Ignorance about the risks in digital transactions is playing a major role in the surge in digital frauds.
by Sajjad Bazaz
The Covid-19 pandemic has transformed the way people now take care of their health. Today we observe a dramatic change in their behavior to thwart another onslaught of the virus. To put it simply, people are observing healthcare precautions such as use of face masks, social distancing and frequent hand-washing to neutralize the impact of the virus.
However, there is another viral danger which has already enveloped the people at large scale and they need to combat it too. Despite being an extreme health emergency, the Covid-19 adversely impacted the global economy never seen before in the past one century. The pandemic-induced lockdowns forced people to remain indoors for months together and brought down the engine of economic activities to a grinding halt. Among other things, it prevented physical financial transactions and forced people to bank upon digital transactions. We saw millions of consumers first time boarding the online digital platforms to conduct their routine financial transactions. Of course, this transition of consumers from physical to digital medium falls in line with the country’s objective of Digital India mission, but at the same time, it has provided a green pasture to cyber criminals to graze upon and commit financial frauds. In fact, this is the reason for a massive surge in cybercrimes where gullible consumers have been defrauded through various modes such as malicious website domains, phishing, vishing, malware attacks etc.
In other words, identity theft, hacks, the data breaches, SIM swaps, vishing/phishing links, lottery, etc., including fake loan websites and digital apps are part of our new normal.
Cybercrime is nothing new. But the intensity and virulence of cybercrime during the past two years should be a wake-up call for all of us. While we go to great lengths to protect our physical health from the Corona virus, we can’t afford to neglect digital health by ignoring the risks and dangers of today’s threats.
To be precise, cybercrime is an invisible virus and has not only flourished but is also spreading rapidly amid chaos and uncertainty unleashed by the two years of pandemic. Notably, ignorance about the risks in digital transactions is playing a major role in the surge in digital frauds. So, the problem is that too few people are aware of just how vulnerable they are to its spread. And that is more alarming.
Since, Covid-induced lockdowns pushed the volume of digital transactions to unprecedented heights, which, of course, improved the ease of doing financial transactions, the cyber criminals simultaneously worked (and continue to work) to find new ways to swindle the gullible bank customers of their monies. Fraudsters have been innovating new mechanisms to not only commit financial frauds but also get the gullible public entangled into the legal trap, mostly unwittingly, as part of the crime.
Some time back, three Indian students in Singapore were sentenced to prison for participating in a transnational money mule syndicate that was perpetrating ‘tech support scams’. The trio, according to media reports quoting Singapore police officials, received cash in their bank accounts on behalf of the fraudsters. Later they used to transfer the amount to the fraudsters. Precisely, they were involved in a money laundering scheme in which participants were allowed access to their bank accounts to receive cash. They had allowed their bank accounts to be used against 2% commission of the monies received.
It’s not only in foreign transactions that money mules operate, the menace is rampant within the country where account holders are getting money deposited in their accounts through unknown persons (fraudsters). Later the account holders are approached by the fraudsters to seek withdrawal of the money. In majority of such cases, the account holders are not paid any commission, but are threatened of consequences, even police action for money laundering, if the account holder refuses to handover the money.
The unprecedented exponential growth of digital transactions during the Covid-19 pandemic has been a blessing for the cyber criminals. Millions of new users, who were not having even an iota of understanding about the world of internet, boarded the digital platforms to conduct electronic transactions. The fraudsters left no stone unturned to defraud these newbies.
Today we witness a massive surge in cyber frauds. A report by Deloitte India says banking frauds in India are set to increase in the next two years. Deloitte India conducted the study through compliance officers and senior management of 70 banks of all types and 78 per cent of the banks believe that banking fraud will increase in the next two years.
The rising cyber frauds in the banking sector, whether due to customers’ own negligence or banks’ carelessness, has a direct bearing on the reputation of the banks. Notably, a fraud committed through a bank account immediately hits the customer’s confidence and this invokes not only reputational risk but also operational risk and business risk for the banks.
Since banks cannot afford to stop their customers from using digital channels for conducting their financial transactions, the only way for them is to put in place a sound cyber security system so that fraudsters are unable to penetrate into the customers’ accounts.
In other words, the banks and financial institutions have a prime responsibility of creating appropriate tailor-made defence mechanisms against acts of cybercrime. An expert in the fight against cybercrime stresses the need for business organizations like banks to conduct regular threat analyses and positions its defences accordingly. The reports can be used to build increased awareness about risk factors not only among the staff but also among the public.
However, at the same time, the bank customers have to understand that the safety of digital transactions lies in their own hands. Before boarding the digital platform and conducting electronic transactions, they need to understand the security aspect of such transactions. The basic rule for them is not to share their account details such as password, PIN etc. with any person, even with their bank officials. A bank never asks its customers to share PIN or password.
Meanwhile, in view of the growing menace of cyber criminals, the RBI’s booklet BE(A)WARE has highlighted the common modus operandi used by fraudsters and precautions to be taken while carrying out various financial transactions. The booklet among other things elaborates on safeguards against commonly used fraudulent techniques, such as, SIM swaps, vishing/phishing links, lottery, etc., including fake loan websites and digital apps.
One of the interesting techniques of committing frauds is money mules.
A money mule is someone who transfers or moves illegally acquired money on behalf of someone else. Actually, the cyber criminals use the bank account of account holders to transfer ill-gotten money to remain unidentified. In other words, these gullible account holders are money mules which help the criminals to remain untraced for the crime victims and criminals, as it becomes harder for police or any investigating agency to accurately trace the money trails. A person can become a money mule willingly against some profit. However, it has been observed that most of the money mules are unaware about the crime till the fraudsters get trapped.
So think, if you are moving money at the behest of some other person, you may be serving as a money mule.
The modus operandi adopted by the cyber criminals to take money mules on board in their criminal acts is explained thus: 1)Fraudsters contact customers via emails, social media, etc., and convince them to receive money into their bank accounts (money mule), in exchange for attractive commissions.
2) The money mule is then directed to transfer the money to another money mule’s account, starting a chain that ultimately results in the money getting transferred to the fraudster’s account.
3) Alternatively, the fraudster may direct the money mule to withdraw cash and hand it over to someone.
4) When such frauds are reported, the money mule becomes the target of police investigation for money laundering.
How can a bank account holder protect himself? The basic thing is not to share the details of your bank account, especially to a stranger. There is every possibility that you may be lured to share the account details, but don’t succumb to the greed.
Following precautions, listed by the apex bank in its recent booklet, need to be noted if you don’t want to get trapped as a money mule:
1) Do not allow others to use your account to receive or transfer money for a fee / payment.
2)Do not respond to emails asking for your bank account details.
3) Do not get carried away by attractive offers / commissions and give consent to receive unauthorised money or withdraw cash and give it out for a handsome fee.
Remember, It is illegal to be a money mule and it warrants punishment. Even if you aren’t aware of being used as a money mule, you would be held responsible for a crime.
Sajjad Bazaz heads Internal Communication & Knowledge management Department of Jammu & Kashmir Bank Ltd. The views expressed are his own and, not the institution he works for.