Gujarat Hardlook | Scammed: Cyber crime is on the rise — even the tech-savvy are falling for it

When the techie informed the “officer” that she had no knowledge about such a parcel, she was threatened with arrest if she “failed to cooperate to verify” her credentials and prove her innocence. Sensing something amiss, the techie insisted that the call be moved to Skype.

On a video call, the “woman police inspector” showed IDs that looked authentic, although the software engineer says she could not recall the name of the “officer”. Yet, the engineer interacted with the “officer” online, but without revealing her face.

The caller insisted that she “verify” her details. Soon, the 30-year-old found herself sharing personal information, including Aadhaar card and bank account details. Following the call, a personal loan was granted and Rs 20 lakh was credited to her ICICI Bank account. And before she knew it, Rs 19.94 lakh of the loan amount was transferred to a specific account. The techie says she shared the OTP “out of fear”.

Based on her complaint, an FIR was lodged at Cyber Crime Branch Ahmedabad on February 8. “The complainant was tricked into providing personal information, including Aadhaar card details and bank account information, under the guise of verification,” the FIR states.

More than a month later, the accused is yet to be traced. But Inspector Krunal Nathabhai Bhukar of the Ahmedabad Cyber Crime department who is investigating the case told The Indian Express that they have traced the location of the accused to a foreign country.

Last week, a similar modus operandi was used to extort Rs 1.15 crore from MICA president and director Shailendra Raj Mehta. The culprits posed as officers from the Mumbai cyber cell and CBI.

According to Mehta’s complaint, he received a call on March 20 afternoon from someone who identified himself as one ‘Jason’ from FedEx. After confirming Mehta’s Aadhaar number and full name, Jason informed him that a package was being sent in his name from Mumbai to Taiwan. The said package was seized by the Mumbai customs and was found to contain five passports, three mobile phones, one laptop, 5 kilograms of clothes and 200 grams of MDMA drug, the caller informed.

For further verification, the call was then allegedly connected to the Mumbai cyber cell. A purported officer, identifying himself as ‘Prakash’, asked Mehta if he knew a ‘Nawab Malik’ who had opened 300 to 400 fraud accounts in the name of prominent personalities, including Mehta.

‘Officer Prakash’ allegedly informed Mehta that 2-3 accounts have been opened in his name in Goa, Mumbai and Hyderabad. He was also told that the matter cannot be discussed with anyone else and asked him to carry forward the conversation over Skype as his phone may be “bugged for interception”.

Upon connecting over Skype, Mehta was sent a letter with the CBI logo seeking his assistance to probe the matter. The next day, Mehta was informed by another purported officer, identifying himself as ‘Balsingh Rajput’ from the Mumbai cyber cell, that his colleague George Mathew would contact the MICA president after the issuance of a warrant.

An hour later, Mehta was informed via Skype that a warrant from the CBI had been issued.

Soon, the purported warrant, with the name and logo of the CBI, was sent to him over Skype.

Mathew went on to inform Mehta that several transactions, which may not be visible to him, have been undertaken from his ICICI account and are being reflected on the servers of the Reserve Bank of India (RBI).

Mathew also informed that Mehta must transfer money to two PNB accounts — one of Quality Fruit Traders and another of Shivam Charitable Trust — which are allegedly being used for money laundering. He reasoned that once the transaction goes through, the purported agency officers would get access to the RBI servers to view the previous transactions.

Mehta was assured that the money transferred to the PNB accounts would be credited back to his account within 15-20 minutes. Trusting the callers, Mehta transferred Rs 1 crore to one account and over Rs 15.11 lakh to another account. Half an hour after Mehta transferred the money, the amount was yet to be credited back to his account “as was promised”.

Upon following up with his bank as well as PNB, he was informed that he had been cheated.

Prof Mehta stated that he is a victim “of a well-orchestrated cybercrime incident”. On March 22, he filed a complaint with the Ahmedabad cyber police station based on which an FIR has been lodged under IPC sections 406, 419 (cheating by impersonation), 420 (cheating), 465, 467 (forgery), 468 (forgery for the purpose of cheating), 471 (forged document), 120B (criminal conspiracy) and Information Technology Act section 66 (d) (cheats by impersonation by using a communication device or computer resource).

The case is under probe and no suspect has been apprehended yet, said investigating officer Paras Makwana. However, he revealed that “certain bank accounts” have been frozen, without specifying the number of such accounts. “Upon lodging a complaint on the National Cyber Crime Reporting Portal (NCCRP), the bank is notified which, in turn, then blocks the accounts (where the money is deposited) to stop the money from being transferred out further,” Makwana added.

The inspector said the callers had portrayed as if there was a threat to Mehta’s life as well as his family members; thus, compelling him to transfer the money to the culprits. Makwana said the police have not contacted FedEx as there is nothing the company can do here. “Anyone can claim to be from a particular company, there is nothing the company can do in such cases,” he said. Currently, the police have contacted Skype to gather more information.

