Easy availability of consumer data across the web has led to a significant rise in cybercrimes in the country. Earlier this week, a special joint police team from west-district Delhi and Bangalore had busted a duo of telecaller cheats for amassing Rs 7-8 lakh fraudulently by impersonating bank executives.
During investigation, the accused, Deepak Kumar Pandey and Babban Singh, revealed that they had collected the data of customers from the vendors available on JustDial. JustDial is a large classifieds service where users can call a common number to request for products or services that are listed with the company. Pandey and Singh approached the “data vendors/suppliers” listed on JustDial and procured basic consumer data through email after paying Rs 5,000 to a data vendor.
“This is how easy it is to get basic information like name, mobile number, email ID, addresses etc. of thousands of people. A simple Google search can introduce you to a whole industry of data vendors and you are free to choose whose services you want to avail. This is where most of these fake telecallers, who are not even seasoned hackers, find it easy to procure calling information that they then conveniently misuse,” said Dinesh Yadav, superintendent of police, Noida city cybercrime cell.
The cases of cyber fraud have increased substantially over the past few years. While cybercrimes have been committed by professional hackers, there has been a large scale increase in financial frauds committed by amateurs who have been singularly exploiting the loophole in the system to gain quick and easy money.
“All they have to do is sound like a professional. They easily learn that with a job at a real call centre where they acquire training to write and rehearse the script. They may or may not be fluent in speaking English in real lives, but when on call, they are so well rehearsed that the victims never suspect their credibility. They become bank executives, job agents, insurance providers, loan givers, lottery handlers when on the call, even though in real life they might just be college drop-outs. This is a classic example of how a fraud exploits the prejudices that prevail in the society that a person speaking good English must be genuine,” said Harsh Mitter Bakshi, ACP, cyber cell, Daryaganj. While the fraudsters have mastered the art of “sounding like a pro”, concerns arise on how private our data really is. Anyesh Roy, DCP-Cybercrime, Economic Offences Wing (EOW), said, “Our data is not as safe as it should be on the web. The blame lies equally with the customers as well as on the lack of stringent laws to put required restrictions on data sharing with a third-party. You put your resume on a job portal to market yourself. The job portal will have to share your data with various other companies and that is exactly why you gave them your details so that it can be shared with people whom you can’t reach. Any company can approach the data portal, buy their subscription and access these resumes. If the fraud company misuses the data, then you can’t really blame the job portal for that. Either a victim’s discretion is to be blamed or the crooks who ride over the complications that come along third party data protection.”
“Another drawback has been the failure to link data collection practices (online and offline) with cybercrime. The data providers are an industry. They have started indexing data. If you need a database of only bankers, doctors, lawyers, students etc. they’ll provide it. Even if you walk in a car showroom and not buy a car, the salesman would still request you to share your details with them so that they can notify you about any future offers. And if you drop your mobile number there, it is guaranteed that you’ll start receiving calls and messages from car loan agents, car servicing agents as well as other car sellers, even though you never shared your number with these people. There are many people you know who don’t want to buy a home, but daily receive messages of various real estate agents,” said Rakshit Tandon, consultant, IAMAI (Internet and Mobile Association of India) and advisor, Cyber Complaint Redressal Cell, UP police.
“This is pure marketing. Since the whole world is moving to the web, it makes sense to reach a potential customer through emails, texts and even messaging apps like WhatsApp etc. What data providers are doing is just fulfilling a demand through large data mining. How many times do people read terms and conditions before they sign up for anything online. They themselves agree to their data being shared. If this data reaches wrong hands through data providers, you can’t really put all the blame on these vendors. They are ‘innocent catalysts’ in the whole process,” said Tandon.
The current laws that deal with data protection are the Indian Contract Act and the Information Technology Act 2011. The punishment that the law provides is a maximum of three years in jail or fine that may extend to Rs 5 lakh or both. Pawan Duggal, cyber security expert, said, “In a population of a billion, 67% Indians are online now. While the cybercrime rate is clearly in lakhs per day, the conviction rate is in single digits. Out of every 500 cases of cybercrime, only 50 get reported and chances of an FIR getting registered are single to none. What we need is dedicated data protection laws and their strict enforcement. We need capacity-building in terms of educating the vast number of mobile users in India who have no idea of how vulnerable their electronic devices are,” Roy said.