Cyber Crime Awareness Program

Expert Profile

Rakshit Tandon, a cyber security evangelist has experience of more than a decade in the cyber security domain. He is the founder and director of HackDev Technology Pvt Ltd. He is a cyber security consultant to the internet and mobile association of India. Marked as resource person/visiting faculty for cybercrime investigations at BPRD for training law enforcement officers across the country, he is the chairman of India against child abuse. A nation outreach program by justice Mohan children university and NCSSS. He has played an important role in contributing to child online protection in India reported by UNICEF. Speaker at “Talks at Google”, “TEDx Talks” has been a non-European expert at European commission on safer internet in 2010. Awarded with Karam veer Jyoti Puruskar 2019, Gurugram achiever awards 2019, SKOTCH GOLD Governance award to Gurugram police for cyber security summer internship 2019, and also awarded with Karamveer chakra by Rex conclave 2015 and 2016 with gold Karamveer chakra. Also awarded the cyber guru of the year award in 2015 by the government of Maharashtra and global cybercrime helpline award in December 2018. As an expert in cybercrime investigations/forensics and digital Footprinting working as faculty to major police academies across the country like CBI academy, NIA, NEPA, etc. along with that he has been initiated and chaired numerous cyber awareness campaigns and connected with about 2.5 million students to educate them in this regard.

Foreground

The Surakshit Bharat Campaign was organized on 15th August 2021 with a really thought-provoking session entitled "Cyber Surakshit with Rakshit" and as the title, the session was all about the protection and preventive measure that we can take and can imply to protect ourselves in cyberspace from the futuristic and influential work of Mr. Rakshit Tandon Sir.  So let's see how interesting and needful this talk was.

Cyber Crime

Cybercrime is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may harm someone's security and financial health. cybercrime, also called computer crime, is the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government.

Types of Cyber Crime

Cybercrime ranges across a spectrum of activities. At one end are crimes that involve fundamental breaches of personal or corporate privacy, such as assaults on the integrity of information held in digital depositories and the use of illegally obtained digital information to blackmail a firm or individual. Also at this end of the spectrum is the growing crime of identity theft. Midway along the spectrum lie transaction-based crimes such as fraud, trafficking in child pornography, digital piracy, money laundering, and counterfeiting. These are specific crimes with specific victims, but the criminal hides in the relative anonymity provided by the Internet. Another part of this type of crime involves individuals within corporations or government bureaucracies deliberately altering data for either profit or political objectives. At the other end of the spectrum are those crimes that involve attempts to disrupt the actual workings of the Internet. These range from spam, hacking, and denial of service attacks against specific sites to acts of cyberterrorism—that is, the use of the Internet to cause public disturbances and even death. Cyberterrorism focuses upon the use of the Internet by non-state actors to affect a nation’s economic and technological infrastructure.

Cyber-Crime in India

The main category of cybercrime in India:

1. Social Media Crime

More and more people, regardless of age and gender, are signing up for profiles on online social networks for connecting with each other in this virtual world. Some have hundreds or thousands of friends and followers spread across multiple profiles. But at the same time, there is the proliferation of fake profiles also. Fake profiles often spam legitimate users, posting inappropriate or illegal content. Fake profiles are also created while misrepresenting some known person to cause harassment to him/her.

The most common targeted websites/apps for creating ‘Fake Profiles’ are as under:

1. Facebook
2. Instagram
3. Twitter
4. LinkedIn

Below are the common crimes being committed on or as a result of Social Media

• Online Threats, Stalking, Cyber Bullying

The most commonly reported and seen crimes that occur on social media involve people making threats, bullying, harassing, and stalking others online. While much of this type of activity goes unpunished or isn't taken seriously, victims of these types of crimes frequently don't know when to call the police. If you feel threatened by a statement made online about you, or believe that the threat is credible, it's probably a good idea to consider calling the police.

• Hacking and Fraud

Although logging into a friend's social media account to post an embarrassing status message may be acceptable between friends, but technically, can be a serious crime. Additionally, creating fake accounts, or impersonation accounts, to trick people (as opposed to just remaining anonymous), can also be punished as fraud depending on the actions the fake/impersonation account holder takes.

• Buying Illegal Things

Connecting over social media to make business connections, or to buy legal goods or services may be perfectly legitimate. However, connecting over social media to buy drugs, or other regulated, controlled or banned products is probably illegal.

• Vacation Robberies

Sadly, one common practice among burglars is to use social media to discover when a potential victim is on vacation. If your vacation status updates are publicly viewable, rather than restricted to friend groups, then potential burglars can easily see when you are going to be away for an extended period of time.

• Creation of fake profile

Creation of fake profile of a person and posting offensive content including morphed photographs on the fake profile

• Fake Online Friendship

Developing online friendship over social media (with no real-life familiarity and using the emotional connect to trick you into transferring funds on some pretext such as medical emergency, legal troubles, problems in a foreign country, etc.

