Incidents of mobile fraud appear almost every day in the local newspapers. Fraudsters usually target senior citizens who are unaware, uninformed, naive, and too trusting. But now, even highly educated people – doctors, advocates, teachers, actors – are becoming victims. Yet, the alert few have managed to recover some part of their losses, because they responded within the ‘Golden Hour’ and had an Incident Response Plan. This article tells you what you can do within the golden hour.
How do people become victims of fraud?
They respond to calls, SMSes, and WhatsApp messages from strangers posing as authorities from telecom service providers, electricity distribution companies, banks, payment app providers, and even the Income Tax department. These fraudsters speak authoritatively and confidently; they induce fear and convey urgency to respond; they coerce, bully, cajole and use persuasive language – misleading victims into believing they are who they claim to be.
Victims react by sharing OTPs, clicking malicious links, scanning QR codes, downloading apps, and unknowingly sharing their credentials and personally identifiable information or PII. As a result, they have lost a chunk of their life savings. Once victims realized they have been defrauded, they do not share their unfortunate experiences with friends and relatives, due to embarrassment – or they hesitate to report it to the police and bank officials.
Now that’s a grave mistake!
What is the Golden Hour?
In the world of healthcare, the life of a patient who suffers a heart attack can be saved provided they receive first responder treatment (like CPR) or get to a hospital within one hour.
In the world of cybersecurity, that window is two hours. If you can dial a helpline number and report the case, and then go to the police station and file an FIR, followed by a call to your bank, the police and bank authorities may be able to freeze recipient accounts and reverse transactions.
You need to act fast!
But you need to act fast, as money is in electronic form. It zips across the internet between bank accounts in seconds. Even on public holidays! And fraudsters usually practice their misdeeds on weekends when banks are closed and there are fewer people at the help desks.
Consider the real-life incident of a veteran actor Annu Kapoor, who had the presence of mind to go to the police within the golden hour. He was cheated of Rs 4.36 lakh in a KYC fraud but the police helped him recover Rs 3.08 lakh. The remaining amount was withdrawn in cash by the fraudster, though the police are on the case and trying to track the crooks.
On September 29, 2022, the actor received a call just as he was preparing to leave for a shoot. The caller was posing as an official from the head office of a private bank. He told Kapoor that his KYC process was not completed. As Kapoor was in a hurry, he told the caller to speak to his accountant. But the caller was persistent and told Kapoor that only the account holder could do the KYC process. And unless the KYC was completed, the bank account would be deactivated. He offered to guide Kapoor through the process. Losing patience, Kapoor shared his bank account number and the One Time Password (OTP) with the caller.
A few minutes later, the actor received a call from his bank and was told that his account was compromised. Even as he was speaking to the bank official, Kapoor received an SMS from his bank that Rs 4.36 lakh had been debited from his account in two installments.
Kapoor rushed to the nearest police station and filed a complaint. Working with the bank, the police traced the transactions to two nationalised banks in the state of Bihar. The police contacted these banks and got them to freeze the accounts – and Rs 3.08 lakh was transferred back to the actor’s account.
Kapoor was lucky because the police responded quickly and they knew about the banking processes for fund transfers.
But many are not as fortunate as Kapoor.
According to reports, very few cases are reported to the police, and fewer victims recover their money.
According to the community social media platform LocalCircles, 42% of Indians experienced financial fraud in the last three years. And only 17% of those who lost their money due to banking fraud were able to get their funds back while 74% could not get any resolution.
That’s because most people do not respond on time and do not report cases to the authorities.
So what should you do when you receive a call or message from a stranger warning you about incomplete KYC processes, loss of mobile and electricity connections, deactivated bank accounts and such?
Follow this incident response plan.
Incident Response Plan
- Do not follow the caller’s instructions.
- Hang up after listening to the caller.
- Never share any details (OTPs, bank account numbers, personal details) with the caller.
- Never click on links or attachments received via email, SMS or WhatsApp messages.
- Never scan QR codes sent by the caller.
- Never install any screen sharing or remote access apps (TeamViewer, AnyDesk, Air Droid) that the caller recommends.
- Contact your nearest police station and file an FIR.
- Take a copy of the FIR to your bank.
- Call your bank and block credit and debit cards if these are being misused.
- Install a caller ID verification app like TrueCaller
- Call the state government helpline (Maharashtra: 155260)
- Call the National Cyber Crime Reporting Portal Helpline Number: 1930
- Tweet about it. Twitter Maharashtra Cyber cell @MahaCyber1
- Note down the helpline numbers of your bank and police station
Proactive Measures
- Go through your credit card statements and check transactions
- Go through your monthly bank statements and check
- Go through your messages
- If you see anything suspicious then call the bank
- Check for auto-debit or recurring payments from credit cards
Zero Trust Policy: Always Doubt and Verify
The term ‘Zero Trust’ is frequently used in the world of cybersecurity. It simply means start by not trusting anyone by default. And if you should trust, be sure to verify first.
It’s best to be doubtful and skeptical. Ask yourself if that makes sense. Be aware of the banking and payment processes.
For instance, if you paid your electricity bill and got an acknowledgment, and then you receive an SMS saying that you didn’t – you need to be suspicious. Visit the physical office of the electricity provider and take your bill and receipt along.
Though we have apps and websites to do our onboarding for services, it is best to visit their offices the first time. Ask questions about the procedure. Note down helpline numbers and official website and email addresses.
Do not search for phone numbers online as there is a possibility you may call a bogus number or visit a fake website.
Look at the documentation your bank gave you when you got a new account or credit card. All the helpline numbers, email and website addresses are listed in that documentation.
And above all, don’t keep a large amount in your savings account. Spread it around. Make short-term investments if you need liquidity in the near term.
Change your banking passwords and credit card and ATM PINS every 3 – 6 months. And use phrases for passwords, with a mix of alphabets, numbers and special characters.
Lastly, be aware that fraudsters already have some of your personal details, like your date of birth, address, email address, and even your PAN and Aadhaar card numbers. You have already shared a lot about yourself on your Facebook page, right? So they know about your family and friends too. They try to win your confidence during the call by telling you these details.
Do not trust them. Hang up immediately.
If you practice cyber hygiene (tips shared in this article) you will be spared.
To conclude, if you act within the golden hour you can not only save a life but also recover your stolen money.
See also: DSCI-PayPal Report Shows Increase in Online Payment Fraud in India
