Online scams continue to plague Indian businesses, govt

A new online scam is targeting digital payment users by depositing small amounts to gain trust and trick them into fraudulent transfers. Known as the 'Jumped Deposit Scam,' in this scam, cybercriminals deposit a small amount of money into the users’ accounts to gain their trust, then trick them into transferring larger sums of money.

This is just one of the tactics used by scammers to extract money, with the rise of digital transactions, India is experiencing a surge in online fraud, with cybercriminals using advanced tactics to target individuals, businesses, and government entities.

Several government websites have reportedly been compromised in recent months, allowing scammers to insert ads that redirect users to online betting platforms. In 2024 alone, about forty “gov.in” links from states like Bihar, Goa, and Karnataka were found redirecting users to these sites, some associated with state police and property tax departments, according to a TechCrunch report published on Wednesday.

Experts claim that these misleading links can also be found through search engines. Deedy Das from Menlo Ventures, posted on social media platform X this week, emphasising the widespread nature of the compromised pages.

EXCLUSIVE: 200+ Government of India websites have been hacked!

From Google, they now redirect to vc66 [dot] net, a domain registered on Dec 21, 2024. Its an online money-making scam but links to malware—an attack called SERP hijacking.

Search [site:*.gov.in fast cash] to see. pic.twitter.com/9fNjYuOt13

— Deedy (@deedydas) January 6, 2025

India’s Computer Emergency Response Team (CERT-In) reported the breaches and is working with relevant authorities, though it remains unclear if the vulnerabilities have been addressed. Similar incidents involving U.S. government websites occurred last June, where ads for hacking services appeared due to security flaws.

In October, Meta launched the ‘Scam se Bacho’ safety campaign in collaboration with the Central government to educate the public on avoiding online scams. In July, the Government of India established the Indian Cybercrime Coordination Centre (14C) to streamline cybercrime reporting, including online scams, phishing, and unauthorised transactions via a specialised portal and helpline.

India lost over ₹11,000 crore to cyber scams in the first nine months of 2024, with stock trading frauds being the largest source of losses, followed closely by investment fraud, which accounted for ₹3,216 crore from over 100,000 complaints, according to data compiled by the Indian Cyber Crime Coordination Centre.

KYC fraud is also a rising issue, prompting greater vigilance among customers. Vishal Jain, CEO of Manipal Business Solutions, cautions against unsolicited requests for sensitive information like OTPs. In response, banks are raising awareness through videos and campaigns to help customers identify fraud. Innovations such as real-time data validation, secure video KYC, and advanced fraud detection are enhancing KYC processes. Shikhar Aggarwal, Chairman of BLS E-Services, stresses that multi-layered verification, staff training, and public awareness can significantly mitigate vulnerabilities.

Digital arrest scams where hackers claim victims are involved in serious crimes like money laundering, and demand immediate payment to avoid arrest, are further contributing to significant losses, totalling ₹1,616 crore from around 63,481 complaints.  

To protect against these scams, it is crucial to remain vigilant online and avoid trusting anyone who promises easy money or financial assistance, believe experts.

Read more: Rewind 2024:Major cyber-attacks that shook India this year

“IT and security professionals need to stay focused on the evolution of email and call threats and what this means for security measures and incident response,” said Sheila Hara, Sr. Director of Product Management at Barracuda, a network security firm.

This involves understanding how attackers can leverage generative AI to advance and scale their activities, and the latest tactics they’re using to make it past security controls, she added.

According to Prateek Bhajanka, field CISO at cyber-security provider SentinelOne, companies can safeguard themselves from online scams by implementing strong password policies, educating employees about phishing and social engineering tactics, utilising fraud detection tools to monitor transactions, conducting regular security audits, enabling multi-factor authentication, and monitoring for suspicious account activity, including inconsistencies in billing and shipping information.