Preventive Measures/Precautions

• Block profiles from public searches.
• Restrict who can find you via online search
• Limit what people can learn about you through searching on net.
• Log out after each session.
• Don’t share social media credentials.
• Don’t accept friend requests from unknowns.
• Don’t click suspicious links.
• Keep the privacy settings of your social media profile at the most restricted levels, especially. for public/others
• Remember that information scattered over multiple posts, photographs, status, comments, etc. may together reveal enough about you to enable a fraudster to steal your identity and defraud you. So, apply maximum caution while sharing anything online.

2. Financial Fraud Cybercrime:

Cybercrime in finance is the act of obtaining financial gain through profit-driven criminal activity, including identity fraud, ransomware attacks, email and internet fraud, and attempts to steal financial accounts, credit cards, or other payment card information.

In other words, Financial cybercrime includes activities such as stealing payment card information, gaining access to financial accounts in order to initiate unauthorized transactions, extortion, identity fraud in order to apply for financial products, and so on.

What are the Types of Attacks Motivated by Financial Gains?

We have all received the well-known email where some Nigerian prince has died and their barrister is now contacting you, the sole heir, in order to send over a load of cash to you. 

It’s just one tiny little hiccup to receive the payment, you need to do a money transfer through the Western union for some strange and obscure reason you might not fully grasp and then you’re out on a slippery slope. Sounds familiar? We all know the story, but the plots have become more advanced.

Various social engineering techniques are most often used in order to manipulate victims into providing confidential information. This can be everything from fake emails supposedly sent by Netflix asking you to pay your subscription invoice, to illegitimate replica emails pretending to be from Paypal or iTunes informing you of your monthly invoice–trying to get you to click on a fraudulent link. 

Other well-known scams are Bitcoin scams or love scams, where people are targeted through fake profiles on dating sites or popular social media sites to strike up relationships, leading to the scammer asking for money transactions exploiting the victim’s feelings.

How to Prevent Financial Cybercrimes?

Financial fraud can cause you to lose the hard-earned savings that you have accrued. Understanding how to protect your savings and assets is part of good money management. To shield yourself from financial harm, here are 5 tips that you should know.

• Protect Your Personal Information

Your fortune is closely linked to your User IDs, passwords and PIN numbers. This information allows you to access money and assets from your banks and investments. Keep all such information confidential and safe, and update your passwords and PIN numbers periodically. Don’t disclose your personal information to anyone. Your financial providers such as banks and brokerages, or the police will never contact you to disclose your passwords and PIN numbers.

• Online Security

With the rise of online banking, trading and transactions, the internet becomes a popular ground for fraudsters to trawl for victims. Fraudulent websites and fictitious emails are common tricks used to get information about you. Your own online practices play a significant role in minimizing the risks of financial scams. Ensure you have the latest operating system and browser installed, and protect your computer and mobile devices by using the most up-to-date anti-virus software.

• Be Careful When Transferring Money

Impersonation is the most common form of fraud. You may be contacted by someone or an institution that claims to work for you, or represent a financial company or the government to get money out of you. Fraudsters may contact you by phone, email or text messages. Don’t trust caller ID on your phone as fraudsters can use technology to make it appear as though their calls are coming from legitimate businesses or organizations.

Be sure to verify their identity, especially when they are asking for your personal details and/or asking you to part with your money. You can contact the related institution to check their authenticity.

• Look Out for Scams

Be vigilant to the tricks and cons that other people have fallen for. Pay attention to scam prevention messages, and share the information with those who rarely read newspapers or watch TV, in particular with the elderly who are a key target for scammers.

• Don’t be Tempted by High Returns

The promise of a high return for your investment is often too good to be true. In most investment fraud cases, fraudsters prey on the greed of investors who are attracted by aggressive and quick returns. Investment scams involving pyramid and Ponzi schemes, unregistered investments, promissory notes, commodities and such often use high returns to tempt you into making bad decisions.

Know who you are dealing with and invest only with licensed intermediaries such as banks, brokerages, and financial planners.

3. Job Frauds

Cyber criminals target young, educated citizens in the name of job offers. They get bulk bio-data/CV of persons looking for jobs from job sites such as naukari.com. shine.com, etc., and using the details given in the CV – phone number, email, educational qualification, previous employment, etc., device personalized fraud emails promising job opportunities in reputed companies.

The fraudsters run a call-center setup and either pose as a job consultancy firm or impersonate the prospective employer itself They make the victim interact with multiple levels of HR executives to give an impression that they are genuine entities.

Once the potential victim falls into their trap, they start demanding fees in the nature of registration charges, document verification, interview scheduling, uniform advance, etc. After extracting a large sum from the victim, they stop further communication.

Preventive Measures:

• No genuine recruiter will demand large sums for registration, document verification, interview scheduling, etc.
• Fraudsters impersonate as genuine job consultancy firms by using similar email accounts, logo, etc. Please verify the details of the firm before committing any payment towards job assistance.
• Look for complaints and reviews about the said firm on online forums. If significant number of people have shared reviews about their fraudulent activities, then probably they are cheats.
• Verify from the said reputed employer whose job has been offered, about the genuineness of the offer. Use contact details given on company’s official website to seek clarification. Do not seek clarification from company officials referred to by the job consultant. They are probably part of the gang trying to cheat you.
• Do not get tricked by spoofed email IDs, Customer Care Numbers, etc. Cross-verify every claim with alternate channels before engaging with the said job consultant.

