The Reserve Bank Innovation Hub (RBIH), which is the innovation arm of the Reserve Bank of India (RBI), is making giant strides in the fight against financial fraud through the promotion of the use of an advanced AI tool called MuleHunter.AI. This technology identifies and flags mule accounts, commonly used in money laundering schemes.

The application of MuleHunter.AI has already been successfully demonstrated in two public sector banks. Data from the National Crime Records Bureau (NCRB) indicate that online financial frauds are responsible for 67.8% of all complaints related to cybercrime. This makes the effective provision of fraud prevention AI tools highly urgent.

One of the biggest problems in fighting financial fraud is the exploitation of money mule accounts. These accounts are a key enabler of illicit financial activities; hence, tools like MuleHunter.AI is of paramount importance to protect the financial ecosystem and curb cybercrime.

What is a money mule account?

According to RBIH, mule account is a bank account used by criminals to launder illicit funds, often set up by unsuspecting individuals lured by promises of easy money or coerced into participation. The transfer of funds through these highly interconnected accounts makes it difficult to trace and recover the funds.

The Development of MuleHunter.AI

According to the Reserve Bank Innovation Hub, the department has conducted extensive consultations with banks to understand the existing methods and processes employed to identify and report these money mule accounts. The static rule-based systems used to detect mule accounts result in high false positives and longer turnaround times, causing many such accounts to remain undetected.

After working with several banks to analyse nineteen different patterns of mule account activity, the platform was created. Mulehunter.Ai’s initial results demonstrate notable gains in efficiency and accuracy.

How Mulehunter.Ai works

This in-house AI/ML-based solution is better suited than a rule-based system to identify suspected mule accounts. Advanced ML algorithms can analyse transaction and account detail-related datasets to predict mule accounts with higher accuracy and greater speed than typical rule-based systems.

The purpose of RBIH’s AI platform is to speed up the identification of fraudulent accounts. Frauds can happen through a variety of channels, and they are no longer little incidents; they are becoming big day by day. The best approach would be to look at where the money eventually goes-to mule accounts. This machine learning-based approach has enabled the detection of more mule accounts within a bank’s system.

In recent years India has witnessed a sharp increase in the number of cybercrime cases. Cybercriminals find innovative ways to scam people out of their hard-earned money. However, in an unexpected turn of events in Kerala, a scammer posing as a police officer received the shock of his life when his victim turned out to be a real cop. The Thrissur City Police shared a video of the entire conversation on social media with a dash of humour. “The tiger who caught the tiger,” the department wrote while sharing the clip on Instagram. 

The video opens to show the scammer, dressed in a police uniform, introducing himself as an officer from Mumbai. At first, the Thrissur officer engages the scammer in a conversation and tells him that his camera is not working properly. However, seconds later, after the officer repositions his camera to reveal himself in full view, he casually asks, “What do you do?” 

This moment leaves the scammer speechless. As he realises his mistake, he laughs in disbelief. The officer, on the other hand, seizes the opportunity, telling the scammer, “Stop doing this work… I have your address, your location, and everything. This is Cyber Cell. It’s best you stop doing this work.”

Watch the video below: 

The Thrissur City Police shared the video on Tuesday. Since then, it has accumulated more than 10,000 likes and over 242,000 views. The post triggered a wave of reactions from social media users. While some found the encounter hilarious, others mocked the scammer’s mistake. Some users also praised the Thrissur police’s quick thinking in exposing the scam.

Also Read | US Man Discovers Owner Of His Favourite Neighbourhood Bakery Is His Birth Mother

Racing to the post, one user wrote, “Scammer scams themselves by calling the actual police. Imagine trying to act like a cop and ending up confessing to the real cops. Thrissur Police cyber cell be like, ‘Thank you for your cooperation’.” 

“This is tragic yet funny end of the fraudster,” commented another. “This is what happens when you think you can fool everyone. Poor guy didn’t even realise who he was talking to!” said a third user. 

