Varun Kapoor, IPS
Additional Director General of Police, Narcotics and PRTS, Indore
The share market a place where dreams are made and dreams are often dashed and broken too! A place where people invest their hard earned savings with the expectation of enhanced and improved returns. Generally it is observed that citizens of India are thrifty in their expenditures and each and every household depending upon their ability, try to make small savings. This kind of household savings are done generally by the ladies of the house. With each passing day as the amount in store swells, the family and the lady in particular, get a sense of well being and security. Thus this saving is so very important not only because it represents prudent expenditure but also it embodies an escape route and a protective umbrella when the chips are down and financial disaster stares.
At the point the saving becomes of reasonable proportion the family decides to invest. Secure investment for this saving is the first criterion that is considered. Returns and profits are secondary considerations. Investment of savings are done in a variety of means – saving bank deposit; fixed deposits; gold; land; mutual funds; insurance policies and shares and debentures. The emphasis is always on secure rate of return rather than enhanced rate of return.
Imagine in such savings and investments – criminal elements intervene and rob the citizen of not only the return but the entire saving itself – then where would such conned citizens go? The quantum of loss suffered by them can never be imagined in mere monitory terms. The loss is not only of cash liquidity but also a colossal loss of a sense of security, future plans and in a way the entire sense of well being! And this is happening with increased rapidity and regularity, the primary cause of which is lack of awareness and understanding by an average citizen of the trickery and deception possible in the virtual world.
The share market investors are facing this threat all the time. The modus operandi of these share market cyber conmen is quite simple. They use data garnered about investors in stock broking firms and then contact them through a simple telephone call and attempt to con them into changing their investment patterns. They act as representatives of the firm in which the person has a portfolio and then advice them to heavily buy shares of an insignificant company promising great returns. This basically is a Phishing attack. The criminals will make such alluring phone calls to a number of investors – most will ignore such calls totally, some will cross check from the broking firm about the authenticity but a few will believe them blindly and do as said and buy the bogus shares. This is classic case of phishing.
Alternatively the cyber conmen will generate bulk sms in the name of certain investment firms and send them to the unsuspecting investors of that firm. Again these sms will be like a commercial message sent by many companies to their customers. This again acts in the manner as a well designed and executed phishing attack. Some investors genuinely get duped and transfer huge amounts of their hard earned cash into stocks of companies which have no standing and are bogus, to say the least.
The question that arises is – how do the cyber criminals come to know the names and contact details of investors of any particular broking company? It is only after they have the relevant contact details that they attack the unsuspecting victims. This they may achieve through two means – Hacking into the companies data base and throw insider information.
The Hacking procedure is quite simple. Professional hackers unleash attacks on the server that they want to target. They gain clandestine entry and steal the data that they need and exit the domain. The company and its cyber security regime (if any such is in place in the first place), will not even know that such a hack has taken place – till it is too late. This stolen data is then sold in the cyber black market at throw away prices – as low as 10 paisa for one contact detail! Cyber conmen buy such data and the rest as they say is history.
Insider information is another means for cyber criminals to get desired information to target the victims. Insider information refers to information provided by an employee of the concerned firm who leaks information to an outside element about the investors. This leak may be motivated by a variety of causes. The concerned employee may do it for money, revenge, blackmail, keeping employee in the dark regarding the use of such leaked information or any other reason. But the information thus leaked falls into the wrong hands and the innocent investors suffer. That is why in a number of such attacks it is observed that fresh investors are targeted more often as they may be easier to con as they are yet not used to the ways and means of the company concerned. This clearly indicates an insider information linkage.
The best way to beat such a concerted phishing attack is to follow a simple principle. Do not engage with any caller offering financial advice, financial rewards and gains on telephone. It may concern banking, shopping, insurance, shares etc – whatever it may be the answer has to be – “no thank you”! If the caller insists just say that he/she should contact the person in the real world and not over the phone, mail or sms and then make the offer. That is the best and only way for protection. Maybe just maybe some investment opportunity or good offer is missed, the loss will be miniscule as compared to the loss that you may suffer if any such call, sms or mail is a hoax. The English proverb – a bird in hand is better than two in the bush – is the best proverb to go by in all such cases.