“Cyber-attacks have taken a cruel turn and become attacks against humanity during the covid crisis.” -Ritesh Bhatia (Founder & Director, V4WEB)
The Global Hues received the opportunity to conduct an interview with Mr. Ritesh Bhatia – a cybersecurity and data security consultant who specializes in cybercrime investigations. He informed us that he has been working in this field for the last 20 years. He is also a certified fraud examiner from ACFE, USA, and has successfully solved many cases of law enforcement agencies, large corporations, celebrities, and individuals both in India and abroad. He received recognition and appreciation from the Indian police and Interpol for busting a Whatsapp group that was circulating child abusive material. Interestingly, he has also played the role of his real-life self in an award-winning show- MTV’s Troll Police. He has spoken on the TEDx platform twice and has held discussions in almost 100 international and national conferences on topics such as mobile security, dark web, data security, cybersecurity, and prevention. This cybersecurity consultant is known to have trained the employees of organizations such as RBI, Anti Narcotics Cell, Indian Air Force, State Police, etc. His views on trending cybercrimes and cybersecurity have been published by many national publications. He frequently educates citizens of the latest in cybercrime on radios, national as well as international television channels.
CYBER ATTACKS & THE OXYGEN CRISIS
When asked about his thoughts on the impact of cybercrimes today, he informed us that such cases have doubled and tripled and are growing exponentially at a breakneck pace since the pandemic started. Up until the covid crisis, hackers would plot and attack organizations and individuals by retrieving their OTP’s or misusing the phone numbers. But with the oxygen crisis plaguing the country, these attacks took a cruel turn and became attacks against humanity. There were cyberattacks carried out on people who were desperate to buy oxygen cylinders. There were cases where these criminals took lump-sum amounts for oxygen cylinders through an online transaction and then immediately discontinued their numbers, leaving the patients to die.
ARE SMALLER BUSINESSES AT A HIGHER RISK?
He explained that the smaller businesses are at a higher risk of attacks as compared to other sizable businesses. Businesses have been falling victim to something called the – business email compromise scam.
The bigger companies have an established culture of cybersecurity whereas smaller companies are unaware of it. They harbor a very careless attitude towards cybersecurity despite being at a much higher risk of becoming a victim. “99% of the companies which are financially robbed due to the cyberattacks are small businesses,” he tells us. These businesses go for pirated operating systems and software’s which help hackers intrude into systems and networks.
Their anti-virus software is not typically updated and they sometimes don’t even agree on installing firewalls for their security. Lack of employee education programs also contributes to putting small and medium businesses at a higher risk of being attacked. In comparison to the risks faced by the small and medium businesses, the larger businesses risk data breaches as compared to a direct financial loss. Mr. Ritesh explained Artificial Intelligence to be a worthy technology that must be implemented accordingly. AI is capable of understanding and predicting the kind of attacks approaching a system. For any company that is vital.
PRECAUTIONS ONE MUST TAKE IN THE CYBERSPACE
He began with the very basic rules in ensuring one’s security online. Nobody should have the same passwords for all their social media and bank-related accounts. Making the password in your mother tongue is a great tip to ensure a strong password. Using passphrases instead of passwords is another good option. These passphrases could be idioms in one’s mother language. Secondly, it is crucial to set an online purchase limit on your credit and debit card because hackers can make purchases through your card details. Lastly, people should stop reacting to WhatsApp forwards before checking official websites regarding the given news. Ritesh had been getting a lot of queries regarding a WhatsApp forward stating that the government would now be able to access any citizen’s WhatsApp messages. He urged people not to believe these fake forwards and only trust official government websites for accurate information.
HOW CAN SMALL BUSINESSES SHIELD THEMSELVES?
Mr. Ritesh had some pretty good advice for small businesses that wish to protect themselves against cyber attacks. He began by informing us that the two biggest threats faced by these businesses today are – Ransomware attacks and business email compromise. Systems must have an antivirus installed that is continually updated. While making any transactions online, always cross-verify with the concerned person offline as well, in every stage of the transaction. Cross-checking and verifying should be adopted as rituals every time one is conducting an online transaction.
Companies should make cybercrime and cybersecurity training mandatorily available for all their employees. Whenever a crime has occurred, one should make sure to not delete evidence such as text messages or call logs. Evidence is key in getting justice. Another important factor is backing up one’s data. He especially emphasized on backing up the data in such a way that at least 3 copies of all important documents are available in three different locations. For eg, backing up files in cloud storage, pen drives, etc. could help prevent a crisis.