“Caught red-handed! That awkward moment when you realise you’re the one being scammed,” expressed a fourth. “This cop handled it like a pro. Well done to him for turning the tables,” added another. 

“Great job by the Thrissur Cyber Cell. This is how it’s done!” commented one user. “Looks like he won’t be wearing that uniform for long,” jokingly wrote a user. 

New Delhi:

The Centre on Friday directed telecom operators to block for blocking 28,200 mobile handsets and issued directions to re-verify 20 lakh mobile connections associated with these handsets.

Ministry of Communications in a statement today announced the collaboration of the Department of Telecommunications (DoT), Ministry of Home Affairs (MHA) and State Police to curb the misuse of telecom resources in cyber-crime and financial frauds.

This collaborative effort aims to dismantle networks of fraudsters and protect citizens from digital threats.

An analysis carried out by MHA and State Police has revealed that 28,200 mobile handsets were misused in cybercrimes. The DoT further analysed and found that a staggering 20 lakh numbers were used with these mobile handsets.

Subsequently, DoT issued directions to telecom service providers for pan India blocking of 28,200 mobile handsets and to carry out immediate re-verifications of 20 lakh mobile connections linked to these handsets. DoT also directed telecommunication companies to disconnect after failing re-verification.

The Ministry of Communications, in a press release, conveyed that, “The unified approach demonstrates a shared commitment towards public safety and to safeguard the integrity of telecommunications infrastructure and ensure a secure digital environment.”

The Department of Telecommunications (DoT) has taken such steps in the case of cybercrime. On Tuesday, DoT disconnected a phone number used in a financial scam, as well as blocked 20 mobile handsets associated with the number, an official statement said.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

India has witnessed a sharp increase in the number of cybercrime cases over the years. Job scams contribute to the highest number of cyber crimes reported in the country. Cybercriminals find innovative ways to scam people out of their hard-earned money. Security agencies keep coming up with new solutions to counter these scams, but there is a need to be aware of the methods they use to target innocent people. Recently, a user shared that as he was looking for a new job, he fell victim to fraud and lost $3,000 (approximately Rs 2.5 lakh) as a result.

Product designer Naved Alam shared his ordeal on X (formerly Twitter). He said that he wanted to share his story so that people are aware of such cyber frauds and not fall prey to these criminals. “Recently, I fell victim to a scam on Twitter and lost $3000.It started with a promising opportunity – @crankybugatti  on Twitter reached out to me regarding a design role in a company related to a web3 communication app called @SocialSpectra,”  the social media user said alongside screenshots of his conversation with a user about a prospective job opportunity.

It started with a promising opportunity – @crankybugatti on Twitter reached out to me regarding a design role in a company related to a web3 communication app called @SocialSpectra. pic.twitter.com/7cIwfMUWeK

— Naved Alam (@Navedux) March 31, 2024

Mr Alam said that the conversation moved from X to Discord where he was asked basic questions. “The conversation moved to Discord, where things seemed legitimate. Basic design questions were asked, and they even seemed impressed with my work. Then came the request for an HR call, and I was provided with a link to join. Little did I know, it was a trap,” he said.

He continued, “I downloaded what I thought was an in-house communication app for the call. Instead, it was malware that drained my @phantom wallet and liquidated my staked assets on @KaminoFinance.” 

The product designer said that “in a matter of moments”, he lost the money to the cyber criminals. He wrote on X, “In a matter of moments, I lost $3000 to scammers who prey on unsuspecting individuals looking for legitimate opportunities. This experience has taught me to be more vigilant and cautious online. Always verify the authenticity of job offers and never download anything unless you’re absolutely sure of its source.”

Mr Alam also advised people to be careful as these cybercriminals are “targeting designers and developers or any working professional.”

Since being shared, his post has amassed over a lakh views.

“Faced a similar scam lost all my assets. It’s tough to move on and belief in crypto again,” said a user.

“Lol this person is in my DMs right now as we speak,” said another user.

