How To Safeguard Your Bank Accounts And Money From Phishing Attacks

Digital payments provide mobility to our money and comfort to us. At the same time, money stored in the form of digital payments or online payment mechanisms are also vulnerable to sophisticated social engineering and cyber crime attacks. Phishing attacks are one such form of cyber attacks that target innocent people and make them disclose sensitive information and details. These details include passwords, PIN number, one time password (OTP), etc and once these details are obtained, withdrawing money from credit cards or online banking is very easy.

We at Perry4Law Organisation (P4LO) And Resolve Without Litigation (RWL) are frequently approached regarding credit card frauds and cyber crimes related issues. We are presently dealing with cases of credit card fraud at State Bank of India (SBI) and phishing attack involving income tax refund. Through this post I am trying to raise some public awareness about the increasing menace of phishing in India.

Phishing is a popular method of social engineering in which cyber criminals use their persuasive power to trap gullible people and make them disclose the information that is crucial for withdrawal of money. For instance, once PIN or password is known, it is a piece of cake to withdraw money. In this post I would confine myself to phishing attack case as PTLB is handling the credit card fraud case.

It all started when TLCEODRI, an alert administrator of RWL India, caught the suspicious phishing attack on the early stage of its execution on 03-01-2018. However, action by user was not taken till 05-01-2018 and on that date the cyber criminal tried to withdraw Rs. 20,000. But the alert customer had already blocked the access to her Airtel money account and this saved her money. The ticket was created on 05-01-2018 and we are pursuing the case with Income Tax Department, Revenue Department, Financial Intelligence Unit (FIU), etc at the time of this article.

I gave the following interim suggestions in the meanwhile to safeguard her interest in best possible manner:

(1) Block all payments from all banks that are involved till you give further instructions to such banks,

(2) Change PIN/Password of all ATM/Debit/Credit cards immediately,

(3) Deactivate all Aadhaar payment systems, if any, temporarily,

(4) Most important, do not share any OTP sent to your mobile phone, and

(5) Register a mobile with your bank account(s) for record of debit/credit transactions.

Thereafter, we were informed that the cyber criminals are using e-mail spoofing by giving the address noreply (at)incometaxindiaefiling (dot)com. But once clicked, it takes you to a private domain name. This is what I suspected at the first instance and that is why I requested for the sender’s e-mail id once the reply button is clicked.

I also believe that the cyber criminals must have persuaded the victim to click on the web link purporting to be from Income tax Department’s website. Once clicked by the victim, it took the victim to an identical or fake website or webpage that is a clever and close imitation of the original website. Victims generally do not pay much attention and take the fake website to be real and submit all the information. This is how the password, PIN, etc were stolen from the victim in the present case. Nevertheless the final step of getting the OTP from the victim was still to be executed.

But what is interesting is the statement that the cyber criminals are trying to hack the mobile of phishing victim. This is natural as well as the OTP that would be sent to the registered mobile number is last defense for her and once that is compromised, money can be withdrawn easily. I reiterated the suggestion of not sharing the OTP with anybody.

Update 1: She received the second phishing e-mail with a different amount from the cyber criminals.

Update 2: She received 3 SMS notification from Idea AD-Verify as the cyber criminals are trying everything to get the money. They even tried to install a malware on her phone to steal the OTP necessary for completion of the online transactions.

At the time of writing of this article, no communication from the government departments has been received and I would update about this as soon as I get some information.

Update 1: We received an e-mail from Web Manager, Income Tax Department. He guided the tax payer to contact her Ward/Circle Jurisdictional Assessing Officer. We also added the e-mail id suggested by the Web Manager and included the Jurisdictional Assessing Officer in the communication/ticket. Any further response would be updated here and at my Twitter handle.

But what if after becoming a victim of phishing attack, the money is already withdrawn? For such victims, PTLB has already shared a very good article mentioning the legal rights and obligations of bank customers in such cases. The article covers not only phishing attacks and cyber crimes but also liability of banks for not managing a robust and resilient cyber security infrastructure. So if a bank customer can prove that bank failed to ensure robust privacy and data protection or cyber security, banks would be liable for all monetary losses.

I wish to discuss another related issue. What if such an event happens with any account linked to Aadhaar or such cyber crime happens due to Aadhaar? Well the answer to this question is simple. Aadhaar or no Aadhaar, liability of bank remains same. The Aadhaar Act, 2016 has in no way changed this position. So do not be fooled into thinking that for Aadhaar frauds and thefts you have no remedy. See this tweet of Praveen Dalal in this regard.

Also See: Aadhaar Act, 2016 Does Not Bar A Person To Sue UIDAI Or Private Companies Opines Praveen Dalal.

