Cybercriminals are using helpline or complaint or grievance forums or tweets or messages on social media as a input to fraud people by using the data provided by the victims themselves, unfortunately leading to victims getting scammed again. Here cybercriminals use the vulnerability and desperation of the victims to get relief or refund for their earlier loss to fraud them again. Nowadays there are many online consumer grievance redressal or complaint or helpline forums or websites or hash tags on social media forums in twitter, facebook or telegram that has come up where victims can write about their issues or grievances or challenges or problems in getting service or refund or replacement or solution, cybercriminals use the information that is shared there to fraud or scam those people.
How does this cybercrime work :-
Victim approaches one of the helpline or complaint or grievance forums or websites or social media platforms like twitter, facebook forums/pages or in telegram groups with a hastag(like #amazonrefund or #railwayhelp) posts a message a describing their issue or grievance in detail, which may include details like name, address, date, order number, their contact number, when they contacted, what was that message etc or attach screenshots which has this information.
Cybercriminals search for these kind of details and then approach the victim either on phone by calling the number posted or as a message introducing themselves as support person of the company or organisation in complaint and apologizes for the issue caused to them and guarantees to help them solve that issue and does everything to win their trust. Once the trust is obtained, then he asks them to either install a support (screen sharing or remote access) software like anydesk or remotedesk etc and guides them to provide full access to the device to him or asks them click on a hyperlink or scan a QR code, on clicking or scanning them will install a malware on the system, which will then give unlimited access to the cyber criminal.
Once the access to the device is obtained, the cybercriminal shall copy all the personal or financially sensitive data to his device or mirror that device, so that he gets to view and see all the actions done by the victim from that time onwards. Using this data or access, he commits various cybercrimes like stealing valuable information or money, sextortion(I had talked in detail in an earlier article) or blackmail the victim to do tasks as per his direction.
How to protect oneself from such cybercrime :-
- Never share your personal or sensitive information including your phone number on any public websites or social media forums.
- Be wary of any person who approaches you as a reply or comment to your message and offering help, verify and authenticate he is genuine before you speak to him or share details.
- Do not install any software or click on any hyperlink or scan a QR code(had written a article on QR code scams previously) by strangers.
- Mask your personal and financially sensitive information on any attachment you attach on such forums.
- Before giving OTP’s to strangers, read and confirm what that OTP is for.
- Install and good antivirus software on your device and regularly update them.
- Take regular backup of your device and store it safely offline or on cloud storage.
If you are a victim of such cyber fraud :-
Immediately call 1930 cyber helpline or file a complaint at cybercrime.gov.inhttp://www.cybercrime.gov.in. Complain to the relevant authority or website about such fraudsters and fraud. If you had installed any software or clicked a hyper link or scanned a QR code – uninstall that software, change the passwords/pins of all your important accounts like banking, email etc. Best is to factory reset or format your device as your antivirus may also sometimes fail to find the malware.
Remedies available to victim legally(India) :-
Lodge a complaint at nearby cyber or regular police station under :
- Section 378(Theft), Section 424(extract data illegally), Section 425(destruction of property), Section 441(criminal trespass) of Indian Penal Code(IPC)
- Section 43 (Penalty and compensation for damage to computer, computer system, etc), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person), section 66C(which prescribes penalties for identity theft and states that anyone who fraudulently or dishonestly uses a person’s identity information) and Section 66D (punishment for fraud by impersonation using computer resources), Section 66E(Violation of privacy) of IT Act 2000/08.