Reporting a cybercrime within one hour of crime can prevent gullible citizens from losing money through financial frauds. One can call the number 1930 to report this issue for swift action. Citizens must also exercise caution and not share their one-time passwords (OTPs) or ATM pins with unknown people. Using tough passwords and changing them on a rotating basis could prevent such frauds.
The moment one sees an email from their bank with a similar-looking logo, they are urged to open the link- what if it is important? Beware, this could be a clear case of phishing mail. Most often, such emails push for panicked actions among customers. Customers, in the fear, click on those links and, in turn, become victims of cybercrime.
“When you do not know what a genuine or a malicious link is, it is always better to log on to the bank’s website or the establishment’s website and then execute the transaction through that site than clicking on the link which you are not sure of,” says Akhilesh Balasubramanian, member of the Executive Council (EC), Bangalore chapter of Information Systems Audit and Control Association (ISACA), that manages government-public alliance.
Senior citizens using online banking are easy and targeted prey for cybercriminals. For instance, senior citizens who think that the electricity connection could be disconnected if some transaction is not done by a particular time of the day; they become vulnerable victims. “A false sense of alarm is instilled by reinforcing the timeline. It all starts with I am sending a link, please click on this link. Never ever panic when you receive this,” says Akhilesh.
“Community people have to be vigilant. There is no other go. There will be more attacks when people are vulnerable,” he adds.
As people have migrated to digital banking, there are concerns about safety of their money in banks.
“You are always covered by insurance as an end user. Banks will always have some amount of insurance; it may vary from bank to bank. The Reserve Bank of India (RBI) has stricter norms which the banks are required to adhere to. There are periodic audits that get conducted to ensure that security controls prescribed by RBI are implemented. If there are gaps, banks are given some time to remediate those gaps”, says Akhilesh.
Having ‘tough to break’ passwords
Having complex passwords, second factor of authentication, ensuring that the passwords are not very predictable, is critical. For instance, people use their spouse’s or child’s names, which anyone can crack easily.
“Try and think of ways that you, as a person, wouldn’t identify yourself with something; that something becomes your password. Break the predictability aspect of it,” says Akhilesh.
The other aspect is not sharing pins. “If you share those details, your liability clause also gets diluted. If the pin is shared, and authorities find that out, then your case becomes very weak,” says Akhilesh.
It is a common practice among people to give ATM card to security guards, share their pin and then take out money. This is sharing the information with third party, according to the banks; in this case, banks cannot be held accountable. People can use password management tools (like password bolt). One needs to keep rotating the passwords on a regular interval.
“We need to take an informed decision while using password management tool. It will be important to look at reviews of these products from technical experts. You have to understand what are you signing up and look at the technical feedback on these aspects. End of the day, one should not falter on basics. When someone pressurizes that you need to act now, please do not,” says Akhilesh.
Dayananda B, Police Commissioner, Bangalore, at the 26th Annual Karnataka Conference on cybersecurity and digitization, talked about how a retired senior citizen was repeatedly asked to cough up insurance money. The citizen lost Rs 5 crore in this fraud.
One can report cybercrime before filing a First Information Report (FIR), he said.
Karnataka’s early steps to deal with rising cybercrimes became a classic case now adopted across India.
“Whenever a person becomes a victim to cyber threat, especially money, the first thing to be done is calling the number 1930, post which details of bank and other information, the type of crime are collected. After this, both the accounts, i.e., account holder’s and the account where the money is transferred, is frozen,” said Dayananda.
“Criminals have multiple accounts; they are more known as mule accounts. They move the money to multiple accounts across multiple locations and withdraw the money. Once the money is gone, you cannot do much,” he added.
Just like how in accident cases, we have to take the victim to hospital in one hour, the same rule applies here. If the crime is reported within the golden hour, actions can be taken, and money loss can be prevented.
“We have been able to recover a huge amount of money with the cooperation of the banks and return to the person who has lost the money,” said Dayananda.
In Bangalore city, cyber police stations are there in all divisions. “As these crimes are increasing, people can visit their nearest police station and register their complaints. They need not go to cybercrime stations anymore,” said Dayananda.