Be an informed customer and enforce your rights against banks, financial institutions, etc. If nobody is listening to you, we would love to help you. All you are required to do is to create a ticket at the platform of RWL India. But we have some conditions regarding Aadhaar for people who have not complied with our forms submission deadlines. Just keep that is mind and also see how we can best help you in your disputes and grievances. Once that is done, you can consider us as your friend and we would agitate on your behalf.

Credit Card Frauds Are Increasing At SBI And RBI Is Sleeping

Something very absurd is going on in the State Bank of India (SBI) that also within the actual knowledge of none other than Reserve Bank of India (RBI). There is a spate of credit card frauds in SBI and the bank is doing nothing in this regard. SBI is neither refunding back the stolen money nor is it strengthening its cyber security and banking security. This is despite the legal obligations that all banks are required to comply with regarding refund of stole money and establishment of robust cyber security.

So what exactly is going on at SBI? To get the idea, just follow a single discussion at Twitter regarding credit card fraud that is pending for redressal for the last two months. The mere fact that SBI has not been able to resolve the issue for 60 days is self explanatory. Credit card frauds are happening at SBI and neither SBI nor RBI is doing anything about this situation. Bank customers are running from one place to another with no remedy.

If a bank customer has promptly informed the concerned bank branch about any credit card fraud, it is the legal duty of that bank to not only refund the money quickly but also to investigate such credit card fraud. But banks in India, including SBI, are simply harassing the victims in the hope that they would not pursue the matter further. And this is happening as well.

If a victim of banking fraud has no remedy either at the bank level or at the RBI level, he/she can only hope that the government would listen to him/her. But our government not only lacks the will but also the necessary infrastructure to manage such disputes.

We at Perry4Law Organisation (P4LO) are trying to fill this vacuum. We have launched a test online dispute resolution (ODR) platform few years back. If nothing works for a victim, he/she can open a ticket at our platform and we would help him/her in this regard. Just add the relevant documents either at the time of creating the ticket or when we reply back through e-mail and mention about the status of Aadhaar. Once this is done, we would pursue your cause as our own.

As mentioned above, we are currently pursuing one such ticket about credit card fraud that happened about two months back as per the creator of the ticket. We have given sufficient time to SBI to respond back but SBI is engaging in time wasting tactics and next level of action against SBI is needed. That is why we have written this article that would be updated from time to time till the matter is resolved. If SBI continues with its present approach, we would take few more steps and with every such step the accountability and legal obligations of SBI would increase.

We also offered to help SBI to resolve its debit and credit card frauds so that victims can get their money back immediately. However, SBI is not interested in early resolution of disputes for reasons best known to it.

We hope SBI would resolve the issue mentioned in the ticket immediately so that we need not to escalate this issue to next levels.

How To Get Best Out Of The Resolve Without Litigation (RWL) Platform

Get Best Out Of RWL Platform

Getting best results out of a situation is an art. Not everybody is good at this art and some are bright while others need a hand to steer them past the technical and procedural requirements of a platform. This equally applies to Resolve Without Litigation (RWL) platform that is using online dispute resolution (ODR) mechanisms to resolve disputes of various stakeholders outside the courts.

We have designed the RWL platform in most simple terms so that even a person accessing the Internet can use it. After all how much difficult it is to fill details of e-mail. name, phone number, etc in an online form? Still some people have found it difficult to comply with the simple requirements of RWL platform.

As we receive many tickets on a daily basis it is not possible to devote much time to tickets that are incomplete and faulty despite e-mail and Twitter reminders. We have no other option but to close such tickets and block such users from Twitter accounts of few participating handles.

I have personally closed few such incomplete tickets and blocked few such users at my Twitter handle and believe me it is a very painful process to do so. I do it because of absolute necessity as I have to devote my limited time to those tickets that are complete and participating. I cannot continue with a ticket that is incomplete despite e-mail and Twitter reminders.

We at Perry4Law Organisation (P4LO) are here to help all stakeholders but if you try to waste our time, whether intentionally or inadvertently, we would take it very seriously. At the same time we would like to guide you so that you get best results out of RWL platform. So here are few things that you must keep in mind:

(1) Documentation: Any ticket is useless unless it is accompanied with relevant documents pertaining to the dispute. How would we analyse the situation and bring forward your cause and grievance before banks, government departments, mobile companies, etc if we are not aware of the situation at all?

So most important requirement is to attach document either at the ticket or separately at the e-mail. You can leave a message at the ticket itself and we would revert back through e-mail and Twitter handles. Simply attach the documents at the e-mail responding back to your tickets.

Option to attach documents is available at the end of the column of “Issue Details” or above Captcha. Files larger than 2 MB are not supported and you must attach the same at the e-mail of Perry4Law responding back to your ticket.

(2) Involvement Of Aadhaar: Next requirement pertains to informing us whether Aadhaar is involved in your case or not. This can be done by simply writing either Yes or No at the column you can find immediately above the Captcha.

