Courier related cyber frauds are increasing nowadays, as many people are ordering products online which are delivered using couriers to them. Let’s look at some of the recent news on this:
- A doctor in new delhi, was looted 4.5 crore rupees by conning her that her FedEx parcel had drugs.
- A PhD student of IISc bangalore was duped of 1.35 lakh rupees on the pretext that his courier had illegal items.
- In Ahamedabad, Gujrat a lady was asked to pay 5 rupees to receive courier parcel but on payment ended up loosing 1.3 lakh rupees.
All the above news items are related to cyber frauds done by cyber criminals using courier as a medium. Here cyber criminals use common people’s fear, ignorance of law, innocence and ego that they are smart and can’t be scammed for conning people.
How cyber criminals fraud people using courier as a medium :-
- You get a call, usually automated call one day that your FedEx courier to some country usually Taiwan has been seized by customs as it has drugs or other illegal substances. When you counter that saying you have not send any courier to Taiwan, then the person on the other side will reply back saying that the courier has been booked in your name and you Aadhaar(usually obtained from one of the data leaks or from one of the places you had provided it for authentication) is linked to it and that there is a police case under Narcotics Act registered on it and they transfer the call or conference in a fake police officer who will say that a non bailable case is being prepared in her name and a FIR will be registered shortly and he will ask her about her bank details, recent transaction statement etc as they need to check if money laundering is also happening. They will scare you to the core and once they realize you are ready then they will say that FIR can be avoided if you settle the case by paying money to the specified account. If needed or if more money can be looted, they will rope in a fake ED or RBI officer also which happened in the above delhi doctor’s case.
- In the second type of scam, the courier guy will call you and say your address needs to be verified for them to deliver or there is a shortage of 5 rupees in courier charges and on payment of that they will deliver the courier. For address verification, they ask for your aadhaar card and use that for committing cyber frauds. In the second case, you think only 5 rupees and agree to pay, then they ask you to install an App or scan a QR code(please refer to my article on QR code scams) or click a hyperlink and then install a malware on the device, which creates a backchannel to the hacker to the device to steal data or a keylogger which then transfers all the keys entered by you(which may include your bank user id & password etc) using which cyber criminal commits various cyber frauds.
- In the third type of scam, you get a sms or a email saying your courier is awaiting for delivery and need your confirmation of address or time of delivery etc, by clicking the hyper link or a QR code provided in the message. On clicking or scanning the QR code, a malware is installed on your device which is then used to steal information from your device or they may ask Aadhaar for address proof which may be further used for cybercrimes.
How to protect yourself from such frauds :-
- Always follow the principle of ‘Patience, Zero Trust and Authenticity’ for all digital transactions. Always pause, think and respond, never react.
- Do not share the picture of your Aadhaar and PAN card with anyone, if you have to give then give the photo copy in black and white and write the reason for which you are giving it with the date you gave or Use Driving License or Voter ID instead of Aadhaar and PAN for verification of your name, age or address.
- Never click on hyperlinks in any messages from unknown numbers
- Never install any apps obtained as Apks and install apps from Google playstore or Apple store which has good rating and comments.
- Install good antivirus software and keep updating it regularly.
- Say No to strangers who ask you to scan a QR code.
- Never enter your confidential details on forms or websites unless its from an authorised source.
If you have been scammed of such fraud :-
Immediately call 1930 cyber helpline or file a complaint at cybercrime.gov.in. If you have shared Aadhaar with someone, lock your Aadhaar card at uidai.gov.in. Complain about the incident to the respective courier company. If you think a malware is installed then format or factory reset your device and change your passwords and pins of banking accounts and other important accounts including email.
Legal(Indian) remedies available to the victim :-
One can register a criminal case in cyber police station under :
- section 419 (punishment for cheating by impersonation), 420 (cheating and dishonestly inducing delivery of property), 464 (make a false document or false electronic record) and 465(Punishment for forgery) of Indian Penal Code(IPC)
- section 43 (Penalty and compensation for damage to computer, computer system, etc), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person), section 66C(penalties for identity theft) and Section 66D (punishment for fraud by impersonation using computer resources) under of the Information Technology Act(IT) Act 2000.