Raja, a salesman in a pharma company was waiting in the bus stop and a lady requests to borrow Raja’s phone to call her husband as her mobile had battery drained out. Raja gave her the phone, she dialed some number spoke to someone and returned the phone to Raja. Later in the night when Raja was checking his phone, he found a sms message for a transaction of Rs one lakh, which he had no clue about. On police investigation, it was found that call forwarding was set and Raja fell for call forwarding cyber scam.
In another incident, cybercriminals borrowed phone to make a emergency call and then do wallet transfer or stole personal(Aadhaar, PAN etc.) and financially(Account, Credit card, OTP etc.) sensitive data from the smartphone, which was later used for committing may cybercrimes.
In another incident, cybercriminals installed malware or App which forwards incoming sms messages or keystrokes to specified number, using which cybercrimes are done.
The cyber crime in this example is basically hacking into your smartphone or computing device, except that here they try to get physical access of your device by using a typical social engineering technique(where they try to get your trust or empathy/sympathy) and then setup call forwarding or steal content in the device or setup a malware and then commit many different cybercrimes on the victim.
In a call forwarding scam, scamsters dial ** followed by number like 401 of jio, 21 for airtel or vodaphone or bsnl network phones followed by ** and enter the phone number to which calls needs to be forwarded ending with # (ex: **21**9812345678) and dial that number, after which all the calls will be diverted to specified number or modify advanced call settings to set call forwarding. Cyber criminals then use voice OTP to loot money from the victim.
Precautions to take to prevent such smartphone cybercrimes :-
- Never give or lend your smartphone to strangers for whatever reason.
- If you have to give for making call, you dial the number and then turn on speaker phone and turn off the screen.
- Never click on a hyperlink or scan a QR code or install any App provided in a message or mail by a stranger.
- If for any reason you are not receiving any calls for some time with full signal then check if call forwarding is set by dialing *#62# on your phone.
- Always set password for opening critical and sensitive apps like files explorer, sms, whatsapp, gallery, shopping, banking and UPI/wallet apps.
- Enable multi factor authentication if the application supports it.
If you are a victim of such fraud :-
Immediately call 1930 cyber helpline or file a complaint at cybercrime.gov.in website or nearby police station. Disable call forwarding if enabled. If credit/debit card details are leaked, then block those cards. Uninstall any new App installed and if you feel unsure about malware removal, factory reset or format the device.
Legal remedies available to the victim :-
You can register a criminal case at your nearest cyber or regular police station, under the following legal sections or the Act as per sections prescribed by the police based on your case :
- Section 378(Theft), 419 (punishment for cheating by impersonation) and 420 (cheating and dishonestly inducing delivery of property), Section 424(extract data illegally), Section 441(criminal trespass) of Indian Penal Code(IPC)
- section 43 (Penalty and compensation for damage to computer, computing device etc.), section 65 (Tampering with computer), section 66 (punishment for computer related offences – a person committing data theft, transmitting virus into a system, destroying data, hacking, or denying access to the computer or network to an authorized person), section 66C(which prescribes penalties for identity theft and states that anyone who fraudulently or dishonestly uses a person’s identity information) and Section 66D (punishment for fraud by impersonation using computer resources) under of the Information Technology Act(IT) Act 2000.