How To Safeguard Your Bank Accounts And Money From Phishing Attacks

Digital payments provide mobility to our money and comfort to us. At the same time, money stored in the form of digital payments or online payment mechanisms are also vulnerable to sophisticated social engineering and cyber crime attacks. Phishing attacks are one such form of cyber attacks that target innocent people and make them disclose sensitive information and details. These details include passwords, PIN number, one time password (OTP), etc and once these details are obtained, withdrawing money from credit cards or online banking is very easy.

We at Perry4Law Organisation (P4LO) And Resolve Without Litigation (RWL) are frequently approached regarding credit card frauds and cyber crimes related issues. We are presently dealing with cases of credit card fraud at State Bank of India (SBI) and phishing attack involving income tax refund. Through this post I am trying to raise some public awareness about the increasing menace of phishing in India.

Phishing is a popular method of social engineering in which cyber criminals use their persuasive power to trap gullible people and make them disclose the information that is crucial for withdrawal of money. For instance, once PIN or password is known, it is a piece of cake to withdraw money. In this post I would confine myself to phishing attack case as PTLB is handling the credit card fraud case.

It all started when TLCEODRI, an alert administrator of RWL India, caught the suspicious phishing attack on the early stage of its execution on 03-01-2018. However, action by user was not taken till 05-01-2018 and on that date the cyber criminal tried to withdraw Rs. 20,000. But the alert customer had already blocked the access to her Airtel money account and this saved her money. The ticket was created on 05-01-2018 and we are pursuing the case with Income Tax Department, Revenue Department, Financial Intelligence Unit (FIU), etc at the time of this article.

I gave the following interim suggestions in the meanwhile to safeguard her interest in best possible manner:

(1) Block all payments from all banks that are involved till you give further instructions to such banks,

(2) Change PIN/Password of all ATM/Debit/Credit cards immediately,

(3) Deactivate all Aadhaar payment systems, if any, temporarily,

(4) Most important, do not share any OTP sent to your mobile phone, and

(5) Register a mobile with your bank account(s) for record of debit/credit transactions.

Thereafter, we were informed that the cyber criminals are using e-mail spoofing by giving the address noreply (at)incometaxindiaefiling (dot)com. But once clicked, it takes you to a private domain name. This is what I suspected at the first instance and that is why I requested for the sender’s e-mail id once the reply button is clicked.

I also believe that the cyber criminals must have persuaded the victim to click on the web link purporting to be from Income tax Department’s website. Once clicked by the victim, it took the victim to an identical or fake website or webpage that is a clever and close imitation of the original website. Victims generally do not pay much attention and take the fake website to be real and submit all the information. This is how the password, PIN, etc were stolen from the victim in the present case. Nevertheless the final step of getting the OTP from the victim was still to be executed.

But what is interesting is the statement that the cyber criminals are trying to hack the mobile of phishing victim. This is natural as well as the OTP that would be sent to the registered mobile number is last defense for her and once that is compromised, money can be withdrawn easily. I reiterated the suggestion of not sharing the OTP with anybody.

Update 1: She received the second phishing e-mail with a different amount from the cyber criminals.

Update 2: She received 3 SMS notification from Idea AD-Verify as the cyber criminals are trying everything to get the money. They even tried to install a malware on her phone to steal the OTP necessary for completion of the online transactions.

At the time of writing of this article, no communication from the government departments has been received and I would update about this as soon as I get some information.

Update 1: We received an e-mail from Web Manager, Income Tax Department. He guided the tax payer to contact her Ward/Circle Jurisdictional Assessing Officer. We also added the e-mail id suggested by the Web Manager and included the Jurisdictional Assessing Officer in the communication/ticket. Any further response would be updated here and at my Twitter handle.

But what if after becoming a victim of phishing attack, the money is already withdrawn? For such victims, PTLB has already shared a very good article mentioning the legal rights and obligations of bank customers in such cases. The article covers not only phishing attacks and cyber crimes but also liability of banks for not managing a robust and resilient cyber security infrastructure. So if a bank customer can prove that bank failed to ensure robust privacy and data protection or cyber security, banks would be liable for all monetary losses.

