As the digital landscape continues to evolve, so do the threats that lurk within it. This past month has highlighted just how vulnerable our personal information, financial security, and national interests can be, from digital arrest scams to sophisticated cyber espionage efforts. In this month’s edition of ‘Secure Digital Life,’ we cover scams such as digital arrest scams costing victims over Rs 120 crore, fake job offers, parcel seizure scams, the alarming rise in UPI frauds, a fake website scheme by a father-son duo, a ticket scalping crackdown involving BookMyShow, and the activities of Transparent Tribe targeting Indian entities. Let’s understand the evolving tactics of cybercriminals and the steps we must take to protect ourselves and our communities.
This article is brought to you in partnership with Truetalks Community by Truecaller, a dynamic, interactive network that enhances communication safety and efficiency. https://community.truecaller.com
Digital Arrest Scam
The digital arrest scam has emerged as a significant threat in India, resulting in substantial financial losses. In this scam, fraudsters impersonate law enforcement officials, such as agents from the Central Bureau of Investigation (CBI) or the Narcotics Control Bureau (NCB), to intimidate victims into transferring money.
Fraudsters initiate contact through phone calls, claiming the victim is involved in illegal activities, such as drug trafficking or money laundering. These calls are often made using Voice over Internet Protocol (VoIP) services to disguise the scammer’s location, making it challenging for authorities to trace them. Victims are coerced into switching to video calls on platforms like Skype or WhatsApp, where they are told they are under “digital arrest.” During these calls, scammers often make use of fabricated digital backgrounds that mimic official settings, adding an extra layer of authenticity to their claims. This involves keeping them on video while demanding payments, often through digital wallets or cryptocurrency, which are harder to track.
The scammers create a sense of urgency, threatening immediate detention unless victims comply with financial demands. Often, they fabricate evidence such as fake arrest warrants, legal documents, or even digital footage of supposed law enforcement activities to support their claims. Some fraudsters go as far as creating fake websites that mimic government portals, complete with case details to convince victims of the legitimacy of the threats. In some cases, scammers claim a close relative is in custody, further pressuring victims to pay large sums of money.
In the first quarter of 2024 alone, victims reportedly lost around Rs 120.3 crore due to this scam. The Ministry of Home Affairs reported over 92,334 instances of digital arrests since January 2024, with cumulative losses exceeding Rs 2,140 crore across various cybercrimes. Authorities have found that scammers often work in organized syndicates, using advanced social engineering techniques and leveraging the fear of legal consequences to extract large payments. These scams typically involve multiple accomplices, some posing as legal advisors to further intimidate victims.
Prevention Tips: Always verify the identity of anyone claiming to be a law enforcement official, avoid sharing sensitive information over calls or video chats, and report suspicious calls to local authorities or cybercrime units. Additionally, be cautious of any unsolicited calls that demand immediate action or payments, especially if they include threats of arrest. Always consult a trusted legal professional or contact law enforcement directly to confirm the authenticity of such claims.
Fake Job Offers
The rise of fake job offers has become a prevalent issue in India, particularly targeting young job seekers desperate for employment. Scammers post attractive job advertisements on various platforms, including social media, job portals, and even through emails that appear to be from reputable companies. These job offers often promise lucrative salaries, remote work opportunities, and minimal qualifications, making them appealing to many individuals.
The scam typically begins with job listings posted on various platforms, which appear to be legitimate, complete with detailed job descriptions, company logos, and contact information. Once a candidate expresses interest, they are often asked to pay upfront fees for training materials, processing applications, or securing their position. These payments are usually requested through digital wallets or bank transfers, making it difficult to trace the funds. Scammers often use high-quality fake company websites and create realistic email domains to build credibility. They may also impersonate HR representatives and conduct fake interviews over video conferencing platforms like Zoom or Skype, adding an extra layer of legitimacy to their scheme.
Victims may go through fake interviews conducted by scammers posing as company representatives, which can include technical assessments, behavioral interviews, and document verification, just like a legitimate hiring process. During these interactions, victims are asked to provide personal information, such as identity proofs, bank account details, and educational certificates, which can later be used for identity theft or sold on the dark web. Eventually, victims find that the job does not exist, or they never receive any follow-up communication after making the payments. In some cases, victims receive an offer letter that appears genuine, complete with company letterhead and HR signatures. However, when they try to contact the company, they realize they have been scammed. Many individuals have reported losing significant amounts of money—sometimes in the range of thousands to lakhs—due to these scams. The lack of regulation on online job postings and the increasing sophistication of fake company profiles make it easier for scammers to operate without detection.
Prevention Tips: Research the company and verify its legitimacy before applying, beware of upfront payments, and stick to reputable job portals and company websites when searching for employment opportunities.
