Keep yourself secure online

LAST week, I found my mailbox full of phishing emails. These should have straightaway gone to the spam, but somehow had escaped detection as spam. And from the volume and the variety, it seemed like fraudsters were letting loose thousands of mass emails of different kinds, in the hope that if not all, at least some recipients would fall prey to their machinations. So, I thought I should check them out and warn consumers to stay alert.

In this age of online shopping, it is common to get an email or a text message from the retailer confirming a purchase order. Fraudsters, it seems, are now using this route to prompt consumers to open their emails, because many of the hoax emails say ‘Order confirmation’.

If you open them, believing them to be from an online store where you ordered goods, you will be running into risky ground, because all of them prod you to do what you should not — click on the link provided in the email. One of my mails, for example, simply said, “If you are unable to see the message, please click on the link given below.”

Another mail with the same title of ‘Order confirmation’ said, “Your e-gift voucher is ready to be dispatched. Click here to view it.” Yet another mail said, “Rs 31,890 successfully credited into your wallet. Login to your wallet account now to confirm.” Clicking on the links and complying with such instructions could well allow hackers to steal personal data and crucial financial information, and, in turn, your money.

Interestingly, several surveys around the world have shown that most consumers are aware of the dangers posed by cybercriminals, yet they get deceived by conmen, without realising it. One of the biggest scams of last year, the ‘electricity bill’ fraud is a classic example.

It was obvious to anyone who carefully read the message without getting into a panic that the threat of disconnection for the non-payment of bill was a ‘smishing’ fraud, where the criminal uses a mobile phone text message to lure victims into calling back on a phone number and prompting them to visit fraudulent websites or download malicious content.

Here, the sender never gave the name of the power supply company, nor the account number, or the name of the consumer. The message was badly drafted and had several grammatical errors. Furthermore, no power supply company can disconnect your supply without proper notice, and this, by no stretch of imagination was a notice.

Yet, the tricksters managed to empty out the bank accounts of hundreds of power consumers across the country. Even more incongruous is that even though the police in several cities nabbed the perpetrators, the messages continue (I got one just yesterday), and so also reports of consumers losing money. Does it mean that the police are yet to nab all members of the gang or is it a new group using the old method?

From all reports, the modus operandi is the same. Consumers are urged, through the message, to call on a mobile number and the person at the other end prompts the caller to make a small payment of Rs 7 or Rs 10 to correct a miscalculation in the bill or download and install a remote access software — either way, the conmen gain access to the victim’s bank account.

The increasing number of such online frauds calls for a concerted effort on the part of the consumer protection regulator — the Central Consumer Protection Authority — to take up consumer education and awareness campaigns across the country. Similarly, cybercrime investigation teams should follow every lead, every complaint — small or big — and catch the swindlers at the earliest, before they cause extensive damage.

Consumers too need to exercise utmost caution to stay clear of such online frauds. First and foremost, before opening any email, check the source. Even if the source seems genuine, if it is prompting you to follow a link to pay your electricity or telephone bill or house tax or download an app, ignore it. If there is a warning of disconnection of service or closure of bank account, do not panic. Call up the service provider on the helpline number provided on the website of the service provider and make enquiries. Similarly, instead of following a link to make a payment, always go directly to the website of the company and make sure that it is genuine. Ensure that your bank/credit card company has your mobile number and sends updates promptly.

If despite these precautions, you become a victim of a cybercrime, immediately block your bank account or credit card, as the case may be. These days, banks provide helplines through IVR services, online portal, mobile banking apps, to self-block your account or debit or credit card and also report a fraud or an unauthorised transaction. So, always be aware of those services and take prompt action. You can follow it up with a formal letter and a personal visit to your bank. It is equally important to lodge an FIR with the local cybercrime police immediately. You can also call 1930 for grievances relating to cyber financial fraud.

Meanwhile, you should visit cybercrime.gov.in — the national cybercrime reporting portal — and click on the link ‘learn about cybercrime’. It explains terms that may seem Greek and Latin to you but are useful in filing a complaint against frauds like ‘phishing’, in which fraudsters steal your personal and financial information through emails that appear to be from a legitimate source.

Also, visit consumerhelpline.gov.in. If you click on ‘Financial Fraud’ on the left side of the page, it will take you to a brochure brought out by the Ministry of Home Affairs on ‘Secure Online Financial Services.’ It is a must-read for every consumer as it gives useful information on keeping yourself secure online.

— The writer is a consumer rights and safety expert