Another wrote, “Iam sorry for you bro. I have encountered the same guy, the application got crashed on my pc so couldn’t join the hr call,  he said it’s my fault that  I didn’t join call so have raise another ticket , have sensed something fishy there and immediately uninstalled it from my pc.”

“Sadly I had a similar experience with them,” commented a person.

A user added, “no matter how secure you make your tech. a human will always be the weakest link in the chain”

“This dude reached out to me too. I procrastinated when he redirected me to discord, and then forgot about it. Procrastination saved my assets. Sorry for your loss dude. Stay safe out there,” said another X user

Mathura:

Uttar Pradesh Police in a joint operation have arrested three persons, including a Samajwadi Party leader from Mathura, accused of running an alleged cybercrime racket under the guise of a public service centre.

Samajwadi Party leader Munna Malik and two associates Kamaruddin and Ravi have been arrested, according to the police.

SSP Shailesh Kumar Pandey said, “Munna Malik’s associate Ravi used to operate a cyber cafe and public service centre, which used to make polymer impressions of the Aadhar card and thumb of the visiting customers and give it to interstate cyber criminals and ration dealers.”

“Police had been receiving information for a long time that incidents of fake Aadhaar cards and cyber crimes were being carried out through Jan Seva Kendra. City Kotwali Police and SWAT team took action and arrested SP leader Councilor Munna Malik as well as Kamaruddin. Ravi has been arrested and sent to jail. The police have recovered fake coins, a letter pad, a laptop, 40 copies of Aadhaar cards, about 140 duplicate thumb impressions, two thumb readers, an ATM swipe machine and cash,” said Shailesh Kumar Pandey.

They also used these Aadhaar cards to provide fake SIM cards to cyber criminals and to make fake passports.

“A large number of Aadhaar cards have been purchased and they have been used to commit cyber fraud incidents, the police will soon arrest other people associated with this gang,” added the police.

A case has been registered and further investigation is underway.

More information awaited.

 

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Last year, a Dutch intelligence agency said it had foiled a sophisticated attempt by a Russian spy using a false Brazilian identity. (File)
| Photo Credit: REUTERS

The International Criminal Court said Tuesday that it detected “anomalous activity affecting its information systems” last week and took urgent measures to respond. It didn’t elaborate on what it called a “cybersecurity incident.”

Court spokesman Fadi El Abdallah said in a written statement that extra “response and security measures are now ongoing” with the assistance of authorities in the Netherlands, where the court is based.

“Looking forward, the Court will be building on existing work presently underway to strengthen its cyber security framework, including accelerating its use of cloud technology,” his statement added.

The court declined to go into any more detail about the incident, but said that as it “continues to analyse and mitigate the impact of this incident, priority is also being given to ensuring that the core work of the Court continues.”

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

The ICC has a number of high-profile investigations and preliminary inquiries underway in nations around the world and has in the past been the target of espionage.

Last year, a Dutch intelligence agency said it had foiled a sophisticated attempt by a Russian spy using a false Brazilian identity to work as an intern at the court, which is investigating allegations of Russian war crimes in Ukraine and has issued a war crimes arrest warrant for President Vladimir Putin, accusing him of personal responsibility for the abductions of children from Ukraine.

In a written response to a request for comment, the Dutch foreign ministry said: “Any malicious activities that undermine the Court’s cybersecurity or interfere with its ability to fulfill its mandate in a safe and secure manner are of utmost concern to us. The Netherlands will continue to assist the ICC in addressing the incident.”

Image for representational purposes

The story so far: On August 17, seeking to further tackle the menace of cybercrimes and financial fraud, Union Minister for Telecommunications Ashwini Vaishnaw introduced two reforms. These entail revision of norms for bulk procurement of SIM cards and registering the final point of sale (PoS) by the licensees (or providers). The reforms are meant to strengthen the citizen-centric portal Sanchar Saathi that was launched in May this year with the same objective.  

What is Sanchar Saathi?  

