Phishing in Jamtara: What does it take to carry out online fraud?https://indianexpress.com/article/india/india-news-india/phishing-in-jamtara-what-does-it-take-to-carry-out-online-fraud/

Phishing in Jamtara: What does it take to carry out online fraud?

Carved out of Dumka district, Jamtara is located in the Santhal Pargana division and is about 250 km from Ranchi.

Police say the scam has led to towns in Jamtara being flush with money, fuelling a construction boom. (Source: Express photo by Deepu Sebastian Edmond)
Police say the scam has led to towns in Jamtara being flush with money, fuelling a construction boom. (Source: Express photo by Deepu Sebastian Edmond)

Manoj Kumar Singh was a commandant with the Jharkhand Armed Police’s 6th Battalion in Jamshedpur when his posting as Superintendent of Police in Jamtara came through in August. “Yeh Jamtara hai kya? What is it famous for?” he asked his friends. “They all told me, ‘Oh, Jamtara? Jamtara has cyber crime’,” he says.

To be fair to Jamtara, it has a railway station named Chittaranjan, but then the famed locomotive factory is across the border, in West Bengal’s Asansol district. There’s little else in this Jharkhand district, the 19th most populated of the state’s 24 districts. Census 2011 says 58.7 per cent of the population had not worked over the past year and that 74 per cent of those who had had either been cultivators or agricultural labourers.

Into this vacuum came 3G. “We currently have the capability of monitoring only one cell tower at a time. The Airtel tower outside Kala Jharia village sees 3,000 outgoing calls a day, almost all of them to other states. It should be 700-800 at a normal tower,” says Sub-Inspector Nitish Kumar, in-charge of the district’s technical cell.

But Kala Jharia and its surrounding areas are not “normal” anymore. By all estimates, an overwhelming number of calls that result in online transaction frauds are made from Jharkhand, almost all of them from Jamtara district. “My team is currently analysing over 2,000 phone numbers linked to call-centre fraud and 90 per cent of them originate in Jamtara,” says Triveni Singh, an additional superintendent of police with the Uttar Pradesh police’s Special Task Force on cyber crime.

Advertising

The National Crime Records Bureau’s reports are a poor place to go to understand the scale of operations in Jharkhand: the state’s 93 cyber crime cases pale in comparison to the 1,879 registered by the Maharashtra Police in 2014. The NCRB does not categorise those arrested by their state, which makes Jharkhand look good. However, a spike of 257 per cent in reported cases in Jharkhand over the past year — only Chandigarh, with 55 cases and a spike of 400 per cent over year 2013, tops Jharkhand — is an indication of what is happening in Jamtara.

In the last week of November, the Delhi Police busted a phishing scam, arresting Dhananjay Mandal, 24, in Delhi and visiting Jamtara to arrest Pappu Mandal, 21. In fact, the Delhi Police team went to Pappu’s home, pretending to be members of a prospective bride’s family. “But they got suspicious. So the police team tracked his mobile real-time and caught him,” says a villager who tipped off the police.

jamtara-759

***

SI Nitish Kumar asks the vehicle to slow down as it enters Kasitanr village in Karmatar block. He points to a mango orchard on the outskirts of the village. “This is the headquarters of all the ‘bank managers’ in the locality,” he says, chuckling. Kasitanr has 3G connectivity, unlike a number of villages along the 11-km route from the Jamtara district headquarters.

For all the talk of cyber crime, the setting is pastoral. “They get together in the mornings, split into groups of two or three and sit amidst the bamboo to make calls,” says SP Manoj Kumar Singh. Those calls that you may have received from the “ATM headquarters” or “SBI main branch” were almost always made from under the shade of bamboo clumps in Jamtara. Loopholes in online transaction models have allowed conmen with limited education to devise a low-tech Do-It-Yourself scam that bleeds naive individuals, one transaction at a time.

In the case of Raj Kumar Singh of Rae Bareli, it was 24 transactions. He received a call on November 15, with the caller claiming to be a representative of the State Bank of India’s Lucknow branch. Singh, an ex-serviceman, said on the phone that he shared his 19-digit debit card number. Singh said that by the time he disconnected his call, his account — where the Army sends his pension — had been emptied of Rs 49,000 through 24 transactions made to e-wallets.
Narayan Mandal, 21, was arrested in a case registered at the Karmatar police station on June 20 this year. The arrest report mentions “kabhi kabhi sharaab peena (an occasional drinker)” against the column for habits. Police seized an SIM card registered in someone else’s name and used that to obtain a confessional statement.

After his matriculation, Mandal, who is from Rampur village, started helping his father Ramchandra Mandal in the fields. Together they would earn Rs 8,000-10,000 a month. And then, two-and-a-half years ago, he began making calls.

In his confessional statement, Mandal says he used to obtain fake SIM cards and contact people, seeking details of their bank accounts. He claims to have earned “many lakhs” running the scam and says he used the money to build a new house. He goes on to name five others who were part of his team: Kishore Mandal, Ashok Mandal, Suman Mandal, Jitendra Mandal and Rohit Mandal.

