ emails. (Read: How To Protect Your Digital Life in 2020, Especially from Deepfakes)

Calling an unknown sender can sometimes clarify things, but there is also a danger that you may be further duped by smooth talk. Being vigilant and verifying who you engage with is imperative.

Fake Chopper Ride for ‘Char Dham Yatra’!

Even as the tourism industry is trying hard to recover from the COVID-19 pandemic, scamsters are finding new opportunities to dupe travellers. Over a dozen people have been fooled by a fake website that offered a chopper ride for ‘Char Dham Yatra’ in Uttarakhand. In the past month alone, there have been five cases reported to Lucknow cyber cell and 10 at Uttar Pradesh (UP) cyber police.

According to one such victim, she paid Rs50,000 for a helicopter ride to the places of pilgrimage, but she and her family members were not allowed to board the copter in Dehradun. The tickets that she had ‘booked’ were fake! She had booked them from a person claiming to be an agent of Pawan Hans Ltd from Dehradun. The scamster took copies of the family’s Aadhaar, passport and COVID-19 vaccination certificates and collected Rs50,000 for the tickets. He then sent tickets for the helicopter ride on WhatsApp, but they turned out to be fake.

The important lesson here is not to use the services of an unknown third party without verification. And as far as the Char Dham Yatra is concerned, there is an authorised helicopter service provided by the tourism department.

Manipulation of International Calls Using Local SIMs

The Karnataka police have busted a gang with the arrest of its six members on charges of converting international calls from Middle-East countries to local calls, causing loss to the state exchequer.

The police have seized 16 SIM box devices, two trunk call devices for session initiation protocol (SIP), nine primary rate interface (PRI) devices, five laptops, six routers, and 205 BSNL SIM cards used to convert international calls into local calls.

SIP trunks are basically virtual phone lines that enable users to make and receive phone calls over the internet to anyone in the world with a phone number.

Without going into technical details, the worrying aspect of this fraud is the number of SIMs obtained and used by the gang. They bought BSNL SIM cards from UP, Madhya Pradesh, West Bengal and other states. With a copy of Aadhaar, it has become relatively easy to get a SIM card from a vendor. And when Aadhaar is used, know-your-customer (KYC) checks followed by the mobile service providers are minimal. Many fraudster gangs buy SIMs in bulk mostly using Aadhaar copies obtained from several paid sources. In most cases, people whose Aadhaar is used to buy the SIM are clueless and know about this only when the police reach their homes.

Remember Mumbai-based Ameya Dhapre and how his life has been turned upside-down ever since someone posted a copy of his Aadhaar on the web? Do read about it here Aadhaar Nightmares Coming True. How Ameya Dhapre Is Enduring ‘Living Hell’ with His Aadhaar: Report

Loan Apps Continue to Harass Borrowers

When the borrower uses a shortcut while borrowing money from lenders, it is bound to have consequences. It is best explained by the issues created by loan apps that provide the small loan in easy ways. However, the borrower often fails to note the higher interest rates and harassment that follows in case of even a single default in repayment. Loan apps access a borrower’s phone and siphon up contacts, photos, text messages, and even documents stored.

Mumbai police have put together a list of 100 loan apps and sent them for blocking to the Indian Computer Emergency Response Team (CERT-In), following a stream of complaints about digital lenders blackmailing borrowers.

A spokesperson of Google told Times of India (TOI) that they had reviewed hundreds of personal loan apps in India for compliance with the policy. “We recently introduced additional requirements for developers offering personal loans in India as facilitators requiring them to also prominently disclose the names of all partnered non-banking finance companies (NBFCs) and banks in the app’s description. This policy update was effective 11th May,” he told the newspaper.

However, there are complaints on social media about these loan apps sending messages and making threatening calls from overseas numbers. Some of the apps are blocked yet continue to harass defaulters.

One such user complained about receiving threatening calls and WhatsApp messages from a Sri Lankan number.

The lesson from these loan apps and harassment of borrowers on default is always to go to an entity regulated by the Reserve Bank of India (RBI), even if there may be a long process or time to obtain a loan. Source: moneylife