Preventing online scams - CERT-In advisory

Overview

In recent years, India has experienced a swift and remarkable digital transformation. From banking to shopping, everything is now online, providing people a seamless transaction convenience. However, this growth has also sparked a rise in online scams. Cybercriminals are growing more sophisticated, devising new tactics to defraud individuals. Their methods are diverse, targeting a wide range of individuals, young people, seniors and professionals.

Description

Outlined below is a look at some common scams and their intricacies followed by measures to protect against such scams.

1. Phishing Scams
   Phishing remains one of the most prevalent forms of online fraud. Scammers create emails or messages that appear legitimate, often using logos and branding from trusted organizations.
   Techniques: They may include urgent language, such as warnings about account suspension, to prompt immediate action. Links lead to
   counterfeit websites designed to capture login credentials or personal data.
   Targeting Methods: These scams can target specific groups (account holders of banks) or the general public through mass emails.
2. Lottery and Prize Scams
   These scams often appeal to a victim's desire for financial windfalls.
   Execution: Victims receive notifications claiming they have won a lottery, often for an international lottery they never entered. To claim
   their prize, they are asked to pay a processing fee or taxes.
   Psychological Play: Scammers exploit hope and greed, often using fake endorsements or testimonials to build credibility.
3. Emotional Manipulation Scams
   As online dating becomes more common, dating scams are on the rise.
   Process: Scammers create fake profiles on dating apps and social media. They engage victims in lengthy conversations, gradually building
   emotional connections.
   Manipulation Techniques: After establishing trust, they fabricate crises (like medical emergencies) to solicit money, often requesting
   funds to be sent via crypto currency.
4. Job Scams
   Job seekers, especially fresh graduates, are prime targets for these scams.
   Methodology: Scammers post fake job listings on legitimate job portals or social media. Victims are asked to pay for application fees,
   training materials, or background checks.
   Red Flags: Offers that seem too good to be true or requests for money upfront are common indicators of a scam.
5. Tech Support Scams
   These scams often take advantage of users' lack of technical knowledge.
   Approach: Victims receive unsolicited calls from individuals claiming to be from tech companies. They may inform the victim that their
   computer has a virus and guide them through a series of steps to grant remote access.
   Consequences: Once access is gained, scammers can steal personal information or install malware. Victims may also be pressured to pay
   for unnecessary software or services.
6. Investment Scams
   Scammers promise unrealistic returns to lure individuals into fraudulent investment opportunities.
   Techniques: Common schemes include Ponzi or pyramid schemes, often marketed as "high-yield investment programs." Scammers use
   social media and seminars to attract victims.
   Risk Factors: These scams often target individuals seeking quick financial solutions, exploiting their lack of financial literacy.
7. Cash-on-Delivery (CoD) Scams
   In the burgeoning e-commerce landscape, CoD fraud has gained traction.
   Execution: Scammers set up fake online stores, accepting CoD orders. When the product is delivered, it is either counterfeit or completely
   different from what was advertised.
   Impact: This not only leads to financial loss but also erodes trust in genuine e-commerce platforms.
8. Fake Charity Appeal Scams
   During times of crisis, scammers often pose as charitable organizations.
   Methods: They create convincing websites or social media profiles, soliciting donations for fake causes, such as disaster relief or health
   initiatives.
   Emotional Manipulation: Scammers exploit compassion, using images and stories to provoke sympathy and urgency, making it difficult
   for victims to discern legitimacy.
9. Mistaken Money Transfer Scams
   Methods: The scammer contacts the victim, often via email or social media, claiming that money has been mistakenly transferred to their
   account.
   Urgency and Pressure: The scammer creates a sense of urgency, urging the victim to return the funds quickly to avoid complications or
   legal issues.
   Manipulation: They may provide false proof of the transfer, such as fake bank statements or transaction receipts, to lend credibility to
   their story.
10. Digital Arrest
    Methods: Victims receive a phone call, email, or message claiming they are under investigation for illegal activities, such as identity theft
    or money laundering.
    Threats and Pressure: The scammer threatens the victim with arrest or legal consequences unless they take immediate action. They often
    create a sense of panic to prevent rational thinking.
    Demands for Payment: Under the guise of "clearing their name", "assisting with the investigation," or "Refundable security
    deposit/Escrow account" the individuals are coerced into transferring large sums of money to specified Bank Accounts or UPI IDs.
11. Phone Scams
    Fake Calls or Messages: Victims receive calls or messages claiming to be from telecom regulatory, often stating that their phone number
    has won a prize or that there’s an issue with their telecom service.
    Urgency and Fear: The scammer creates a sense of urgency, claiming the victim needs to take immediate action to claim a reward or
    avoid penalties.
    Request for Personal Information: The scammer may ask for personal information, such as bank details or OTPs (one-time passwords),
    under the guise of verifying the victim's identity.
12. Parcel Scams (FedEx/DHL)
    Methods: Victims receive a phone call, email, or message claiming they are under investigation as their parcel has been seized by
    authorities for containing illegal items such as drugs.
    Threats and Demands: The scammer threatens the victim with arrest or legal consequences unless they pay a fine.
13. Loan/Cards scam
    A loan scam typically involves fraudsters posing as legitimate lenders, offering loans/cards with attractive terms to trick individuals into sharing personal information or paying upfront fees. Here are some key features:
    Fake Offers: Scammers often advertise loans with low interest rates and quick approval times, often through online ads or social media.
    Pressure Tactics: Scammers might pressure individuals to act quickly, creating a sense of urgency.
    Advance Fees: Victims may be asked to pay a fee upfront to secure the loan, which the scammer then disappears with.

