Cyberfraud Costs 0.7% of GDP | 28 Oct 2024

Source: TH

Why in News?

Recently, the Indian Cyber Crime Coordination Centre (I4C), which runs under the Union Ministry of Home Affairs (MHA) made important projections related to cyber frauds. 

What are the Key Highlights of the I4C Projection? 

• Financial Impact: Indians are expected to lose over Rs 1.2 lakh crore in 2025 to cyber fraud, siphoning off 0.7% of India’s GDP. 
  • From January to June, 2024  Rs 11,269 crore was lost to financial fraud. 
• Contributors to Cyber Fraud: Approximately 4,000 mule bank accounts are identified daily by I4C. 
  • I4C has identified 18 ATM hotspots across the country from where money was fraudulently withdrawn. 
  • A mule account refers to a bank account that is used to facilitate illegal activities such as money laundering and fraudulent transactions. 
• Origin of Scam: The government has identified “scam compounds” in South East Asian countries such as Cambodia, Myanmar and Laos from cyber fraudsters.  
  • Most scams have origins in China or Chinese-linked entities. 
• Modus Operandi: International Scam Compounds resemble call centres and have emerged as a hub of investment scams. 
  • Fraudsters make calls to unsuspecting people from Indian mobile phone numbers and dupe people of their money through various methods like lottery and prize scams, etc. 
• Illegal Activities: Cyber scams can be used for terror-financing and money laundering.  
  • For instance, during March to May 2024, crypto currency worth Rs 5.5 crore was purchased using Indian accounts and laundered outside India. 
  • Cash withdrawals using mule account debit cards have been reported at overseas ATMs in Dubai, Hong Kong, Bangkok, and Russia. 

What is Cyberfraud? 

• About: Cyber fraud is a kind of cyber crime that aims to steal money (or other valuable assets) from an entity.  
  • It involves using online solutions (internet based) to commit fraud. 
• Types of Cyberfraud:  

• Consequences of Cyber Fraud:  
  • For Individuals: Cyber crimes can lead to unauthorised purchases on credit cards and loss of access to financial accounts. Personal data may be used to harass and blackmail victims, creating further personal distress. 
  • For Businesses: Companies that fail to protect client data may be subject to heavy fines and legal penalties. Cyber attacks can reduce the overall value of a firm, impacting stock prices. 
  • For Government: Cyber breaches are often intended to corrupt or monetise national defence and security information, posing severe risks to a country's safety. 

What is the Scenario of Cyber Fraud in India? 

• Overview: India has approximately 658 million internet users, making it the world's second-largest internet population. 
  • According to the “The ThreatLabz 2024 Phishing Report” by cybersecurity firm Zscaler, India ranked as the third-largest country globally for phishing attacks after the US and UK. 
• Commitment to Cybersecurity: India has achieved Tier 1 status in the Global Cybersecurity Index (GCI) 2024 published by the International Telecommunication Union (ITU).  
  • With a remarkable score of 98.49 out of 100, India joins the ranks of ‘role-modelling’ countries, demonstrating a strong commitment to cybersecurity practices across the globe. 
• Notable Cyberfraud Incidents:  
  • Aadhar Data Breach (2018): Personal data of 1.1 billion Aadhar cardholders was compromised, including information such as Aadhar numbers, Permanent Account Number (PAN), and bank details. 
  • Canara Bank ATM Attack (2018): Hackers used skimming devices on 300 debit cards, stealing over Rs 20 lakh. 
  • Pegasus Spyware: This Israeli-made spyware, Pegasus, was used to collect data from devices without user consent, affecting over 300 verified Indian phone numbers. 

What can be Done to Address Cyber Fraud? 

• Adopt Cybersecurity Best Practices: Use firewalls that act as the first line of defence for computers, monitoring and filtering network traffic to prevent unauthorised access. 
  • Keep all software and hardware systems up-to-date to patch security vulnerabilities. 
• For Individuals: Be cautious of unsolicited emails, texts, and phone calls, especially those that attempt to coerce users into bypassing security measures. 
  • Use strong, unique passwords that combine numbers, letters, and special characters for each account. 
• For Businesses: Implement two-factor authentication for all employee accounts to add an extra layer of security. 
  • Use encryption to protect sensitive business data, including financial records, customer information, and intellectual property. 
• Role of Banks: Banks should monitor for unusually high-value transactions in low-balance or salaried accounts and alert authorities.  
  • Typically, the stolen money is temporarily parked in these accounts before being converted into cryptocurrency and transferred abroad. 
• System Upgrades Needed: Banks should upgrade their systems to detect multiple account logins from a single IP address, especially if the IP is outside the country. 
• For Content Creators: Invest in creator insurance to safeguard intellectual property, legal fees, and potential financial losses from disputes or data breaches.