FedEx on Monday issued a statement, saying that the company “does not request personal information through unsolicited phone calls, mail, or email for goods being shipped or held, unless requested or initiated by customers.”

The company cautioned that if any individual receives any suspicious phone calls or messages, “they are advised not to provide their personal information,” and instead, they should immediately contact the local law enforcement authorities within the vicinity or report to the cybercrime department.

‘Informed’ Victims

While the cybercrime cases are on a rise in Gujarat, what is significant is the stark change in the profile of the victims, many of whom are educated and aware of the risks posed by the online world.

In February alone, the Gujarat Police reported 35 cases of cyber crimes — 11 in Ahmedabad, one each in Amreli, Anand, Chhota Udepur, Devbhoomi Dwarka, Junagadh and Bhuj, two each in Banaskantha and Vadodara, three each in Bharuch, Gandhinagar and Jamnagar, and five in Surat.

“Cybercriminals use several tactics such as social engineering, fear, greed, persuasive techniques, etc, to trap people. In some cybercrime cases, victims are overconfident that they believe that they are tech-savvy. This also acts as a trap,” a police officer told The Indian Express on the condition of anonymity.

Among the victims is a 54-year-old bank loan manager from Ahmedabad.

On the midnight of November 13, 2023, the manager received unsolicited messages via an unknown Telegram account about a work-from-home opportunity on a fake account of eSky, a flight booking platform, where the complainant was asked to invest money and do a part-time job.

The complainant used three accounts daily for transactions between December 25, 2023, and January 1, 2024. He made multiple cash deposits of Rs 10,500, Rs 20,668, Rs 51,452, Rs 1.71 lakh, Rs 3.50 lakh, Rs 5 lakh, Rs 1 lakh and Rs 4.20 lakh across various banks, including SBI, ICICI, HDFC, and Punjab National Bank to two UPI IDs.

“The accused made a fake website of the (Canadian) e-commerce firm MDF. It looked like an authentic website,” the loan department manager told The Indian Express. However, he suspected fraud after he failed to get the refund of the invested amount. An FIR was filed on February 7 at the Ahmedabad Cyber Crime Police Station under IPC sections 406, 420, and 120(B), along with IT Act sections 66 (c ) and 66(d). “I deposited Rs 16.34 lakh (in total), but did not receive the promised commission via links and bank accounts,” the FIR states. The victim also did not inform his family about the fraud as his daughter was about to get married.

In another case from Ahmedabad, Dr Devang Prahladbhai Thakkar (55), filed a complaint on February 19, exposing an alleged fraudulent scheme running under the guise of US-based SKYRIM Capital, mutual funds and stock company Angel Broking, and trading platform CGL-BMG. The accused lured his son Kalp Thakkar and daughter-in-law Sheetal into opening demat accounts with false promises of stock market investments and substantial IPO profits. The family transferred Rs 1.09 crore but received only Rs 15 lakh from the angel broking platform, the FIR states.

While Dr Thakkar refused to speak on the case, investigating officer Inspector Babubhai Mansukhbhai Patel said, “We are actively gathering information from sources, identifying bank beneficiaries, and tracing different locations”. The accused, who has not been caught yet, has been booked under IPC Sections 120(B), 406, and 420, as well as IT Act Sections 66 (c) and 66(d).

Danger Lurks In App Stores

Police inspector Ketan Bhuva, who is investigating the bank loan manager’s case, warns about the use of TaskBuddy applications such as Skyrim Capital, Angel Broking, CGL-BMG, GMbet247.com, Dragon, Tiger Poker, 20-20 Poker and 7-B Lucky for online frauds. “The ongoing investigation involves tracking the website’s operating location, data analysis, and suspect identification. However, the accused remains elusive. We have got some information that we are verifying.”

Bhuva says TaskBuddy cases are quite common. “TaskBuddy is a terminology used to describe online investment frauds. These apps like Skyrim Capital and Angel Broking look like authentic investment apps that ask investors to open a Demat account through which investors provide their banking and Aadhaar card details, and share OTPs that provide direct access to cybercriminals. The main problem is that victims and criminals are in the same application. So, it is not easy to identify a culprit because sometimes criminals can pose as victims to get more money. So, extreme information verification is going on,” said Bhuva.

Inspector Babubhai Patel who is investigating Thakkar’s case said often, criminals work on the fear psychosis of victims who fall for such frauds. “Victims like Dr Thakkar experience shame, guilt and embarrassment because they used to preach to others in their communities about what is right and wrong about everything. Victims fear losing their social status. They do not want to be an object of ridicule in society,” Patel told The Indian Express.

Cybercriminals are masters of social engineering — taking victim’s information by manipulating them. “The accused was an expert in clouding the software engineer’s judgement by exploiting her fear, i.e., to clear her name from the crime as soon as possible,’ Inspector Bhukar told The Indian Express.

(Aachal Vayeda is an intern with The Indian Express)