4. Digital Identity Theft:

Identity thieves usually obtain personal information such as passwords, ID numbers, credit card numbers, or social security numbers, and misuse them to act fraudulently in the victim’s name. These sensitive details can be used for various illegal purposes including applying for loans, making online purchases, or accessing the victim’s medical and financial data.

How to Protect Yourself from Identity Theft

• Secure Your Connection: If you are going to use your personal information online, make sure you do so only when your connection is secure – preferably via home or corporate network or cellular data. If possible, avoid public Wi-Fi with no password protection. Should you have no other choice, use a virtual private network (VPN) that will encrypt all your communication and thus protect you from eavesdropping criminals.

• Keep your devices secure: Protect your laptop, smartphone and tablet from malicious software and attackers by using a reliable, multi-layered, up-to-date security solution.

• Stay away from suspicious messages and sites: Visit our pages about spam and phishing to learn how to spot social engineering attacks that are after your sensitive data.

• Maintain good password hygiene: Create strong passwords that are long, hard to guess, and unique. You can also use passphrases as they are easier to remember or keep all your passwords in a password manager, to store them more securely. To add another layer of protection to your passwords, use two-factor authentication wherever and whenever possible. One important note: Never reuse any password for multiple accounts or services. This way, even if attackers are able to obtain this password, the damage they can cause is limited only to the compromised account (or service).

• Be careful with sensitive data: If you want to throw away any physical documents that contain personal information, make sure you discard them in a safe manner – by making them unrecoverable or by shredding them. A similar logic applies to your electronic devices: When selling or disposing of old smartphones, tablets, or laptops, make sure you have wiped all the sensitive data they stored.

How do we report cybercrime?

The crime investigation team has been establishing many cybercrime cells in different cities of India, taking care of the reports and investigations of the cybercrimes. At present, most cities in India have a dedicated cyber crime cell. You can make a complaint anytime to the cyber police or crime investigation department either offline or online. In order to give punishment for cybercrime, the first & foremost step is to lodge complaints against the crime. You need to file a written complaint with the cybercrime cell of any jurisdiction. In the written complaint, you need to provide your name, contact details, and address for mailing. You need to address the written complaint to the Head of the cybercrime cell of the city where you are filing the cybercrime complaint.

According to the IT Act, a cybercrime comes under the purview of global jurisdiction which means that a cybercrime complaint can be registered with any of the cyber cells in India, irrespective of the place where it was originally committed or the place where the victim is currently residing/ staying.

If you do not have access to any of the cyber cells in India, you can file a First Information Report (FIR) at the local police station. In case your complaint is not accepted there, you can approach the Commissioner or the city’s Judicial Magistrate.

Certain cybercrime offenses come under the IPC. You can register a cybercrime FIR at the nearest local police station to report them. It is mandatory under Section 154 of CrPC, for every police officer to record the information/complaint of an offense, irrespective of the jurisdiction in which the crime was committed.

How to file a Cyber Crime Complaint online?

The online portal where a victim can file a cyber crime complaint is https://cybercrime.gov.in/Accept.aspx, an initiative of the Government of India that caters to complaints pertaining to the online Child Pornography (CP), Child Sexual Abuse Material (CSAM), or sexually explicit content such as Rape/Gang Rape (CP/RGR) content and other cybercrimes such as social media crimes, online financial frauds, ransomware, hacking, cryptocurrency crimes, and online cyber trafficking. The portal also provides an option of reporting an anonymous complaint about reporting Child Pornography (CP) or sexually explicit content such as Rape/Gang Rape (RGR) content. One can follow the below-mentioned steps to report a cybercrime online -

STEP 1: Go to https://cybercrime.gov.in/Accept.aspx

STEP 2: Click on ‘Report other cyber crimes’ on the menu.

STEP 3: Click on ‘File a Complaint.

STEP 4: Read the conditions and accept them.

STEP 5: Register your mobile number and fill in your name and State.

STEP 6: Fill in the relevant details about the offense.

Note: You can also report the offense anonymously.

Conclusion:

Cyberspace connects us virtually with crores of online users across the globe. With the increasing use of cyberspace, cybercrimes especially against women and children such as cyberstalking, cyberbullying, cyber harassment, child pornography, rape content, etc. are also increasing rapidly. To stay safe in the online world, it is important to follow some cyber safe practices which may help in making our online experience and productive. Cyber awareness and hygiene for parents like talking to your children, noticing indicators of change in behavior, protecting your child from Cyber Grooming, never clicking suspicious links or attachments, Install anti-virus software’s with parental control. Cyber awareness and hygiene for teens and young adults like Secure your online presence just like you secure yourself, be mindful of your appearance on video chat & video calls, do not use smartphones for taking sensitive personal photographs and videos, protect yourself from Cyberstalking, Beware of fake social media accounts. We need to educate people about cybercrime and also promote cybercrime awareness.

Note : For a more detailed insight into the session, you can visit our YouTube Channel Forensic 365