New Delhi:

The Indian Cyber Crime Coordination Centre (I4C), a wing of the Ministry of Home Affairs, has identified and blocked more than 1,700 Skype IDs and 59,000 WhatsApp accounts used for digital fraud, Lok Sabha was informed on Tuesday.

Union Minister of State for Home Affairs Bandi Sanjay Kumar also stated that the ‘Citizen Financial Cyber Fraud Reporting and Management System,’ launched under I4C in 2021, enables immediate reporting of financial frauds to prevent the siphoning off of funds by fraudsters and so far, over Rs 3,431 crore has been saved in more than 9.94 lakh complaints.

“The I4C has pro-actively identified and blocked more than 1,700 Skype IDs and 59,000 WhatsApp accounts used for digital fraud,” Kumar said in response to a written question.

As of November 15, 2024, more than 6.69 lakh SIM cards and 1.32 lakh IMEIs, as reported by police authorities, have been blocked by the government.

The minister further explained that to strengthen the mechanism for addressing cyber crimes, including digital fraud, the central government and Telecom Service Providers (TSPs) have developed a system to identify and block incoming international spoofed calls that display Indian mobile numbers, making them appear as though they originate within India.

Kumar noted that such spoofed calls have been used by cyber criminals in recent cases of fake digital arrests, FedEx scams, and impersonation as government or police officials.

Directions have been issued to TSPs to block such incoming international spoofed calls. Additionally, a State-of-the-Art Cyber Fraud Mitigation Centre (CFMC) has been established at I4C, where representatives from major banks, financial institutions, payment aggregators, TSPs, IT intermediaries, and law enforcement agencies from States and UTs collaborate to ensure immediate action and seamless cooperation in tackling cybercrime.

The minister said a suspect registry of identifiers of cyber criminals has been launched by I4C on September 10, 2024 in collaboration with banks and financial institutions and has introduced a new feature ‘Report and Check Suspect’ on the portal cybercrime.gov.in.

This facility provides citizens a search option to search I4C’s repository of identifiers of cyber criminals through ‘suspect search’.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Mumbai:

A 77-year-old woman from Mumbai was kept under “digital arrest” for a month by cyber fraudsters who posed as law enforcement officials and made her transfer Rs 3.8 crore, claiming her Aadhaar card was used in a money laundering case.

The woman’s ordeal began a month ago when an unknown man made a WhatsApp call and told the victim that a parcel sent by her to Taiwan contained MDMA drugs, five passports, a bank card, and clothes.

When the homemaker, who lives with her retired husband in south Mumbai, told the caller that she didn’t send any parcel, the person said details of her Aadhaar card were used in the crime, a police official said on Wednesday.

The caller then connected the woman to a “Mumbai Police officer” who told her that her Aadhaar card was linked to a money laundering case under investigation.

“The caller asked the woman to download the Skype app and told her that police officers would talk to her. She was ordered not to disconnect the call and disclose the matter,” the official said.

Later, a man who identified himself as an IPS officer sought details of her bank accounts. Another man, claiming to be an IPS officer from the finance department, asked the woman to transfer money to bank accounts provided by them.

“They told her that the money would be returned if no illegality is found,” the official said.

The accused returned the Rs 15 lakh transferred by the woman, apparently to gain her trust.

“They subsequently asked the woman to send all her money from the joint bank accounts of her husband. She ended up transferring Rs 3.8 crore in several transactions to six bank accounts,” the official said.

The complainant suspected something was amiss when she didn’t get her money back even as the accused kept demanding more funds in the name of taxes to release the money she had transferred to them.

“The woman called up her daughter who lives abroad. Her daughter told her she was being conned and asked her to approach police,” the official said.

The woman subsequently dialled the cyber helpline number 1930, following which investigators froze the six bank accounts where the money was transferred, he said, adding that the crime branch was probing the case.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)

Image for representational purposes

The story so far: On August 17, seeking to further tackle the menace of cybercrimes and financial fraud, Union Minister for Telecommunications Ashwini Vaishnaw introduced two reforms. These entail revision of norms for bulk procurement of SIM cards and registering the final point of sale (PoS) by the licensees (or providers). The reforms are meant to strengthen the citizen-centric portal Sanchar Saathi that was launched in May this year with the same objective.  