Police responded with a slew of charges under the IT Act. While Narayan Mandal is still in remand, no other arrests have been made in the case.

There is no uniform modus operandi at work in Jamtara. The only common factor is a team of two youngsters, one with a basic mobile phone and the other, a smartphone. The basic phone is used to make the call even as the smartphone is on standby with an e-wallet opened. The caller identifies himself — anecdotally, State Bank of India users are vulnerable due to their sheer number and hence, phishing potential — and declares that the account is up for verification or expiry. Once the card details of the individual are entered, the transaction mostly requires a One Time Password (OTP) to authenticate. At this point, the caller tells his prey that he has sent across a code for him to repeat to him. Once the caller reads out the number, the transaction is complete.

A police officer in Jamtara got two arrested youngsters to pretend making phishing calls — one in Hindi and the other in English — and recorded them on his mobile. “Sir, I, Om Sharma, calling from SBI branch, sir,” goes the fumbling boy in the video. Yet, the best of us get trapped.

The personal secretary to a Union cabinet minister filed an FIR at Parliament Street police station on November 3, 2015, saying he had been duped of Rs 35,000. A Mumbai-based software engineer, who spoke on condition of anonymity, says the caller already knew his credit card details, even the due date of his bill. This convinced him to give away his CVV. He lost Rs 8,900. “I was sleepy and a bit disoriented,” says the victim.

With many of the IMEI numbers (the 15-digit unique identity) of phones used to make calls pointing to mobile towers in Jamtara, the district has over the last couple of years become a pilgrimage site for policemen from all over the country, all pursuing cyber crimes.

Additional Director General of Police (Operations) S N Pradhan, who once taught at the National Police Academy during which he was in touch with young police officers from other states, says, “Initially, it was a trickle. There would be one-two calls every week from police in other states. They all wanted to know where Jamtara was,” he says.

This was 2012 and by the next year, victims of fraud began contacting him directly. “By 2013-14, the trickle turned into a flow. Victims would track down the phones themselves and tell me the calls were from Jharkhand,” he says. All roads seemed to be leading to the district.

Once in Jamtara though, the trail often goes cold. By the time a police team arrives at Karmatar to arrest someone, at least a month would have passed after the crime. The SIM card used to make the call would have been discarded by then — it would have been bought in someone else’s name, anyway. For the police team that’s armed only with the IMEI number of the phone from which the call was made, it’s boots on the ground to locate the owner of the phone and then correlate him to the SIM cards used, the accounts to which money was moved and the items bought online.

To blame all of Jamtara for this would be unfair. Most calls originate from within two police station limits of the district: Karmatar and Narayanpur. While seven of the 13 cyber crime cases registered in Jamtara this year took place in Karmatar, four were in Narayanpur.

There are two files related to cyber crime at the Karmatar and Narayanpur police stations. In the first are records of arrests made by various visiting police teams. In the other, multiple times bigger than the first, are leads that went nowhere — requests for cooperation to arrest individuals and requests for more information about some. The file at the Karmatar police station has 76 such requests from 16 states, all except three were from this year. Narayanpur had 65 requests from 15 states, all except six were from 2015. Almost all the Hindi-speaking states are represented at Karmatar and Narayanpur. “Some boys who had travelled to Tamil Nadu for work picked up some Tamil. We keep hearing rumours that they have begun scamming people there now,” says SI Kumar. At both the police stations, there is one case each from even the Andaman and Nicobar Islands.

According to SI Nitish Kumar, almost all suspicious traffic originates from “six to seven mobile towers of Karmatar and two to three of Narayanpur”, especially villages that border the former. So far this year, police teams from 10 states have arrested 28 individuals from Jamtara in 22 cases, all of them residents of Karmatar police station limits. Even that fails to tell the entire story.

***

Karmatar would like to be called Vidyasagar after the scholar Ishwar Chandra Vidyasagar, who spent his last days in the town. The bazaar itself seems to want to hold on to a better memory — there are shops calling the place by both names.

These days, Vidyasagar also appears in posters all across the region. The posters advertise the ‘Vidyasagar Invitation T20 Cricket Tournament’, to be held in an empty field outside Mohanpur village. Those approaching Mohanpur are treated to a spectacle: an eight-gallery stadium, built entirely of bamboo, the unfinished stadium resembling a tiara of thrones. Pramod Mandal, assigned to construct the stadium for Rs 15 lakh, says he has stopped work because of “non-payment of dues”.

According to the posters, actor Madhuri Dixit was to attend the opening ceremony on December 1, with Chief Minister Raghubar Das as chief guest. State Agriculture minister Randhir Singh, also the local legislator, is listed as the chairman of the organisers, ‘Tiranga Club, Murlidih’. Trouble is, police say the organisers, except the minister, are boys suspected to be involved in cyber crime. In fact, one of those listed as an organiser has already been arrested. Deepak Mandal, 26, a resident of Murlidih, was picked up by the Chhattisgarh Police on November 5.