I wish to discuss another related issue. What if such an event happens with any account linked to Aadhaar or such cyber crime happens due to Aadhaar? Well the answer to this question is simple. Aadhaar or no Aadhaar, liability of bank remains same. The Aadhaar Act, 2016 has in no way changed this position. So do not be fooled into thinking that for Aadhaar frauds and thefts you have no remedy. See this tweet of Praveen Dalal in this regard.

Also See: Aadhaar Act, 2016 Does Not Bar A Person To Sue UIDAI Or Private Companies Opines Praveen Dalal.

Be an informed customer and enforce your rights against banks, financial institutions, etc. If nobody is listening to you, we would love to help you. All you are required to do is to create a ticket at the platform of RWL India. But we have some conditions regarding Aadhaar for people who have not complied with our forms submission deadlines. Just keep that is mind and also see how we can best help you in your disputes and grievances. Once that is done, you can consider us as your friend and we would agitate on your behalf.

Advertisements

Credit Card Frauds Are Increasing At SBI And RBI Is Sleeping

Something very absurd is going on in the State Bank of India (SBI) that also within the actual knowledge of none other than Reserve Bank of India (RBI). There is a spate of credit card frauds in SBI and the bank is doing nothing in this regard. SBI is neither refunding back the stolen money nor is it strengthening its cyber security and banking security. This is despite the legal obligations that all banks are required to comply with regarding refund of stole money and establishment of robust cyber security.

So what exactly is going on at SBI? To get the idea, just follow a single discussion at Twitter regarding credit card fraud that is pending for redressal for the last two months. The mere fact that SBI has not been able to resolve the issue for 60 days is self explanatory. Credit card frauds are happening at SBI and neither SBI nor RBI is doing anything about this situation. Bank customers are running from one place to another with no remedy.

If a bank customer has promptly informed the concerned bank branch about any credit card fraud, it is the legal duty of that bank to not only refund the money quickly but also to investigate such credit card fraud. But banks in India, including SBI, are simply harassing the victims in the hope that they would not pursue the matter further. And this is happening as well.

If a victim of banking fraud has no remedy either at the bank level or at the RBI level, he/she can only hope that the government would listen to him/her. But our government not only lacks the will but also the necessary infrastructure to manage such disputes.

We at Perry4Law Organisation (P4LO) are trying to fill this vacuum. We have launched a test online dispute resolution (ODR) platform few years back. If nothing works for a victim, he/she can open a ticket at our platform and we would help him/her in this regard. Just add the relevant documents either at the time of creating the ticket or when we reply back through e-mail and mention about the status of Aadhaar. Once this is done, we would pursue your cause as our own.

As mentioned above, we are currently pursuing one such ticket about credit card fraud that happened about two months back as per the creator of the ticket. We have given sufficient time to SBI to respond back but SBI is engaging in time wasting tactics and next level of action against SBI is needed. That is why we have written this article that would be updated from time to time till the matter is resolved. If SBI continues with its present approach, we would take few more steps and with every such step the accountability and legal obligations of SBI would increase.

We also offered to help SBI to resolve its debit and credit card frauds so that victims can get their money back immediately. However, SBI is not interested in early resolution of disputes for reasons best known to it.

We hope SBI would resolve the issue mentioned in the ticket immediately so that we need not to escalate this issue to next levels.

National Litigation Policy Of India Would Fail Without Use Of ODR And E-Courts

 

NLP, ODR And E-Courts

Why is it that legal and judicial system in India is in such a bad shape? The answer lies in lack of awareness, knowledge and use of techno legal policies to strengthen Indian judicial system. As a result cases keep on piling up and judiciary is not able to cope up with the ever increasing pressure and getting justice becomes a nightmare for general public.

Justice delayed is justice denied is an old saying now as we are directly denying justice these days. People are not getting access to justice and delayed justice is an option only after we get access to justice. Access to justice for marginalised people in India is even in worst condition and they have accepted injustice as part of their fate and lives.

