In part 1 of this piece, we learned about the biology of a scam, a few examples of how they’re pulled-off and types of scams usually run online.
In part 2, we discuss some more cases of online fraud, how to spot them and what steps you could take if you’re targetted.
Author’s note: You might want to bookmark this page.
Toh, you’re saying I have to be careful on the internet?
As mentioned in part 1, over time you can find some cracks in the scam. Below is a list of things to keep in mind:
1. Typos: These are more common than you think. Usually, scammers need to drive relatability and to drive a point, they often use a similar sounding brand name to a real company (Like Cittibank.com or TimesOfIndea.com). Sometimes though, like the African prince example, they also use the “fool potential” principle. Essentially, make the communication seem a ‘fake enough’ so that the smart (or even average internet users) drop off. Then they only prey on new users or elder citizens who may not have the awareness about such scams or have an increased proclivity to be excited about ‘This new Internet opportunity I found’.
2. Bad payment platforms/gateways: Since the lockdown, we’re more used to typing in our credit card or UPI number to transact than giving cash or swiping. Every payment platform (whether for shopping or filing your returns), runs on a payment gateway. The tech is either supported or run by a bank in conjunction with a transaction partner (like RazorPay or PayUMoney). There are a lot of plugins today that are designed for the express purpose of mock payment testing. Scammers take advantage of this. On the flip side, entire payment gateways have been coded from scratch to look like the real thing. Down to detailing the tax amount, receipt and even options of adding multiple addresses.
How to spot a fraud easily?
They usually only have 1 direct payment platform: Direct Bank Transfers
3. Bad/No reviews: Although scammers have become more proactive in adding fake reviews, an easy sign that raises doubts are awesome offers like “90% off on Bose QuietComfort” on a non-official website. Go through the website in detail. Find out the background of the reseller, the product – even the accessories. They usually make a slip somewhere.
4. Your ‘friend’ adds you on social media: This still happens. Users think their acquaintance/friend or a stranger (often using an attractive girl’s picture) is interested in them. This could go in many directions: from identity theft to draining bank account information (and bank balance).
So, what to do if I get scammed?
There is a lot you can do.
First of all, accept it. It happens to the best of us.
Nidhi Razdan of NDTV recently wrote a tell-all blog about her ordeal. It takes guts to come out as a public figure and admit to having been conned. The confusion and unprecedented nature of the pandemic and the changes it brought to our lives further extended her cognitive bias.
One thing that stands out in her story is time. The team who was out to con her about the job knew the power of anticipation. Often, when you make somebody wait for something, the importance of that ‘thing’ is either validated or increased. For months the fraudsters kept extending her ‘Harvard appointment’ and for Ms Razdan, an opportunity like this was not only high praise but also made it more ‘real’ because she was supposed to wait for developments to happen to her. Her role was passive.
She reported it to the authorities with the respective emails and other communication evidence she could show after her lawyers determined it was a phishing exercise.
Panic, fear and shame hit you first. Like all things, time will heal. When rationality finds you, here are a couple of things you can do.
1. Find the source: As mentioned earlier, spelling errors and bad email IDs are usually a clear red flag. However, there might be some more investigating you can do. One of the easiest-to-use platforms that fetches basic website data about its registration, server location, etc is: URLVoid. One could also use SimilarWeb to find their monthly website hits and where they usually get traffic from. Although a lot of smaller websites don’t show up with their data, websites that want to seem authentic specifically with spelling changes or massive drop offers should be looked into.
2. Speak to the authorities: The cybercrime platform, an initiative by the Ministry of Home Affairs is for this exact purpose. They have a detailed FAQ and give adequate information about issues, processes and data about cases. Additionally, there is also an anonymous reporting structure for cyber-crimes against women and children that provide a secure gateway to reporting of more sinister crimes. To read a step by step process on how to file a report, click here.
3. Find affected assets: Through their communication with you, your digital assets like email, social media, wallets might have been compromised. Have a scan on your ‘sent’ or ‘spam’ folders for any activity that was not initiated by you. Additionally, if any financial or personal information like a bank account number, credit card number or Aadhaar Card information has been provided, try to find out any unrecognised activities on the same.
4. Inform your direct associates: Whether you are a professional, an executive or an entrepreneur, data theft can hit you when you least expect it. To curtail the spread of the attack, speak to an IT or cybersecurity professional and create a structure on who should be notified about the attack. It is your duty to curtail the attack and not let it pass through to any of your contacts.
So if I do all this, will I be protected?
Scams are inevitable. They will happen.
Innovation is a concept about making things newer/better/more effective. Some use it for good like this man. Others, less so.
Fads like the recent WhatsApp boycott in India are nothing but opportunities for scam artists to create a fake app like that looks like Signal. Government initiatives like the Covin app were also replicated with fake versions on the PlayStore to gather user data through in-app permissions. The more we move to create value in the world, the more scam artists will capitalise on that wave.
Taking from a previous essay in this thread, You are the Product:
”Your data is not just your data. It is your identity”
Your communication and behaviour online are going to be a major contributor to how (or if) scammers find you. What you put on most social media platforms is public data. This can be used to learn about you or people connected to you. If it’s not expressly clear, scams are not just about direct monetary gain. There is a lot more value in data and information.
The analogy scammers like most?
Knowledge is Power
P.S. If this helped you, guide a friend, parent or colleague. They may not be as aware of this subject as you and I are.
The views and opinions published here belong to the author and do not necessarily reflect the views and opinions of the publisher.