“Dear CUSTOMAR, your electricity power will be disconnected to night at 9.30 pm from electricity office because your previous month bill was not updated. Please immediately contact with our electricity officer 9693325442 Thank you.” (sic)
This has become a familiar message in Bengaluru over the last few months. Many gullible Bescom customers have become victims of phishing attacks. Wg. Cdr. Kurian Cherian (Retd) learnt it the hard way after losing money to such an attack, despite not sharing the OTP with the caller. Another customer, Chowda Reddy, faced the wrath of the fraudster for not falling prey — the fraudster hacked into his phone and posted lewd messages on WhatsApp groups Mr. Reddy was a member of.
After hundreds of such cases were registered with the cybercrime police in Bengaluru, the city police and Bescom have launched awareness campaigns. However, not a single case has been cracked and the sleuths seem to be groping in the dark, at least as yet.
The Bescom bill scam saga, just one of the hundreds of modus operandi employed by fraudsters to cheat gullible citizens, seems a familiar story for cybercrime victims in the State.
Only 10 convictions
The State police closed investigations into 12,552 cases and city police 11,383 cases in 2021, stating that though the incidents did happen, there wasn’t enough evidence to prosecute anyone. Of the 6,841 cases that went for trial, there were only 10 convictions in the State and one in the city. A majority of them — 5,497 cases — were disposed of before trial since victims were not keen or they settled or they did not turn up.
“In many cases, the quantum of financial loss will be lower than the cost it takes to investigate them. Most of the fraudsters will be holed up in remote northern states and sending teams to probe such cases doesn’t make sense. We are already cash-strapped. In such cases, we have closed investigations,” said a senior official.
Despite eight Cybercrime, Economic Offences and Narcotics (CEN) police stations, apart from a cybercrime police station under the Central Crime Branch in Bengaluru, which reports 80% of cybercrimes reported in the State, investigations are severely marred by lack of adequate staff and funds, apart from technical challenges.
Structural changes
The city police are now looking at pushing for structural changes to combat cybercrime. They started a Cyber Incident Report (CIR) in November 2021, in which victims of financial cybercrimes can report with details and CIR personnel will coordinate with banks to freeze transactions and destination accounts.
Out of cybercrimes in which financial loss of over ₹50 crore have been reported till date, CIR has been successful in freezing over ₹6 crore and refunding victims over ₹80 lakh. “While most of the nationalised banks are cooperating with us, private banks still pose a challenge. None of the banks respond beyond working hours and that also delays response. CIR is essentially a banking job that we are doing to help victims of financial cybercrime recover some money wherever we can help. Banks need to cooperate more,” a senior official overseeing CIR said.
Loan apps
City police are also now moving towards probes that focus on nipping it in the bud and attack the organised networks of cybercrimes, like in the case of loan apps that have become a big menace. One in every ten cybercrime cases reported in the city pertains to harassment by loan app executives.
The harassment is so bad that it has even led to suicides. A 52-year-old private bank employee Nandakumar killed himself in July last week in the city leaving behind a death note alleging harassment by Chinese loan app executives, who were allegedly abusing him, sending his morphed photographs to those on his contact list, over delay in repayment of loans. He had petitioned Karnataka and Maharashtra Police to ban 46 loan apps, to no avail.
The Enforcement Directorate recently conducted raids on several loan app firms and payment gateways across the country, based on 18 FIRs registered by the city police. Agencies have frozen over ₹50 crore in various accounts, which will now be given back to victims. Many of these apps have also been shut down. Agencies are now in talks with Google Play, and a norm to allow only RBI-vetted financial services apps on the Playstore.
What needs fixing
However, many such regulatory loopholes persist, making citizens gullible to cybercrimes. “There are two pillars that need to be fixed. Unless there is tight regulation over issuance of SIM cards, and opening and handling of bank accounts, one cannot regulate cybercrime in the country,” said Raman Gupta, Joint Commissioner (Crime), Bengaluru.
City police have now made several suggestions to plug loopholes in the regulatory framework to both the Department of Telecommunications and Reserve Bank of India.
“For instance, we find KYCs — based on which SIM cards and bank accounts have been operating — are often false in cybercrime cases. Once this happens, the probe hits a dead-end. This needs to be fixed. There needs to be regulations on how many bank accounts a person or a firm can own and operate, and the logic of jurisdiction needs to be applied to where you can open bank accounts. Banks should also monitor for patterns of large transactions and immediate withdrawals and transfer of money into various accounts. We also need to blacklist accounts,” Mr. Gupta said.