Disputes and litigation have so much increased in India that they have overburdened our judicial system. Courts are struggling hard to cover the backlog of cases but the backlog keeps on increasing on a daily basis. This is primarily because of bad policies and administrative inefficiencies working at the government levels. For instance, why is it required for the government to even litigate when it is clearly on the wrong side of the law? Even if a decision is given against the government in such cases, it engages in unnecessarily appeals to further delay the desired relief to the victim.

We at Perry4Law Organisation (P4LO) believe that 90% of the government litigation and 95% of its appeals are redundant and not required at the first instance. But government is not doing anything in this regard and this is unnecessarily overburdening the courts in India.

Many of such disputes can be either avoided or they can be resolved without litigation (RWL). Information and communication technology (ICT) can play a significant role in this regard as ICT can not only prevent unnecessary cases from entering into the judicial system but it can also eliminate the vices like bench hunting. Access to justice for marginalised people in India can also be enhanced using ICT. It is clear that ICT is going to play a major role in the governance of India.

But ICT for development (ICT4D) is not possible till we use proper technology in the best possible manner. For instance, if we unconstitutionally demand Aadhaar for filing a case, that violates not only Articles 14, 19 and 21 of Indian Constitution but that would also result in failure of justice. Technology should enable masses and not exclude them from the justice delivery system. As on date people are denied access to justice right from the stage of commission of crime. For instance, if a police station asks for Aadhaar and rejects a valid driving licence or passport for filing of FIR, it is violating multiple Fundamental Rights and statutory rights of the victim. But this is happening openly in India and victims are denied justice even at the level of law enforcement.

As far as Judiciary is concerned, the concepts of online dispute resolution (ODR) and electronic courts (e-courts) must be essential part of the justice delivery system. Both ODR and e-courts must also be part of the national litigation policy of India (NLPI) as well. In short, legal enablement of ICT systems in India is need of the hour.

Unfortunately, till the month of December 2017 we are still waiting for the establishment of first e-court of India. In fact, the e-courts project of India received a major blow in the past when the e-committee refused to record proceedings at the courts in audio and video formats. Similarly, India has not used ODR for dispute resolution purposes so far.

We at Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) strongly recommend that ODR and e-courts must be integral and essential part of any amended Arbitration law and NLPI in future. Otherwise, justice would become a myth in India very soon.

Case Study: How RWL Platform Was Used To Get Aircel SIM Cards Without Aadhaar

Aadhaar is a well known phenomenon in India where the omnipresence of Aadhaar is considered to be violation of privacy right and other Fundamental Rights by many Indians. The constitutionality of Aadhaar project and Aadhaar Act, 2016 is still pending before the Supreme Court of India. So let us ignore that aspect and move ahead and discuss the case study where RWL platform was used by us and SIMs were activated by Aircel without Aadhaar within 2 days of generating a ticket/notice.

We created a ticket/notice at Online Dispute Resolution and Cyber Arbitration platform and TLCEODRI, one of the administrators of the platform, handled the ticket. He made Aircel, Perry4Law, Department of Telecommunication (DoT) and Shri. Manoj Sinha (Minister, DoT) parties to the dispute resolution process. Once all the parties were added as the stakeholders, he sent a customised notice to the stakeholders with all documents and evidences. Simultaneously many handles of Perry4Law Organisation (P4LO) started discussing the dispute resolution ticket at Twitter.

The Twitter handle of DoT was very quick in responding back and assured us that concerned TSP has been asked to do the needful. Thereafter, prepaid SIMs of Aircel were activated without any demand for Aadhaar.

Now compare this process with traditional litigation, including the one that is currently going on in Supreme Court for many years. Can such a remedy be obtained within 2 years forget about 2 days from courts? Even if such a remedy is possible within 2 days, is it feasible to invoke litigation mechanisms of already overburdened courts with such matters?

We need alternative, effective and timely remedies for various disputes in India and if even the most controversial and technical dispute of Aadhaar can be resolved within 2 days, we certainly needs online dispute resolution (ODR) in India. And this case study of RWL is a proof that this is much required in India especially when it can support Digital India project of Indian government and Indian judiciary.