Overview :- Have a look at the following three recent news items:-
1. A woman from Rajasthan did a google search for SBI customer care number and called the first phone number found, where a man identified himself as an SBI employee, asked her to install anydesk screen sharing program so that he can help her with her issue and installed a keylogger program using which cheated Rs 4 lakh from information obtained.
2. A person opened the ICICI Bank website address obtained through a google search by clicking on the top result displayed and entered his userid and password, which turned out to be a fake website and fraudster looted three lakhs from that login credentials.
3. A person from Delhi called the phone number through google search of a hotel in Haridwar and sent ten thousand rupees for advance booking to the number given by the manager on phone, only to find out later that he was scammed when he reached the hotel, here the phone number was manipulated.
Above examples are all related to a new type of cyber fraud called Google Search or SEO Poisoning.
How it works :- Cyber criminals first clone fake websites that resemble the popular websites and assign a Universal Resource Locator(URL) close to the original website URL (ex: www.sbionline.com instead of www.onlinesbi.com) and allow them to enter login credentials or manipulate google Ads to display a page which displays their number instead of the original customer care number. They then use Google Ads and Search Engine Optimization (SEO) methods to make the fake website appear as the first or top result of the Google search on any query related to original website. People are fooled into believing that the website or information that comes up as the first or top result of a Google search is always correct and they click and give their credentials or call them to get scammed.
To protect yourself from fraud you should:-
- Always use the bank’s website URL or customer care number printed on your passbook or behind the debit or credit card, never use Google search results or Google Ads.
- Check if banking and payment websites used are secure (URL must start with https in browser or have a padlock symbol in front).
- If you have double factor authentication provision on your bank, email and other main websites, enable it.
- If you are suspicious of a website’s URL or home page or phone number, Use it only after verifying that it is a genuine website.
- When you call customer care, if you are asked for your userid, password, credit/debit card details, OTP or to install or click on a hyperlink, immediately end the call as genuine customer care employees will never ask for this information.
- If a website asks for any unnecessary permission or there are too many popups to install or tries to install a program, close it immediately and exit.
If you are a victim of fraud :- As soon as you suspect fraud, change your password and call the legitimate customer care number to file a complaint and temporarily lock your bank account or debit or credit card and mark any associate transaction as fraudulent. Call 1930 cyber helpline number and file a complaint. You can also file a fraud complaint with Google on the URL or customer care number found in search result.
Remedies available to borrower legally :-
One can register a criminal case in cyber police station under section 419 (punishment for cheating by impersonation) and 420 (cheating and dishonestly inducing delivery of property) of Indian Penal Code(IPC) or under section 43 (Penalty and compensation for damage to computer, computer system, etc), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person is imprisoned for a maximum of 3 years or a fine of 5 lakh rupees or both), section 66C(which prescribes penalties for identity theft and states that anyone who fraudulently or dishonestly uses a person’s identity information will be subject to imprisonment up to 3 years and a fine of up to 3 lakh rupees) and Section 66D (punishment for fraud by impersonation using computer resources) under of the Information Technology Act(IT) Act 2000 .
References and Links :-
- https://support.google.com/legal/troubleshooter/1114905?hl=en – page to report fake search results or google ads.
- https://developers.google.com/search/docs/advanced/guidelines/report-spam – page to report information in Google’s search results that you believe appears due to spam, paid links, malware, or other issues that might violate our google spam policies.
- https://cybercrime.gov.in/ – Indian cyber helpline website to report a cyber crime.