Parcel Seizure Scams
Parcel seizure scams are another growing concern, where fraudsters exploit fears related to illegal activities involving parcels. Victims typically receive phone calls or messages claiming that a parcel addressed to them has been seized due to containing illegal items such as drugs, weapons, or counterfeit currency. These calls often come from spoofed numbers that appear to be from legitimate government agencies, such as customs offices or law enforcement departments, making it difficult for victims to immediately detect the scam.
Scammers use aggressive tactics, insisting that the victim must pay fines or fees immediately to avoid legal action or arrest. Often, they demand payments via digital wallets or cryptocurrency, making it difficult to trace the transactions. In some cases, scammers may instruct victims to download remote access software under the guise of helping them resolve the issue, which then allows the scammer to gain unauthorized access to the victim’s personal information or financial accounts. The fraudsters frequently present fake documents or tracking information, including fabricated customs declarations or legal notices, complete with official-looking seals and signatures, to convince victims of the legitimacy of their claims.
Emotional manipulation similar to digital arrest scams is also used, with fraudsters threatening victims with dire consequences if they do not comply swiftly. Victims are told that their assets could be frozen, or that they may face immediate arrest if they fail to act. In the rush to resolve the situation, victims can end up losing substantial amounts of money without verifying the authenticity of the claims. Many of these scams leverage the fear of legal repercussions, pushing victims to make hasty decisions without proper due diligence.
Prevention Tips: Always verify any claims regarding parcel seizures with legitimate postal services or law enforcement agencies before acting on them. Avoid rushing to make payments based on fear tactics, and report any suspicious calls to local authorities.
Overview of UPI Fraud Surge
In the first half of 2024, Delhi Police reported 25,924 UPI-related complaints, highlighting a significant rise in fraudulent activities associated with this payment method. The number of domestic payment frauds on UPI has increased significantly, reflecting a growing trend among cybercriminals to exploit this popular transaction method.
Scammers employ various tactics to exploit UPI users:
Phishing Scams: Fraudsters send fake links or messages that appear legitimate, tricking users into disclosing their UPI credentials.
Vishing (Voice Phishing): Scammers impersonate bank officials over the phone, asking for sensitive information like UPI PINs or OTPs under the guise of resolving issues. These calls are often made using sophisticated call-spoofing techniques, making it appear as though they are coming from legitimate bank numbers.
Fake Payment Screenshots: Fraudulent images showing money being sent to the victim are used to trick them into sending money back. Scammers often use specialized image-editing tools to create convincing payment confirmation screenshots, making it hard for victims to distinguish between real and fake transactions.
Collect Request Fraud: Scammers send requests through UPI apps pretending to be legitimate entities, asking for money under false pretenses. These requests often come with convincing descriptions, such as pending bills or donations, designed to lure victims into authorizing payments.
Fake QR Codes: Malicious QR codes lead to fraudulent websites that steal users’ credentials instead of processing payments. These QR codes can be distributed through physical posters, emails, or text messages, making them seem like legitimate payment methods for events or services.
SIM Swapping and Cloning: Fraudsters duplicate victims’ SIM cards to intercept OTPs and authorize transactions, gaining unauthorized access to their accounts. This often involves convincing mobile network providers to issue a new SIM card using stolen personal information, effectively taking over the victim’s phone number. Once they have access, scammers can reset UPI passwords and authorize fraudulent transactions.
Prevention Tips: Verify links and requests before clicking, use trusted sources for QR codes, beware of urgent requests for money, never share sensitive information like UPI PIN or OTP, and regularly update security settings on your devices. Additionally, be vigilant about unusual activity on your mobile network, such as loss of signal, which could indicate a SIM swap attack. Always contact your service provider immediately if you suspect your number has been compromised.
Fake Website Scheme Masterminded by Father-Son Duo
A father-son duo has been exposed as masterminds behind a large-scale fake website scheme, defrauding unsuspecting individuals out of significant sums of money. This scam involved creating dozens of fraudulent websites that mimicked legitimate companies and government portals, complete with official logos, addresses, and contact details, to lend credibility to their operations.
The fake websites were used to offer various services, including job placements, loan approvals, and government services, targeting people looking for financial aid, employment opportunities, or assistance with official procedures. Victims were often asked to fill out detailed application forms that collected sensitive information, including identity proofs, bank account details, and addresses. These details were later used for identity theft or sold on the dark web. In addition, victims were required to pay processing fees or registration charges through digital wallets or bank transfers, which were difficult to trace once completed.
The father-son team went to great lengths to create a sense of legitimacy for their fake services, including setting up customer care numbers and using Voice over Internet Protocol (VoIP) services to handle victim inquiries. Victims who attempted to verify the authenticity of the services by calling these numbers were met with professional-sounding customer support representatives who provided further reassurance. The scammers also used sophisticated SEO (Search Engine Optimization) techniques to make their fake websites rank highly in search engine results, increasing their visibility and attracting more victims.
