A few weeks ago the movie Kashmir Files received unprecedented publicity. State governments controlled by the Bharatiya Janata Party (BJP) have battled to grant it tax-exempt status; the Prime Minister (PM) and top political leaders spoke about it and special broadcasts were held all over India. This column is not about the controversy over the film, but about an interesting trick that was used to thwart piracy and illegal, free downloads of the film. Unknowingly, the police led the publicity effort by issuing warnings about the scam. The media, in turn, broadcast the warnings without verification.
The publicity trick involved a short, effective video that exploits the fear factor. It shows a girl being added to a WhatsApp group, apparently created to share and stream the latest movie downloads for free. On the list is the recently released Kashmir Files, then she is tempted and about to click on it when there is an incoming call. The caller is a clueless friend who tells her her phone was hacked when she clicked on a free download link for Kashmir Files and all the money was stolen from his bank account. Watch the video here:
Kashmir Files Warning
Let’s examine this in detail. All cyber fraud is based on two emotions: fear and greed. There are many ways to induce fear: your account or credit card is blocked or will be blocked for late payment, not updating KYC (know your customer) data, because you were watching porn, etc. Either the scammers scare you into clicking on a link (which helps plant malware or direct you to a scam website where you end up sharing your bank account details) or trick you into calling a number where a smoothing scammer persuades you to part with information. Fear factor fraud works well with older people and those who are not very knowledgeable about apps and technology.
the Kashmir Files Video
Since most Indians have little respect for intellectual property, downloads and circulation of pirated movies and pdf copies of books are routine and endemic. Most people don’t even understand how bad it is or the loss inflicted on producers and publishers by piracy. So using a video to stop people from downloading the movie was a very smart and effective strategy. However, the video projects a false idea for two reasons.
First, free download links can be used to install malware, but they cannot hack and instantly drain your bank account without some overt follow-up action on your part, such as sharing a password. Our banking system is not that fragile. Yet police all over India were happily issuing warnings to the media and posting the video on Twitter, along with the videographer’s hashtag. Who prompted the police to do this? Were they only pleasing their political masters by jumping on the Kashmir Files argue one way or the other? If a much-talked-about video raises awareness and deters people from their occasional support for piracy, that’s a welcome development. But wouldn’t it be nice if the police showed a similar eagerness to warn of other cybercrimes and work harder to arrest at least those controlled by foreign entities and laundering money out of the internet? ‘India ?
There isn’t a day when people don’t receive WhatsApp messages promising easy money through games, exchanges, work-from-home offers and freebies. In most cases, you are asked to deposit money to participate in the program and in the first few days you are enticed to part with it by showing the results. It’s typical modus operandi of a Ponzi or pyramid scheme. The money lost amounts to thousands of crores of rupees.
Ashish (name changed), who lost Rs2 lakh from a part-time job scam, launched his own personal investigation which revealed that the scam where he lost money was operating from Hong Kong and China. Those communicating with him used Google Translate to communicate with the victims, via Indian WhatsApp numbers, which he says were hacked.
An Indian number gives access to potential victims here; but moving money out of India requires a much more organized effort. Money collected from victims is deposited in bank accounts, routed through financial mules (people who allow their bank account to be used to funnel funds) and transferred to shell companies before they can be transferred to the stranger. Tech-savvy Ashish tracked the funds to several front companies with accounts and UPI credentials with major Indian banks. Considering the onerous documentation for a legitimate business to get a new bank account these days, one has to wonder how thousands of cybercriminals have no problem opening and closing routing accounts.
All of this is the domain of the Ministry of Corporate Affairs, the police, the Directorate of Tax Intelligence (DRI) and the hyperactive Directorate of Enforcement (ED). And, unlike corporate money laundering, cybercriminals are openly active on YouTube, tricking influencers into posting dozens of videos luring people in with the promise of quick riches.
Yet, with the exception of the work done by the Telangana Police under the former Supplementary Police Director General, VC Sajjanar, there has rarely been seen concerted action by the police to crack down on cybercrime in a way sufficient to make them shut up for a while. If a false alarmist anti-piracy message could have such an effect, victims of other scams surely have the right to expect more from Indian investigative agencies and the police! Not everyone can come up with a clever trick to prevent hacking!
Comments are closed.