Broadly, the citizen-centric portal allows citizens to check the connections registered against their names, block mobile phones which are stolen or lost, report fraudulent or unrequired connections and verify the genuineness of a device (before a purchase) using the IMEI (International Mobile Equipment Identity). It utilises two modules, namely, the Central Equipment Identity Register (CEIR) and the Telecom Analytics for Fraud Management and Consumer Protection (TAFCOP). 

Sanchar Saathi has, till date, analysed 114 crore active mobile connections. Of these, 66 lakh connections were flagged as suspicious, and 52 lakh connections were disconnected because they failed re-verification. Other than this, 66,000 WhatsApp accounts have been blocked and 8 lakh bank/wallet accounts used by fraudsters were frozen. Furthermore, as per the DoT, more than 300 FIRs have been filed against more than 1,700 dealers.  

What is the latest reform about PoS about?  

From now on, it would be mandatory for franchisee, agents and distributors of SIM cards– all PoS—to be registered with the licensees or the telecom network operator. The onus would be on the operator to carry out an “indisputable” verification of the PoS. Importantly, police verification (of the dealer) is mandatory.  

Further, the formal agreement for the sale of SIM cards between the PoS and licensees must be put down in writing. Existing SIM card providers have been given 12 months to comply with the registration requirements.  

If the PoS is found to be involved in any illegal activity, the agreement would be terminated with the entity being blacklisted for 3 years. It would also draw a penalty of Rs 10 lakh.  

The DoT holds that these provisionswould help in “identifying, blacklisting and eliminating rogue PoS, from the licensees’ system and provide and encouragement to the upright PoS.” The idea is to minimise instances (and PoS) where dealers have, by fraudulent practices, issued SIM cards to “anti-social/anti-national elements”. 

What about bulk SIM cards and their misuse?  

Broadly, the latest provisions would replace the system of ‘bulk procurement’ of SIM cards (by businesses, corporates or those meant for specific events) with a system entailing ‘business’ connections — sizeable procurement by a registered business entity or enterprise. Elaborating on the premise, Mr Vaishnaw observed that 20% of bulk-procured SIMs were misused. “In the guise of bulk connections, a lot of SIMs would be procured and then they would make automated calls using a SIM-box,” he said. Mr Vaishnaw added that another mechanism entailed using a certain number of SIMs from the bulk procurement to make a certain number of calls, destroying them and then using another batch.  

Also read: Govt to discontinue sale of SIM cards in bulk

The latest reforms would endeavour to address these issues. The new norms maintain that though businesses can procure any number of connections, it would be subject to completing KYC requirements for all end-users. In other words, the final user—the executive who would be holding the connection— would have to undergo the KYC procedure. This would help recognise each end user. The SIM would be activated only after successful KYC of the user and physical verification of the premise/address.  

In order to prevent the misuse of printed Aadhaar, the provisions mandate that demographic details would need to be captured by scanning the QR code of the printed Aadhaar. Subscribers would also have to undergo the entire KYC procedure for replacing their SIM; for a period of 24 hours, all outgoing and incoming SMS facilities would be barred.  

In addition to thumb impression and iris-based authentication as part of the E-KYC process, facial based biometric authentication has also been permitted.  

Further, per the norms, in case of disconnection of a mobile number, it would not be allocated to any other customer for 90 days.  

What considerations should we be looking at? 

Isha Suri, Research Lead at the Centre for Internet and Society (CIS) observed that notwithstanding the notification, it must be examined if the provisions could be properly enforced till the last mile. “The smaller local stores too would be giving out the SIM cards. Thus, it would be essential to determine if they possess adequate infrastructure to carry out the entire process and more importantly have the necessary safeguards while dealing with such sensitive data,” she observes. 

The researcher notes that there needs to be greater clarity about the agent’s requirements for acquiring, processing and retention of such data. 

Ms Suri also observes that notwithstanding Aadhaar-based KYC requirements that have been around for some time now, issues (relating to frauds) continue to exist. Thus, according to her, it could be the case that, “something (else) does not seem to be working.” 

Lastly, according to her, it is essential to strike a balance by “only acquiring the data that is strictly necessary and for the purpose it is being acquired for.”