Dhruv Chawla, Partner, Forensic Services, PwC India
Over the last few years, the battle between netizens and fraudsters has been getting progressively vigorous. With fraudsters becoming more brazen, the quantum of fraud loss in just public sector banks in India touched 1.69 billion USD (11,000 crore INR) between April and December 2014 (The Economic Times, 2015) and the number of cybercrime cases rose by over 350% from 2010–2013 (Hindustan Times, 2015).
What cautions do people need to take under the circumstances, and what exactly is causing these huge fraud losses? What is it about cyber frauds that is so alarming?
Credit/debit card data theft is one of the prime sources of financial fraud. It began with high-tech devices that could replicate data stored on the magnetic strip of credit/debit cards and reproduce the same onto a cloned card. Although this vulnerability was addressed with the release of ‘chip and PIN’ cards, e-wallets (such as Paytm and Citrus Pay) and near field communication enabled cards, fraudsters have evolved as well. They have become more sophisticated and innovative in the means they use to obtain sensitive/confidential information. Fake panels or skimmers that are installed at ATMs to gather card details and drone-based surveillance cameras hovering above ATM kiosks are among the common new cyber theft technologies.
Nigerian scams still account for the highest share of online scams in India. What prompts a person to believe he or she has been lucky enough to win 750,000 USD (4.8 crore INR) in a random international lottery in which he or she didn’t even participate? Scammers have started to develop more enticing sales pitches, luring us into paying them ‘service fees’ in order to facilitate the processing of our fantastic lottery winnings.
Phishing is the next most rampant form of fraud in India. Contemporary phishing via emails has advanced to a form of tele-phishing called vishing. People are coaxed into divulging their credit card details over the phone, mistakenly believing that caller ID protects them against malicious callers.
Content and software piracy is another common form of cyber fraud. In 2014, India made it to an International Piracy Watch List, highlighting the need for efforts to curb piracy in India (TheHindu, 2014). The value of unlicensed software (resulting in massive losses for American developers) being circulated soared to nearly 2.9 billion USD (18,000 crore INR) (BSA, 2014).
And these statistics are just the tip of the iceberg! If research is to be trusted, the imminent advancements in cybercrime are nothing short of terrifying!
Net extortion by anonymous groups, for example, has now become a common follow-up to intellectual property theft. Also known as cyber blackmail, in such cases, hackers threaten to expose intellectual property (e.g. the case of Sony Pictures Entertainment in November 2014) or private images/videos (e.g. the iCloud hack in August 2014 wherein data of high-profile celebrities was leaked) to the public unless certain demands (usually financial) are met. Denial of service attacks that cripple cyber systems seem passé in comparison with ransomware which encrypts intellectual property until ransoms are paid out.
Very recently, the ‘Amazon of insider trading’ was created to sell trade secrets and market-sensitive information to the highest bidders. Although there were no ransom demands from hackers who illicitly obtained this information, the ramifications for information security were immense and authorities were left mind-boggled (Sydney Morning Herald, 2015).
Further, with the surge in black hat hackers and dark web networks indulging in gambling, black market activity, drug trafficking, counterfeiting, and distribution of weapons and pornographic content, the social and economic ripples are enormous.
But what does this mean for netizens?
It is now essential for us to ‘think before typing’ and invest in perimeter protection (at an individual and corporate level). It is not only imperative for businesses and people to protect their assets (intellectual property and physical resources) but also to encrypt data to whatever extent possible. Periodic information security audits and near real-time threat and vulnerability monitoring are a good form of defence for big firms. Additionally, encrypted private cloud-based storage can be developed to promote off-site data housing.
The repercussions of being too trusting of online enchanters are too severe to ignore. Cyber fraud is now ubiquitous—laptops, tablets and mobile phones are all vulnerable. Although the propagation of bring your own device (BYOD) in firms across the world makes employees’ data as susceptible to cyber fraud as that of the employer, it indirectly provides an incentive to employees to safeguard against fraud. Needless to say, awareness is key.
With contributions from Sachin Yadav, Associate Director, Forensic Services, and Rahul Vallicha, Consultant, Forensic Services