Introduction:

(Some parts of the article are India Specific. Those parts includes official bodies names, their addresses and payment gateway providers. Other than that, information shared on the article can be practised in most places worldwide.)

Suppose, you receive a message from someone you know where the message sender tells you he is in medical/financial emergency and he is in need of  XXX-XXX rupees(or dollars) on a immediate basis. You read the message sent to you and in a pulse you become ready to send the money. The sender sends you a mobile number or a mobile wallet(UPI payment like Google Pay, PhonePe, Freecharge, Paytm) address asking you to forward the amount here.

You then open your banking app or a wallet you use regularly and fill in the details, enter the amount asked for and send the money. Now, after the successful money transfer, you revert to the person to confirm whether he/she received the amount or not. Some time passes by, But you don’t receive any response.

Later, after a while the account sent you message request for transaction blocks you and vanishes from your chat. This makes you panic in fear and all of a sudden, bad thoughts start in your head. You try to access the profile of the person, But can’t access the profile since you are blocked. So being worried at the same time you contact the person’s mobile number whose profile was used to send you the message and you get a shocking reply on the call that the person never made request for any kind of monetary transaction.


What just happened?

The thing that just happened with our guy above is known as Scam. In the scenario above, Our guy gets contacted by a profile which looked familiar since the hacker had used an image of someone from our guy’s friends list. To look more authentic, the attacker performed a tactic known as social engineering on the target and created a dummy account with details and profile picture of someone familiar to our guy from his friends list. This technique of impersonating as someone online is known as Identity Theft.

Then the hacker sent a fake message of an emergency from the fake account in order to trap our guy, in order to make our guy perform tasks which he wants to get accomplished. After the motive of the hacker is achieved, he deletes the chat and blocks his target, deletes the fake account that he created to target our guy and vanishes leaving him robbed and confused. Now our guy has no clue what to do, whom to reach and how to catch the impersonator.


Why did it happen with our guy?

There can be multiple factors in play which has resulted into this situation. Many a times, These kind of attacks are played out random. The hacker or hacker’s group which target people target people on a random basis with no motive other than to rob money. The thing that happened with our guy, usually happens with many people every day on a random basis. Sometimes, the hackers succeed in their mission, sometimes they fail. But in overall, this type of attacks are of a hit and miss category. That means, if the target is quick enough to understand the scenario and gets out of it, The entire mission of the attacker is sabotaged.

Other factor could be, when our guy or his organization can be a well known name and hence become a predetermined target, for which the hacker/group were gearing up in order to achieve their motives.

Such attackers attack randomly or in a targetive basis for these motives:

  • Steal Money.
  • Defame the Person or an organisational entity.
  • In Jealousy.
  • For revenge.
  • To remove the person/organization out of competition.
  • Enmity.
  • Harassment.

Such attacks have been on a rise in India since 2017, When we witnessed a boom of digital payments.


What can we do to safeguard ourselves from such malicious attempts?

In today’s world when everything is going digital, it’s hard for many to keep up with the pace at which the technology is increasing. It might look easier for Teenagers or Young adults who have been under the influence of such technologies since a long time, But it gets quite difficult for people who either have limited access to such technologies due to some personal reasons or they find it hard to operate for daily tasks.

I can understand, as even my parents many a times find it quite difficult to operate some tasks on their smart devices which we find simple to use. It’s not their fault though, What we can do, is to help them out and teach them step by step with patience so that they come aboard with all of us on the same level. Now to safeguard yourself, There are many steps that you can take to ensure your guards are up against such culprits. Such steps if taken carefully by everyone can be beneficial.

Here are some steps you can take:

  • Limit your social account posts visibility to friends of friends only. This helps in hiding your posts from those who are unknown in our circle.
  • Try to lock your profile so that outsiders, especially those who might be trying to pry into your account to steal your data, profile photos etc in order to commit a crime can be stopped from moving further.
  • Enable 2-factor authentication( or multi-factor authentication) on your email, social, banking and any other accounts in order to stop any culprits from breaking into your account.
  • Only add those people to your followers or friends list who are known to you. Many a times people who are in our list try to commit such crime against you. so always stay alert.
  • Try not to tag your accounts with locations. as this makes it easier for the hackers to find and target you by other means.
  • Never respond to messages sent by unknown accounts. If you receive messages from any unknown accounts it’s better to avoid it.
  • Verify the account before replying or adding it to your friend or followers list. Many a time such accounts are fake and created by hackers using identity theft on some other profile.
  • Limit access to apps which you connect to your social accounts. Only allow trusted applications to access your profile information.
  • Never share your personal details or any other valuable personal information on social media. This is considered a very bad practise as such information can make you an easy target to be chosen out of the pool.
  • Never answer to unknown numbers especially numbers that are international to you (For ex any number starting from +192, +92 +97 +931). Hackers usually use such numbers to target their victims. Report such numbers to the Regulatory bodies such as TRAI.

Already Affected by such attack? Then here are some steps you can take:

If you have fallen a victim to this attack then make no delay. Delay in responding against such crime will not only reduce your chance of recovering what you lost but will also encourage the hackers to perform more such attacks on others. It’s better and always wise to react as fast as possible which ensures not only to defraud you but also catch the culprit redhanded.

Follow these steps if you/someone you know is a victim of such fraud:

  • Take evidences which are available to you at your disposal. for ex, Take screenshots of the conversation, save the messages on the platform (if possible) for further investigation.
  • If you have call recordings with the culprit, its better to extract and save it on a thumb drive for investigation. Also note the number down so that the authorities can find some lead.
  • If any transactions have been made, call your bank immediately and provide a light on what happened with you so that the bank can take necessary steps from their side.
  • If you were scammed by the fake account of someone you know its better to inform the person whose account’s identity was used to contact you so that you can break the chain of hacker if he has any intention to target anyone else with the same profile.
  • Save all the evidences that you collected as mentioned above in a folder so that the official authorities can access everything at a single place. make multiple copies of the same folder, keep one on your smartphone, one on a pendrive, one on your computer/laptop and if possible save one copy of the folder in your cloud account so that you can access them anytime from anywhere.
  • If any Transactional fraud has occured, then visit the branch of your bank and lodge a complaint with their cyber team. Be sure to tell them all that has happened and provide them a copy of the folder you made. Be sure to take a complaint copy from the bank as you might need it in the next step.
  • After the visit to the bank, Visit to the nearest police station to your house and lodge a complaint against the fraud that has happened to you. provide them with all the details that you have along with the folder of evidence that you made. Also take the FIR copy from the police station and keep those documents safe.
  • After the visit to bank and police station, it would also be better to register your complaint on Cyber Crime portal . provide all the details that you have, and also upload the documents that you got from the bank and Police station.

If you happen to be someone who is a victim, then the steps above can help you with your case Or if you happen to know someone who has been a victim of such incident recently, do share it with them so that, the victim can get all the help he needs from official authorities.The hackers who commit these types of crime are successful because of the lack of awareness regarding this topic. Not many happen to know what to do in such scenarios. Hence, Share this post with everyone, So that people are aware of how such things happen, What are the reasons behind it and what measures can be taken to protect them as well as to help them if they have been affected by it.

Afterall..

In this digital age,

Awareness is the key.


By Siddhant Pathak

Cyber security architect, 7+ years experience in cyber security industry, Tech savy, Nature lover, Bullet 350 rider

Have some thoughts? why not share with us here.