This is a continuation to the previous article ‘India and its cyberspace part 1’ -Link
In part-1 I have written about the data breaches of big tech organizations in India. In this article, I will try to cover more on scams and cybercrimes that are originating in India along with how organizations are treating their security.
It might take a book to write about cyber scams and cyber frauds in India and as much as I wish I could say there are controls to stop cybercriminals, there aren't good enough cyber frauds and crimes to stop if found it takes fucking forever to solve it and if the culprit is found guilty it would take another life to recover the money to send it back to the victims.
First, let us talk about scams and cybercrime in India and how culprits are escaping from the law. Starting with the most common one catfishing, phishing, and SMShing.
Catfishing happens mostly on Facebook and Instagram where the culprit makes multiple fake accounts with some legit photos and some background information that can be brought of the dark web and then lure desperate people to trust them from then they start to ask for financial help or sometimes personal information like nudes mostly for females and sometimes for males and once they get what the want if financial help they would continue to ask until the victim gets suspicious, the worst part is the profile that they make or stories that they say to gain trust feel legit and even after filing a case or reporting it to the authorities it would be like catching a needle in a haystack, which is hard unless they leave a clue or fall into traps set by police. In this case, these are sophisticated catfishing which are rare in India but are gaining popularity nowadays with COVID on a rampage. The culprits have more than enough time to find and exploit a victim. In good ol’ times where catfishing accounts used to be Angel Priya with actor’s images on it.
From the law enforcement side, they have strict rules to follow such as to find the IP address of the culprit from the account name would take court permission and a request to FB, Insta, or WhatsApp, which is a long-ass procedure to follow.
I am attaching a case that happened not so long ago, where a guy tried to impersonate my grandfather, and the sad news is that some of his old friends have fallen to his prey. I was able to find his name it was either Raj or Vishal Charan. They have given the culprit of total INR1,00,000 without proper confirmation or
Upon reaching the police they did make an FIR but time to recover that money would take some time as they have said it quite low money to recover and follow up. And this is the point culprits are leveraging i.e to scam for lesser amounts so that could be considered low police would not follow it up. But the number of victims under their belt is quite high compared, which makes it effective as hell.
Phishing and SMShing, they are getting sophisticated with leaked data being put online, culprits are using this to their advantage like your address, phone number and sometimes Card details and using this data they customize the phishing email, SMS or sometimes calling you in person, in one case I had a bizarre experience, where once I bought something of ShopClues.com and after receiving my parcel after 2–3hrs I got a calling saying that they are ShopClues Customer Service and I have won a swift car as part of a lucky draw, I was sure that it was a scam/phishing call but the timing and him saying he was from ‘shopclues’ customer support and I never put my personal number online unless it is for an order or something really important so I have pinged ShopClues on their Twitter account and they said it was not theirs and they didn’t have any lucky draw at that time. A few things stuck with me like how did they even get my number in the first place? Because I gave my number to ShopClues and only them and their delivery person should be holding my number. So, actors are using this kind of data to their advantage by taking several parcel details and then luring them into saying they have won a prize and you guys finish the puzzle.
I mean if was any unsuspecting user like me would have easily fallen prey to them out of happiness and them using such good details while talking to them really I felt sick to my gut once I found the entire chain of attack. And ShopClues said they are investigating this but they haven’t said anything regarding the same.
Another type of scams that are originating in India and are a huge pain in the ass are call center scams that are tricking people from the USA, UK, Australia, etc… to pay them huge amounts some times more than $1000 for a service which are fraudulent, they first lure victims by paying to advertisements to advertise their phishing sites that show they have a virus on their computer and should contact customer service to repair it, upon contacting them an Indian would act if he is from the states and would tell some white person name and then he induces F.U.D into victims Fear, Uncertainty and Doubt to exploit them. And these types of scams are becoming more and more sophisticated like sending mails like your Subscription has ended connect to support to renew it and from there they will do the dirty to get money out of victims in such case some actors tried to do this to Malwarebytes and they open up the entire operation from the owner and co-owner name and on under which org they are doing this dirty ass work.
In the report, they have traced back the operation and found the organization under which these scams are running and their co-owners name which is
We were able to identify the registrant behind the zfix.tech domain as being Aman Deep Singh Sethi using the aman.techsquadonline@gmail[.]com email address. Pivoting on the associated phone number [+9]19810996265 we uncovered a larger piece of their scamming infrastructure as well as an associate named Swinder Singh.
Both individuals are registered as directors of a company in New Delhi called Lucro Soft pvt located at 14/28, F/F SUBHASH NAGAR NEW DELHI West Delhi DL 110027.
For a more detailed view read their report.
And this how a typical scammers page looks like.
During these trying times, vultures are on a full-scale hunt to exploit us for their gain. One such example, I have been going through my Twitter Feed and found a tweet that some MF's are posting/tweeting that they have oxygen cylinder to use and as part of security deposit that they have to 5000 as a down payment. And with a shortage of oxygen cylinders in India and each one going for more than 1,00,000 in some cases for a cylinder and this is life-saving in our current situation many require oxygen to survive because of COVID. And using this many assholes are using this Fear to count and exploiting many users out of pure greed. And with governments sulking behind and going on roadshows for election reasons I hope cybercrime branches take appropriate actions to at least stop this type of crime.
To everyone who is reading this be safe and try to stay home as much as possible, losing someone close to you is agony and that pain is immeasurable.
PS: I would have added more and my findings but it bore the hell out of you readers so had to cut out a huge part to not make this boring. Again if I had said anything wrong please correct me ❤
Stay safe and stay tuned ❤
Connect to me via Twitter @krishnasai_456.
Thank you!!! ❤