A Click Online, Scams Nine

Wizened after living in ballsy Delhi for decades, my friend boomed back in an equally abrasive tone: “Today is not good. Let’s meet at my thaana next week. Bring your friends too. We’ll all have lunch with the real police.” The caller hung up hastily.

Not everyone is as battle-hardened or lucky; many become easy prey. In 2023, India witnessed 79 million cyberattacks, ranking it third globally in sheer numbers. This was a 15-per cent rise from the previous year. The escalation continued into 2024, according to PRAHAR (Public Response against Helplessness & Action for Redressal).

From January to April 2024, Indians were robbed of Rs 1,750 crore by cybercriminals, leading to 740,000 complaints on the National Cybercrime Reporting Portal. This is a sharp rise. With cyberattacks at 500,000 till March, April alone saw a 50-per cent rise.

This massive fraud is not random, but a result of back-breaking analysis and data-mining. The Indian Computer Emergency Response Team (CERT-In) reveals that fraudsters use databases acquired from unscrupulous sources. The data includes property registries, medical claims and online history, all neatly categorised to help fraudsters target individuals based on net worth, lifestyle and ‘discovered’ vulnerabilities.

Skyrocketing Price Of Digital Convenience

In the digital age, convenience comes at a price. In India, that price has increasingly been our privacy and our money. The 740,000 complaints filed in the first four months of 2024 is not a cold statistic; it is a silent scream of individuals duped, threatened or extorted by faceless predators in cyberspace.

Those who wax eloquent about the marvels of technology, would do well to understand how tele-callers and cybercriminals use the internet we adore to target us. The arsenal is simple — data-mining, algorithmic surveillance and an evolving ability to exploit digital footprints.

There is dark humour at work too. If they were not so worrisome, calls received from shyster police stations and policemen would make for fascinating dinner conversations. But these calls are scary for most people, a signal that they have made it to the ‘target list’.

Algorithms: Monitoring Your Every Move

When you search for a hotel on Google or order a pizza on Swiggy, you unknowingly become part of a growing repository of data. Your data. Algorithms track your every move from then on — buying habits, wish lists, preferences and aspirations. Cybercriminals are adept at using this digital breadcrumb trail to bake a cake that explicitly encapsulates your life.

Prof Raghav Chatterjee, cybersecurity expert at IIT Delhi, says: “Algorithms don’t just collect data; they interpret it. Criminals leverage interpretations to predict financial capacity, emotional state, even susceptibility to specific types of scams.”

In one chilling case in Bengaluru, a tech professional received a ransomware threat targeting her child. The criminals had analysed her search history and online purchases to determine that she had enrolled her child in an expensive private school. They demanded Rs 10 lakh, exploiting her maternal instincts, financial position and fear. She paid up.

The Digital Marketplace: A Goldmine For Criminals

It starts quite innocuously, perhaps as a call from a “customer care executive” who knows your name and address, and your car model, insurance renewal date, even your favourite colour. Typically, this means that today’s seller of extended warranties might end up scamming and phishing you tomorrow. These callers are just tools used by the growing cybercrime ecosystem, which is powered by rampant data-mining of illicitly-acquired databases.

For instance, Ranjana Rajagopalan, a resident of Neeti Bagh, a residential colony of lawyers and judges in Delhi, received a call from a ‘bank representative’ who knew of her recent purchase of many items of apparel on EMIs. Her ‘new banker’ persuaded her to click on a link to “verify her purchases for quicker delivery”. An hour later, Ranjana’s account was wiped of Rs 2.5 lakh, while she tearfully recounted her tale at the Hauz Khas police station.

In Ranjana’s case, what was used as weapon was her data, the primary enabler of cybercrime. Companies (even leading banks, mind you), sell databases to third parties. Eventually, this makes its way into the ‘Dark Web’. The information includes insurance renewals, medical records, property details, friend’s birthdays (their likes and dislikes), and much more.

Anuja Singh, researcher at the National Cyber Security Centre (NCSC), says: “The problem lies in the lack of stringent data protection laws. While the Digital Personal Data Protection Act, 2023, is a step forward, enforcement remains a challenge.”

Anatomy Of A Scam: From Data To Threats

This is good to know, if only to enable you to avoid becoming a victim. Fraudsters begin with a database that contains phone numbers, names and financial history. They use algorithms to profile and categorise individuals based on income, spending habits and vulnerabilities. Depending on the profile thus created, cybercriminals tailor scams — phishing for the affluent, lottery scams for the aspirational, ransomware for professionals.

Beyond financial losses, cybercrimes inflict emotional and psychological damage too. Victims often grapple with feelings of betrayal, helplessness and paranoia.

Anita Sharma, a retired teacher in Jaipur, received 50 threatening calls in a single week after her personal details were leaked. The criminals used her location and family information to demand a ransom, leaving her too terrified to step out of her home.

Sameer Mathur, CEO of cybersecurity firm SM Consulting, says such elements exploit fear and ignorance. “Cybercrime thrives on human frailties. Empowering citizens with knowledge is as critical as deploying technology to counter the threat.”

Neha Dubey, analyst with the Data Security Council of India (DSCI), says: “Companies should move beyond compliance to adopt a proactive stance on data security. This includes regular audits, limiting third-party data-sharing, and using encryption technologies.”

People too can take steps to self-protect. They should verify the identity of callers asking for personal information; limit oversharing on social media, like phone numbers and travel plans; and invest in antivirus software and enable two-factor authentication. They can also report suspected cybercrime on the National Cyber Crime Reporting Portal.

The digital revolution has transformed lives. It has also opened a Pandora’s box of cyber risks. As cybercrimes grow in sophistication and scale, the onus to stay vigilant lies not just on the government, but on individuals and corporations too. This is a long battle, and we need to combine tech and awareness to reclaim our digital space and ensure that convenience does not come at the cost of privacy and security. In the digital world, every click counts.

(The writer is a veteran journalist and communications  specialist. Views are personal)