The requirement of Aadhaar has been incorporated to see whether you have complied with the deadlines prescribed by us for submission of the Aadhaar refusal or Aadhaar delinking forms.

The next requirement? Well this is all we are asking for. Did not we say our platform is very simple to use and is user friendly. We look forward to help you in best possible manner in your hard times of disputes and agony. We would really appreciate your support and cooperation in this regard.

National Litigation Policy Of India Would Fail Without Use Of ODR And E-Courts

 

NLP, ODR And E-Courts

Why is it that legal and judicial system in India is in such a bad shape? The answer lies in lack of awareness, knowledge and use of techno legal policies to strengthen Indian judicial system. As a result cases keep on piling up and judiciary is not able to cope up with the ever increasing pressure and getting justice becomes a nightmare for general public.

Justice delayed is justice denied is an old saying now as we are directly denying justice these days. People are not getting access to justice and delayed justice is an option only after we get access to justice. Access to justice for marginalised people in India is even in worst condition and they have accepted injustice as part of their fate and lives.

Disputes and litigation have so much increased in India that they have overburdened our judicial system. Courts are struggling hard to cover the backlog of cases but the backlog keeps on increasing on a daily basis. This is primarily because of bad policies and administrative inefficiencies working at the government levels. For instance, why is it required for the government to even litigate when it is clearly on the wrong side of the law? Even if a decision is given against the government in such cases, it engages in unnecessarily appeals to further delay the desired relief to the victim.

We at Perry4Law Organisation (P4LO) believe that 90% of the government litigation and 95% of its appeals are redundant and not required at the first instance. But government is not doing anything in this regard and this is unnecessarily overburdening the courts in India.

Many of such disputes can be either avoided or they can be resolved without litigation (RWL). Information and communication technology (ICT) can play a significant role in this regard as ICT can not only prevent unnecessary cases from entering into the judicial system but it can also eliminate the vices like bench hunting. Access to justice for marginalised people in India can also be enhanced using ICT. It is clear that ICT is going to play a major role in the governance of India.

But ICT for development (ICT4D) is not possible till we use proper technology in the best possible manner. For instance, if we unconstitutionally demand Aadhaar for filing a case, that violates not only Articles 14, 19 and 21 of Indian Constitution but that would also result in failure of justice. Technology should enable masses and not exclude them from the justice delivery system. As on date people are denied access to justice right from the stage of commission of crime. For instance, if a police station asks for Aadhaar and rejects a valid driving licence or passport for filing of FIR, it is violating multiple Fundamental Rights and statutory rights of the victim. But this is happening openly in India and victims are denied justice even at the level of law enforcement.

As far as Judiciary is concerned, the concepts of online dispute resolution (ODR) and electronic courts (e-courts) must be essential part of the justice delivery system. Both ODR and e-courts must also be part of the national litigation policy of India (NLPI) as well. In short, legal enablement of ICT systems in India is need of the hour.

Unfortunately, till the month of December 2017 we are still waiting for the establishment of first e-court of India. In fact, the e-courts project of India received a major blow in the past when the e-committee refused to record proceedings at the courts in audio and video formats. Similarly, India has not used ODR for dispute resolution purposes so far.

We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) strongly recommend that ODR and e-courts must be integral and essential part of any amended Arbitration law and NLPI in future. Otherwise, justice would become a myth in India very soon.

Customer Rights For Unauthorised Online Money Transactions In India

Customer’s liabilities and rights vis-a-vis unauthorised third party online monetary transactions is well established in India. Reserve Bank of India (RBI) has issued two crucial frameworks in this regard that many customers are not aware of. First framework pertains to establishment of a sound and resilient cyber security infrastructure by banks in India. The second framework pertains to limiting the liability of customers for unauthorised e-banking transactions. Collectively, banks are required to maintain a techno legal environment that takes care of cyber security on the one hand and effective cyber crimes investigation capabilities on the other.

we at Perry4Law Organisation (P4LO) have been receiving grievances and assistance requests for ATM frauds, e-banking frauds, etc from bank customers where their money was withdrawn without their consent and participation. However, banks are reluctant in initiating a techno legal investigation to ascertain the truth and reality. Most banks lack the techno legal expertise to conduct a cyber crime investigation and they try to pass the buck to the customer who is already a victim.

Even policies of Indian government and RBI are also not customer friendly. For instance, if a victim of online fraud is not getting access to immediate remedies and grievance redressal mechanism, there is little benefit of the two frameworks discussed above. It is just like saying that customers and consumers have the rights but they cannot enforce them. That is as good as having no rights at all.

We have taken few steps to change this situation by combining Twitter/social media and our online dispute resolution (ODR) platform where consumers/customers can raise their grievances and we would try our level best to resolve the same. We have been receiving lots of complaints against banks that they are not refunding the amount withdrawn illegally and without authorisation of the customers. We are presently seized with one such long pending dispute and are in the process of issuing the notice to the concerned bank.