What is Sanchar Saathi?  

Broadly, the citizen-centric portal allows citizens to check the connections registered against their names, block mobile phones which are stolen or lost, report fraudulent or unrequired connections and verify the genuineness of a device (before a purchase) using the IMEI (International Mobile Equipment Identity). It utilises two modules, namely, the Central Equipment Identity Register (CEIR) and the Telecom Analytics for Fraud Management and Consumer Protection (TAFCOP). 

Sanchar Saathi has, till date, analysed 114 crore active mobile connections. Of these, 66 lakh connections were flagged as suspicious, and 52 lakh connections were disconnected because they failed re-verification. Other than this, 66,000 WhatsApp accounts have been blocked and 8 lakh bank/wallet accounts used by fraudsters were frozen. Furthermore, as per the DoT, more than 300 FIRs have been filed against more than 1,700 dealers.  

What is the latest reform about PoS about?  

From now on, it would be mandatory for franchisee, agents and distributors of SIM cards– all PoS—to be registered with the licensees or the telecom network operator. The onus would be on the operator to carry out an “indisputable” verification of the PoS. Importantly, police verification (of the dealer) is mandatory.  

Further, the formal agreement for the sale of SIM cards between the PoS and licensees must be put down in writing. Existing SIM card providers have been given 12 months to comply with the registration requirements.  

If the PoS is found to be involved in any illegal activity, the agreement would be terminated with the entity being blacklisted for 3 years. It would also draw a penalty of Rs 10 lakh.  

The DoT holds that these provisionswould help in “identifying, blacklisting and eliminating rogue PoS, from the licensees’ system and provide and encouragement to the upright PoS.” The idea is to minimise instances (and PoS) where dealers have, by fraudulent practices, issued SIM cards to “anti-social/anti-national elements”. 

What about bulk SIM cards and their misuse?  

Broadly, the latest provisions would replace the system of ‘bulk procurement’ of SIM cards (by businesses, corporates or those meant for specific events) with a system entailing ‘business’ connections — sizeable procurement by a registered business entity or enterprise. Elaborating on the premise, Mr Vaishnaw observed that 20% of bulk-procured SIMs were misused. “In the guise of bulk connections, a lot of SIMs would be procured and then they would make automated calls using a SIM-box,” he said. Mr Vaishnaw added that another mechanism entailed using a certain number of SIMs from the bulk procurement to make a certain number of calls, destroying them and then using another batch.  

Also read: Govt to discontinue sale of SIM cards in bulk

The latest reforms would endeavour to address these issues. The new norms maintain that though businesses can procure any number of connections, it would be subject to completing KYC requirements for all end-users. In other words, the final user—the executive who would be holding the connection— would have to undergo the KYC procedure. This would help recognise each end user. The SIM would be activated only after successful KYC of the user and physical verification of the premise/address.  

In order to prevent the misuse of printed Aadhaar, the provisions mandate that demographic details would need to be captured by scanning the QR code of the printed Aadhaar. Subscribers would also have to undergo the entire KYC procedure for replacing their SIM; for a period of 24 hours, all outgoing and incoming SMS facilities would be barred.  

In addition to thumb impression and iris-based authentication as part of the E-KYC process, facial based biometric authentication has also been permitted.  

Further, per the norms, in case of disconnection of a mobile number, it would not be allocated to any other customer for 90 days.  

What considerations should we be looking at? 

Isha Suri, Research Lead at the Centre for Internet and Society (CIS) observed that notwithstanding the notification, it must be examined if the provisions could be properly enforced till the last mile. “The smaller local stores too would be giving out the SIM cards. Thus, it would be essential to determine if they possess adequate infrastructure to carry out the entire process and more importantly have the necessary safeguards while dealing with such sensitive data,” she observes. 

The researcher notes that there needs to be greater clarity about the agent’s requirements for acquiring, processing and retention of such data. 

Ms Suri also observes that notwithstanding Aadhaar-based KYC requirements that have been around for some time now, issues (relating to frauds) continue to exist. Thus, according to her, it could be the case that, “something (else) does not seem to be working.” 

Lastly, according to her, it is essential to strike a balance by “only acquiring the data that is strictly necessary and for the purpose it is being acquired for.”