In April 2005, former employees of a Pune-based BPO firm duped US citizens of around Rs 1.5 crore from their Citibank account.
In June 2005, the tabloid Sun, in a sting operation purchased the bank account details of 1,000 Britons for about $5.50 each from an employee of Gurgaon-based BPO company.
In June 2006, a Bangalore-based BPO employee sold the credit card information of UK-based customers to a group of scamsters, who used the information to siphon off nearly Rs 1.8 crore from their bank accounts.
Today, after more than two years, these frauds and scamsters continue to operate and it is the IT hubs of the country—Bangalore, Pune and Gurgaon—that are slowly taking on the notoriety of being the cyber crime centres of the country. The only difference: Change in modus operandi.
If earlier it was the BPO employees who facilitated these frauds, now it is through the internet that these crimes are committed. Take for instance the case of Rahul. This Bangalore-based techie received an ‘official’ email from the private bank where he had a salary account requesting him to verify his login details as part of a server upgrade. “You must renew the services or it will be deactivated and deleted,” the mail said.
Rahul promptly filled in his bank account details including the PIN number and address. The next day, he found Rs 2 lakh missing from his account. From his bank, he found out that the money had been transferred to another account in Kolkata. The email, URL and even the bank’s web page were all found to be bogus.
Rahul’s is not the only case of a cyber criminal duping people of their money. Another person from Bangalore was duped of Rs 15,000 through similar means. Both the cases that happened early this month are under investigation.
In fact, Bangalore’s cyber crime station, the first one to be set up in India during 2001, has so far received close to 553 enquires, with the maximum number being received during the past two years. There were 111 criminal cases registered between 2001 and 2006.
Additional director-general of police S Mahapatra, who also heads the cyber crime cell, admits that cases of internet bank fraud and password hacking are on the rise in the Silicon Valley of India. “The most difficult part about bank frauds is that the criminals could be sitting across national boundaries,” he says.
Besides bank fraud, emerging cyber crimes include ID thefts, data thefts, credit card manipulation and stealing confidential information from companies.
But it is not just the individuals who have been caught in the cyber crime net. Even corporates have witnessed phishing and spyware attacks. A survey conducted by Websense Inc between January and March 2007 reveals that 57% of the Indian enterprises have received phishing lures during the last one year and over a third of Indian companies (38%) were attacked by spyware. The survey says the CIOs felt that some of the ways employees expose their corporate networks to security threats include free software downloads, use of instant messaging tools, proxy avoidance sites, visiting malicious websites and pop-ups ads with Mumbai (72%) and Bangalore (71%) corporates being the most concerned about the security threat.
National Association of Software and Service Companies (Nasscom) says it was working closely with the industry to create an information security culture especially in the ITeS and BPO segments. “We have been interacting with the government on the issue of creating a relevant regulatory environment that will further strengthen information security initiatives being rolled out within the ITeS and BPO organisations,” it says.
But what is worrying the industry is that these cyber crimes are not committed for mere financial or economic gains but in the name of personal prejudices. “It is not just professional criminals who are venturing into criminal activities. It is generally white-collared professionals who are involved in cyber crimes these days,” says cyber law expert Pavan Duggal.
“Today, many organisations conduct a sizeable part of the business over the web and given that a large number of employees access the internet, it is imperative that IT decision makers have a proactive approach towards monitoring, detecting and protecting against web threats,” says Websense Southeast Asia head Surendra Singh.
Industry observers says the IT hubs had become easy target for the cyber criminals due to increasing penetration of technology into people’s lives. “This is the flip side of IT,” an industry expert says.
Duggal says that in the absence of strong IT laws in the country, criminals are taking advantage of the lacuna in the system. “The only way out is to be more cautious when dealing with email communication,” Mahapatra adds.