We at Perry4Law Organisation (P4LO) understand the value of your hard earned money. If bank, RBI, government, finance ministry, ombudsman, etc are not listening to you, do not hesitate to contact us and we would do our level best.

We have given you the legal framework above that empowers you to ask questions from banks. But banks may not listen to you and therefore we have also given you a platform to raise your voice. We hope this platform would be helpful in getting back your hard earned money back.

 

Case Study: How RWL Platform Was Used To Get Aircel SIM Cards Without Aadhaar

Aadhaar is a well known phenomenon in India where the omnipresence of Aadhaar is considered to be violation of privacy right and other Fundamental Rights by many Indians. The constitutionality of Aadhaar project and Aadhaar Act, 2016 is still pending before the Supreme Court of India. So let us ignore that aspect and move ahead and discuss the case study where RWL platform was used by us and SIMs were activated by Aircel without Aadhaar within 2 days of generating a ticket/notice.

We created a ticket/notice at Online Dispute Resolution and Cyber Arbitration platform and TLCEODRI, one of the administrators of the platform, handled the ticket. He made Aircel, Perry4Law, Department of Telecommunication (DoT) and Shri. Manoj Sinha (Minister, DoT) parties to the dispute resolution process. Once all the parties were added as the stakeholders, he sent a customised notice to the stakeholders with all documents and evidences. Simultaneously many handles of Perry4Law Organisation (P4LO) started discussing the dispute resolution ticket at Twitter.

The Twitter handle of DoT was very quick in responding back and assured us that concerned TSP has been asked to do the needful. Thereafter, prepaid SIMs of Aircel were activated without any demand for Aadhaar.

Now compare this process with traditional litigation, including the one that is currently going on in Supreme Court for many years. Can such a remedy be obtained within 2 years forget about 2 days from courts? Even if such a remedy is possible within 2 days, is it feasible to invoke litigation mechanisms of already overburdened courts with such matters?

We need alternative, effective and timely remedies for various disputes in India and if even the most controversial and technical dispute of Aadhaar can be resolved within 2 days, we certainly needs online dispute resolution (ODR) in India. And this case study of RWL is a proof that this is much required in India especially when it can support Digital India project of Indian government and Indian judiciary.

Why Litigate When You Can Resolve Without Litigation (RWL)

Litigation is not a pleasant experience at all and we prefer to litigate when nothing else works. Litigation also creates a major drawback for our judiciary by creating backlog of cases that increases each year. We have a disproportionate judges population ratio and pressure upon judges is tremendous. Judges are already under great stress and adding more cases every year is only aggravating the situation.

Judiciary has been experimenting with alternative methods of dispute resolution like arbitration, mediation, conciliation, lok adalats, e-courts, etc. But they have not been able to relive the judiciary of the pressure that it is facing on daily basis. Clearly we need to think something out of the box and we at Perry4Law Organisation (P4LO) have been doing techno legal research in this regard since 2005.

The final outcome of this research is use and adoption of online dispute resolution (ODR) and e-courts in multiple manners and in a customised form. After working for a decade in the fields of ODR and e-courts, we have launched a beta version of our coming project on ODR. The same is titled “Online Dispute Resolution And Cyber Arbitration“. It works on the principles of simplicity and user friendly approach and having basic Internet connection  and filing of an online form is the only requirement that stakeholders need to comply. Once the form is filed and the requisite professional charges of RWL are paid, our techno legal experts take up the disputed issue and collaborate with all necessary parties.

Our platform has strong social media connections, especially with Twitter.  We simultaneously take up the issue with concerned individuals, companies, government departments, etc at Twitter (wherever available) and passionately pursue the same till the matter is resolved or till there is no scope for ODR.

Another unique feature of RWL platform is that in many cases it is not even dependent upon the consent of parties. For example, when we pursue the matters of our clients with government it is not necessary that both government and the client must have agreed to our ODR Clause in advance. All that is required is creation of a ticket/notice and payment of the requisite professional charges of RWL. Once that is done we would pursue the matter with concerned government department.

Similarly, it is not necessary that a company to which a notice from RWL platform has been sent must have agreed to ODR Clause prior hand. There is nothing that can prevent RWL from sending a notice to a party that is alleged to have created a disputed situation.

Additionally, parties to the dispute can agree to avail the services of RWL anytime by agreeing to refer the dispute to us as per the ODR Clause. Once that is done, RWL can pursue the matter on behalf of both the parties. But it is always beneficial if parties to the dispute have agreed to such ODR Clause in advance.

We would update all stakeholder about our present and future projects from time to time. We hope you would avail full benefits of RWL platform for better relationship with your customers and stakeholders.