“Haryana Police recently uncovered a phishing racket that had accessed more than 300 bank accounts from various nationalized and private banks across several states. This incident brings into sharp focus the increasing prevalence and sophistication of methods used for online monetary fraud in India.
Detailed Overview of the Phishing Racket
The primary tools utilized by the fraudsters were Phishing and e-SIMs. Phishing is a form of cybercrime where targets are contacted via email, telephone, or text message by individuals posing as legitimate institutions. The aim is to lure these individuals into sharing sensitive data, such as personally identifiable information, banking and credit card details, and passwords.
In this case, the cybercriminals also made use of e-SIMs – Subscriber Identification Modules embedded directly into phones. Unlike physical SIM cards, e-SIMS cannot be removed. They offer users the ability to switch service providers effortlessly and allow for multiple networks and numbers to be stored on a single e-SIM.
The State of Online Monetary Fraud in India
As per data provided by the Reserve Bank of India (RBI), in the fiscal year 2019-20, there were 2,678 card and internet-related fraud cases reported, amounting to Rs. 195 crores. This figure indicates a worrying trend as it represents more than double the value of such frauds reported in the previous fiscal year. In the ongoing fiscal year 2020-21, there have already been 530 fraudulent transactions involving debit and credit cards reported between April and June alone, largely involving internet-based techniques like phishing.
Steps Taken Towards Enhancing Cybersafety Awareness
In light of this, the RBI has undertaken several measures to enhance cybersafety awareness amongst the population. These include the implementation of Electronic Banking Awareness And Training (e-BAAT) programmes and organising campaigns focused on the safe usage of digital payment modes. The campaigns urge the public not to share sensitive personal information like PIN, OTP, and passwords.
Furthermore, the RBI has instructed all banks and authorized payment system operators to run targeted multi-lingual campaigns. These campaigns, disseminated through SMS, advertisements in print and visual media, aim to educate users about the secure use of digital payments.
The Computer Emergency Response Team (CERT-in) acts as the primary agency coordinating all cybersecurity efforts, emergency responses, and crisis management in the face of such online threats.”