SP Manoj Kumar Singh says the scam has led to Karmatar and Narayanpur being flush with money. It’s this money, he says, that is transforming villages, fuelling a construction boom. Almost every other house in Jhilua village near Karmatar is either new or is being constructed, even as roads continue to be nonexistent. TVS Apache is the preferred bike, the more prosperous have new Bajaj Pulsars, even SUVs.

Atop a steel almirah in the living quarters of Ravi Thakur, the Karmatar police station officer-in-charge, is a box with Flipkart labels. “LED TV, 32-inch,” he says, without looking up. Karmatar police records show that during a raid at the house of one Wasim Ansari in Nawadih village on June 13 this year, they found unopened boxes of five phones, three fans, three mixers, one Samsonite suitcase and four LED TVs.

The money that is sent to e-wallets from the victims’ accounts is usually transferred to multiple platforms — youngsters recharge villagers’ DTH and mobile accounts in exchange for lesser amounts of money. An FIR by an individual named Varun Das at Narayanpur, filed after the UP Police came calling, claims that unknown individuals recharged his DTH account for Rs 4,000. Police officers say youngsters take legitimate bank accounts on hire by paying the original account holders a fixed monthly amount of money and transfer their ill-gotten wealth from e-wallets into them. Designated members of the team then travel to nearby towns to withdraw money from ATMs.

There are only two ATM machines in operation at Karmatar, both operated by the SBI. “We fill about Rs 5-10 lakh in one machine daily. The other is filled by our Jamtara branch, which deposits Rs 15-20 lakh every day. The first becomes cash-out in two hours; the second, in a day,” says Navin Chandra Jha, Service Manager at the Karmatar branch.

***

No one really knows how cyber crime came to Jamtara. “We suspect some youngsters who went to big cities to work as daily wage labourers came in contact with people who operate call centres that do phishing from more sophisticated settings,” says ADG Pradhan.

Cyber crime itself has evolved in Jamtara. Of the four cases registered in 2013, three were against youngsters who defrauded people by telling them that they had won a lottery and had to transfer a certain amount of money to claim the prize. In 2014, there was a phase when youngsters would advertise on television channels with the face of a known celebrity and challenge audiences to identify them. The ‘winner’ would be asked to deposit a processing fee to claim the prize.

ASP Triveni Singh of the UP Police says he is still investigating whether there is an organised nature to the operation in Jamtara, but local police insist the fraudsters operate in a decentralised manner. “All one needs to know is basic transaction procedures and an ability to talk smoothly,” says SP Manoj Kumar Singh.

Till earlier this year, Jamtara police operated as a post office of sorts, processing requests from all across the country and dispatching its own — the individuals accused of cyber crime — from its area. There had been allegations that some policemen were hand-in-glove with the accused, warning them ahead of raids. But that changed after SP Singh was appointed. “I have always been a field officer and knew nothing about such crimes. But I realised yeh lathi aur bandook ki ladaai nahi hai (that this needed an unconventional approach).” So he petitioned the police headquarters for a technical cell.

The technical cell is nothing much — two desktops manned by SI Nitish Kumar and an individual deputed by the CID in Ranchi — but it has got the ball rolling. The district police have even started conducting raids. “We wait for intelligence to come in that youngsters are sitting in a locality, making calls. We rush there, pick them up and confiscate the phones of those who run away,” says Ravi Thakur of the Karmatar station.

The accused land in jail but are out on bail in three-four months “because of lenient conditions in the IT Act”, says ADG Pradhan. “They have done a cost-benefit analysis and come to the conclusion that the money is worth the jail time,” he says.

With an OTP the only thing that stands between you and someone else’s money, the battle against phishing isn’t an easy one.
“Start with selling SIM cards like passports, only after a police verification,” suggests a cyber crime expert in Ranchi who is not authorised to talk to the press. “The idea of minimal KYC for e-wallets should be defined properly and more authentication should be needed to open one,” says ASP Triveni Singh of the UP Police.

Till then, listen for the rustle of bamboo leaves and the whistle of a train at Vidyasagar station in the background when someone calls next time, claiming to be from the bank.

What’s phishing?

Phishing is defined as an “attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication”. The term, which originated in the mid-1990, comes from fishing or angling for unsuspecting users. So any mail, text message or link that leads you to disclose a password, log-in details or banking card PINs should be treated as suspicious and avoided. Apps have also been known to create malafide forms that seek such sensitive information that can be misused. The best way to spot a phishing attempt is to look at the URL or mail ID it is originating from, as often these will not be what they are purporting to be.

E-FRAUD

93 crimes in Jharkhand in 2014, according to NCRB data. Plus a spike of 257 per cent in reported cases over the past year. Most of these cases can be traced to Jamtara district, and specifically to Karmatar town. Almost all suspicious traffic originates from 6-7 mobile towers of Karmatar, and 2-3 of Narayanpur town.

# In 2015 so far, police teams from 10 states have arrested 28 individuals from Jamtara in 22 cases, all of them residents of Karmatar police station limits.

Advertising

# Jamtara police itself arrested 7 in 4 cases in 2013, 0 in 4 cases in 2014, and 13 in 12 cases in 2015.