The scam was ultimately exposed when multiple victims began filing complaints with law enforcement authorities about unfulfilled services and unresponsive customer care. Cybercrime units conducted investigations, uncovering the network of fake websites and tracing the digital footprints back to the father-son duo. They used digital forensics to analyze payment trails, IP addresses, and domain registrations, ultimately leading to the arrests. The authorities also found that the duo had laundered the proceeds through multiple digital wallet accounts and cryptocurrency transactions to evade detection.
Prevention Tips: Always verify the legitimacy of a website before providing sensitive information or making payments. Look for signs such as an HTTPS-secured URL, accurate contact details, and customer reviews from reliable sources. Avoid making payments through unconventional methods and be wary of services that require upfront fees. Report suspicious websites to cybersecurity authorities to prevent others from falling victim to similar schemes.
BookMyShow Ticket Scalping Scam Crackdown
The Maharashtra Cyber Police recently launched a crackdown on a major ticket scalping operation targeting the popular online ticketing platform BookMyShow. The scalping operation involved fraudsters using bots and other automated software to secure a large number of tickets for high-demand events, such as concerts, sports games, and movie premieres, which they then resold at exorbitant prices on secondary marketplaces.
The scammers employed sophisticated automated tools to bypass security measures and CAPTCHA systems on the BookMyShow platform, allowing them to purchase tickets at lightning speed as soon as they were made available. These tools gave them an unfair advantage over legitimate users who were attempting to buy tickets manually. The fraudsters would then list these tickets on third-party websites or social media platforms at heavily inflated prices, making significant profits at the expense of genuine fans.
The crackdown by Maharashtra Cyber Police involved monitoring suspicious activities on the ticketing platform, identifying unusual purchasing patterns, and tracing the transactions back to the individuals involved. The cybercrime unit worked closely with BookMyShow to identify vulnerabilities in their platform, which were being exploited by scalpers. Through data analysis, digital forensics, and collaboration with payment gateways, authorities were able to trace the fraudulent transactions, leading them to the perpetrators. Several arrests were made, and multiple automated tools and scripts used for ticket scalping were seized.
The Maharashtra Cyber Police emphasized the importance of cooperation between online platforms and law enforcement to combat similar fraud. They urged ticketing platforms to implement stricter security measures, such as improved CAPTCHA systems, behavioral analysis, and AI-driven monitoring to detect automated ticket purchases. BookMyShow has since pledged to strengthen its security protocols and enhance its monitoring mechanisms to prevent future scalping activities.
Prevention Tips: When buying tickets online, always use official platforms and avoid purchasing tickets from third-party resellers at inflated prices. If tickets are sold out, wait for official announcements rather than resorting to unverified sources. Report any suspicious ticket resale activities to the event organizers or authorities to help prevent scalping operations from profiting.
Transparent Tribe Cyber Espionage Incident
The incident involving Pakistani hackers, specifically the group known as Transparent Tribe or APT36, has raised significant concerns regarding cyber espionage targeting high-profile Indian entities. Transparent Tribe has a history of targeting Indian government organizations, diplomatic personnel, and military facilities, and their activities have intensified throughout 2024. Using advanced malware called ElizaRAT, they have infiltrated systems to gather sensitive information, posing a serious risk to national security.
ElizaRAT, first identified in September 2023, is a Windows Remote Access Tool (RAT) that allows attackers to control infected systems remotely. The malware has evolved with improved evasion techniques and command-and-control (C2) communication methods. The cyber espionage campaign has involved three distinct phases: the first using Slack for C2 communication, the second shifting to private virtual servers, and the third leveraging Google Drive. Each phase has refined the group’s tactics, such as using time zone verification to target Indian systems specifically.
The group’s evolving campaigns demonstrate their adaptability and sophistication. They employ phishing tactics to distribute malware, using Google Storage links and deceptive C2 channels like Slack, Telegram, and Google Drive to blend malicious activities with legitimate network traffic. Their introduction of ApoloStealer, a new payload designed for data exfiltration, underscores the growing threat posed by Transparent Tribe. These ongoing cyber espionage efforts highlight the need for heightened cybersecurity measures, advanced monitoring, and comprehensive incident response plans to protect high-value targets in India from sophisticated espionage attacks.
Prevention Tips: Organizations should implement robust cybersecurity measures, including regular software updates, employee training on recognizing phishing attempts, and deploying advanced monitoring tools that can detect unusual patterns of behavior indicative of malware infections. Establishing comprehensive incident response plans is also essential to address breaches swiftly and mitigate damage. Being proactive and vigilant is key to defending against espionage attempts by groups like Transparent Tribe.
Thank you for taking the time to read this month’s edition of ‘Secure Digital Life.’ The growing prevalence of these cyber threats highlights the critical need for each of us to stay informed and vigilant. By sharing this knowledge, we can create greater awareness and help protect ourselves and those around us. If you found this information helpful, consider spreading the word to your friends and family. Together, we can build a stronger defense against cybercrime.