Actual cybercrime requires similar attention

A few weeks ago the movie Kashmir Files received unprecedented publicity. State governments controlled by the Bharatiya Janata Party (BJP) have battled to grant it tax-exempt status; the Prime Minister (PM) and top political leaders spoke about it and special broadcasts were held all over India. This column is not about the controversy over the film, but about an interesting trick that was used to thwart piracy and illegal, free downloads of the film. Unknowingly, the police led the publicity effort by issuing warnings about the scam. The media, in turn, broadcast the warnings without verification.

The publicity trick involved a short, effective video that exploits the fear factor. It shows a girl being added to a WhatsApp group, apparently created to share and stream the latest movie downloads for free. On the list is the recently released Kashmir Files, then she is tempted and about to click on it when there is an incoming call. The caller is a clueless friend who tells her her phone was hacked when she clicked on a free download link for Kashmir Files and all the money was stolen from his bank account. Watch the video here:

Kashmir Files Warning

The message is wrong. Your bank account cannot be emptied just by uploading a pirated video. But, surprisingly, the police across India – from Haryana for Telengana— were either scammed or “persuaded” to tweet the video from their official IDs or issue warnings about this specific scam in statements to news agencies and the media.

Let’s examine this in detail. All cyber fraud is based on two emotions: fear and greed. There are many ways to induce fear: your account or credit card is blocked or will be blocked for late payment, not updating KYC (know your customer) data, because you were watching porn, etc. Either the scammers scare you into clicking on a link (which helps plant malware or direct you to a scam website where you end up sharing your bank account details) or trick you into calling a number where a smoothing scammer persuades you to part with information. Fear factor fraud works well with older people and those who are not very knowledgeable about apps and technology.

Far more successful fraud plays on people’s greed. There are tens of thousands of these scams happening simultaneously across the country and they are finding new victims every day with just a slight variation of their dodgy tricks to trick people. From job offers to foolproof business strategies, insurance fraud and even petty fraud dealing with fake helicopter reservations, alcohol delivery, free coupons, movie downloads and more. There is a website called The420 which is dedicated to warning people who want to watch before they are lured into these schemes. Despite warnings and thousands of media reports highlighting such fraud, greed is such an overwhelming emotion that it claims new victims every day and people have lost tens of thousands of rupees to fraud and Ponzi schemes.

the Kashmir Files Video

Since most Indians have little respect for intellectual property, downloads and circulation of pirated movies and pdf copies of books are routine and endemic. Most people don’t even understand how bad it is or the loss inflicted on producers and publishers by piracy. So using a video to stop people from downloading the movie was a very smart and effective strategy. However, the video projects a false idea for two reasons.

First, free download links can be used to install malware, but they cannot hack and instantly drain your bank account without some overt follow-up action on your part, such as sharing a password. Our banking system is not that fragile. Yet police all over India were happily issuing warnings to the media and posting the video on Twitter, along with the videographer’s hashtag. Who prompted the police to do this? Were they only pleasing their political masters by jumping on the Kashmir Files argue one way or the other?
Second, there are no victims. The policeman widely cited in media reports of this so-called fraud, admits it; but he glossed over alluding to the proliferation of cyberfraud in general. He is quoted as saying, “There hasn’t been a specific instance here yet in which the name of the film has been used, but there are entries regarding such a methodology used by scammers to hack into people’s phones or cheat them out of money.”
It then goes without mentioning that three people who have been duped out of Rs30 lakh recently but not by this. Somehow the number finds its way into the title and is quickly misrepresented by other content generators to claim that people lost Rs30 lakh downloading this particular movie. One site even claims that there are 30 lakh fake links of the film that is running!!
Popular movies and TV shows are, indeed, targeted by cyber criminals to develop scams. But they usually plant malware to access data or trick people into parting with information in exchange for the free download. In June 2020, McAfee, the antivirus company, released a list of 10 movies and TV shows that were (How entertaining at home became a risky business) used by cybercriminals to plant malware. This was immediately after global lockdowns forced people to stay home in the early days of the COVID pandemic. Even McAfee does not say that clicking on the links emptied bank accounts. In fact, the article seems more about marketing McAfee Total Protection and McAfee Webadvisor than warning about scams.

If a much-talked-about video raises awareness and deters people from their occasional support for piracy, that’s a welcome development. But wouldn’t it be nice if the police showed a similar eagerness to warn of other cybercrimes and work harder to arrest at least those controlled by foreign entities and laundering money out of the internet? ‘India ?

There isn’t a day when people don’t receive WhatsApp messages promising easy money through games, exchanges, work-from-home offers and freebies. In most cases, you are asked to deposit money to participate in the program and in the first few days you are enticed to part with it by showing the results. It’s typical modus operandi of a Ponzi or pyramid scheme. The money lost amounts to thousands of crores of rupees.

Ashish (name changed), who lost Rs2 lakh from a part-time job scam, launched his own personal investigation which revealed that the scam where he lost money was operating from Hong Kong and China. Those communicating with him used Google Translate to communicate with the victims, via Indian WhatsApp numbers, which he says were hacked.

An Indian number gives access to potential victims here; but moving money out of India requires a much more organized effort. Money collected from victims is deposited in bank accounts, routed through financial mules (people who allow their bank account to be used to funnel funds) and transferred to shell companies before they can be transferred to the stranger. Tech-savvy Ashish tracked the funds to several front companies with accounts and UPI credentials with major Indian banks. Considering the onerous documentation for a legitimate business to get a new bank account these days, one has to wonder how thousands of cybercriminals have no problem opening and closing routing accounts.

All of this is the domain of the Ministry of Corporate Affairs, the police, the Directorate of Tax Intelligence (DRI) and the hyperactive Directorate of Enforcement (ED). And, unlike corporate money laundering, cybercriminals are openly active on YouTube, tricking influencers into posting dozens of videos luring people in with the promise of quick riches.

Yet, with the exception of the work done by the Telangana Police under the former Supplementary Police Director General, VC Sajjanar, there has rarely been seen concerted action by the police to crack down on cybercrime in a way sufficient to make them shut up for a while. If a false alarmist anti-piracy message could have such an effect, victims of other scams surely have the right to expect more from Indian investigative agencies and the police! Not everyone can come up with a clever trick to prevent hacking!



Source link

Comments are closed.