Best Practices and Recommendations

• Verify the caller’s identity. If someone claims to be from a Law Enforcement Agency, do not engage over video calls or transfer money.
  Government agencies do not use platforms like WhatsApp or Skype for official communication. Verify their identity by directly contacting the
  relevant agency.
• Do not panic, as scammers use fear and urgency to manipulate victims. Take a moment to assess the situation calmly before responding.
• Avoid sharing personal information.Never disclose sensitive personal or financial details over the phone or video calls, especially to unknown
  numbers.
• Never install remote access software on your device for anyone: This software gives individuals complete control over your device, creating a
  significant security risk.
• Do not transfer money under pressure: Legitimate Law Enforcement Agencies will never pressure you into sending money immediately. If
  someone demands money over the phone or online, it’s most likely a scam.
• Staying vigilant and informed is crucial to protect yourself from this emerging cyber threat. By being aware of the tactics used by scammers and taking necessary precautions, you can minimize your risk of falling victim to online scams.
• Report suspicious activity: If you suspect you’ve been targeted by any online scam and you gave sensitive information, don’t panic — reset your credentials on sites you've used them and then report it to the police and cybercrime authorities immediately.
• Avoid clicking on links or attachments from unknown senders. Instead, enter the organization's URL directly in your browser or use bookmarks.
• Always verify the legitimacy of the links and emails. For example, check for spelling and grammatical errors in the URL, or whether the sender
  is trustworthy.
• Carefully consider before providing personal information to any person or organisation. If the website does not use HTTPS for encryption,
  please be careful and do not provide sensitive information.
• Do not install apps shared by unknown individuals.Download apps only from official app stores to avoid malware.
• Do not share your device with strangers.
• Verify call forwarding and mobile settings in case you accidentally share your device with strangers.
• If you experience a sudden loss of service, report it immediately to your provider, as it may indicate a SIM swap attempt.
• Regularly monitor your bank and credit card statements for unauthorized transactions.
• Never pay for job offers. Verify job postings and companies before applying or providing personal data.
• Verify requests for urgent money transfers by calling directly your relatives/friends.
• Always remember, you don't need a UPI PIN or OTP to receive money.
• Verify the sender’s banking name before making payments using QR codes.
• Carefully review the loan terms, including interest rates and fees. Be wary of apps that use vague or confusing language.
• Always use genuine and up-to-date software.
• Stay informed about common scams and tactics used by fraudsters to better protect yourself.

Disclaimer : The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information
Email: info@cert-in.org.in
Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan, 6, CGO Complex, Lodhi Road,
New Delhi - 110 003

Source : CERT-In