BANKCARD AND KYC FRAUDS
The expert explained the first step in avoiding bank card and KYC frauds is to become aware of them. He deciphered the most common ways people get ripped off at ATMs and ways to prevent them. Ritesh said, due to pandemic and lockdown throughout the globe fraudsters are getting an opportunity to put the skimmers on the automated teller machine (ATM), skimmer is a card reader that can be disguised to look like part of an ATM, the skimmer attachment collects card numbers and PIN, which are then replicated into counterfeit cards. In the case of using an ATM, one has to be extremely mindful of whether there is a skimmer on the machine or not. Always shake the card slot where one dips the card if it comes out easily, it means there was a skimmer and avoid that particular ATM. Disable international transactions on the card if not planning to buy or travel internationally and limit transactions on credit or debit card because for most of the cases scamsters do not need the one-time password (OTP), ATM PIN, or the Card Verification Value (CVV). All they need is the 16 digit number and expiry details to conduct an online fraud on an international website/portal. Besides bullying, stalking and extortion scams many KYC scams are happening where people are pretending to be calling from banks and targeting people especially senior citizens requesting them for KYC, or else their accounts will be disabled. And with the current situation where people are unable to visit banks, the customers are falling into the trap and they are revealing banking details over the phone.
RISING CYBER FRAUDS DURING PANDEMIC
The National Crime Records Bureau statistics show a sharp decline in crimes like burglaries, robberies, chain and mobile phone snatching, carjacking, pickpocketing, etc in 2020 but there was a steep spike in online fraud. When asked about the fraudulent calls claiming to be from a bank or a credit card company, offering short-term loans on attractive rates of interest or re-scheduling of existing equated monthly installments and invariably end with the extraction of bank account details or credit card details, the expert explained methods of identifying and addressing problems like such, cybercriminals especially in India are always looking for opportunities like an airstrike, COVID-19 lockdown, and after the Reserve Bank of India offered a relief measure to the borrowers in the form of an EMI moratorium on all term loans time, it allowed the cyber thieves to call up people as bank representatives. They try to gain access to borrowers’ banking details as they request OTP or other forms of passwords claiming to help them postpone EMI payments. Falling into the trap hundreds of people have lost lakhs of money and another way of conducting fraud is where they would ask people to download certain applications, the downloaded app is a remote control software using which the fraudster would be able to see all the keystrokes. So, when one is entering the banking details the scammer can see the operation.
Mr. Ritesh requested on carrying out transactions through authentic websites because phishing websites have certain spelling mistakes, it’s always best to Google the website and never click a link from the emails or text messages because a way to go to a phishing website in maximum times is via an email. During this COVID-19 times, people are receiving a lot of mails from the World Health Organization (WHO) but it’s important to know the genuineness of websites because with one click one can land on a replica of that website. Never trust links on emails even if they look okay but scrolling through it will all together show a different website. He further added that sextortion is an emerging online scam that takes advantage of people’s fear that their most intimate moments will be exposed to the public. They usually come in the form of emails, which are not only dangerous and unsettling but can have serious real-world consequences and this has been happening for years but the pandemic brought a sudden hike in the number of cases. There are reports that porn viewing in India has increased by 25-30 percent and the fraudsters made the best use of it which is called a sextortion scam or porn scam. In this particular scam the fraudsters source databases from the dark web, these databases have one’s email address and even passwords, and using a bot randomly fires a maze. These bots send emails to everyone on that list saying they have been captured while visiting porn sites and many people fell to this particular scam and paid them to delete any content or information they have of the person. When anyone receives an email as such don’t believe it as they are bluffing and they have no materials.
CYBERCRIME INVESTIGATED CASES AND ACCOMPLISHMENTS
He was a part of MTV Troll Police which won Zee Indian Telly Awards for Best Youth Show in Non-Fiction Category, “Cyber Crime Helpline Award 2018” in the category Fortune Hunters of Digital India (Cybercrime Investigations) awarded by DTF Pune and The Best Individual For Creating Cyber Security Awareness by Computer Society of India in 2017. Ritesh Bhatia has investigated multiple Cybercrime Cases like Business Email Compromise Scams, CEO frauds, Man-In-The-Middle Attack, Ransomware, Phishing, Identity Theft, Spoofing, Data Theft, Source Code Theft, Sextortion, Revenge Pornography, Romance Frauds, Sextortion Scams, Digital Wallet Frauds, OLX Scams, Child Sexual Abuse Material, Cyberbullying, Cyber Harassment, Website Attacks SQL Injection, Cross-Site Scripting, and Domain Squatting. Some of his well-known clients include SBI, TransUnion Cibil, Mashreq Bank, Larsen and Toubro, Future Group, Reliance Industries, Canara Robeco, ITC, Byjus, Asian Paints, and many more. Along with his partner, Nirali Bhatia who is a cyberpsychologist, Ritesh has formed an anti-cyberbullying organization called Cyber B.A.A.P. (www.cyberbaap.org) which stands for Cyber Bullying Awareness, Action and Prevention.