The Rise of Deceptive Phishing Cyber Scam

By Radhika Tapkir (Intern)

INTRODUCTION – Fake Cyber Police

There has been a rise in fake emails being sent out to individuals as well as organisations by fake ‘cyber police’. These emails often falsely allege that such individuals or organisations are involved in cybercrime activities relating to cyber pornography, online activities involving paedophilia, and other sexual crimes against children specifically. 

In 2023, the Indian populace was targeted with such emails. An ‘X’ (previously known as ‘Twitter’) user last year had tweeted about how the scammers had targeted him. It can be observed that the format of the email or the court order/notification attached along with it has not been changed much. This scam has returned to haunt the vulnerable and gullible Indians again this year. 

These scammers impersonate law enforcement officials and send such phishing emails with the intention of exploiting the vulnerable common man. These emails create a sense of fake urgency by employing scare tactics such as implying that non-cooperation or lack of response from the receiver would lead to their (or their organisation’s) reputational damage, legal consequences and eventual arrest.

The scammers then proceed to hook the victim to divulge personal information and, in some cases, financial information. This grants the scammer access to the person as well as his/her banking accounts.

Keywords: Phishing, Cyber Scam, Fake Emails, Cybercrime.

WHAT IS PHISHING?

The term ‘phishing’ refers to a cyberattack that uses communication channels individuals commonly use for official information transfer or dissemination. The email look and links or files within often appear to originate from authenticated sources. The cybercriminal aims to either directly steal sensitive data such as login credentials, and financial information (internet banking passwords, login access, credit/debit card CVV, bank account information, etc.) or to install malware or ransomware on the victim’s computer.

Here are a few different types of ‘phishing’ attacks to look for –

1. Spear Phishing – ‘Spear Phishing’ refers to a type of cyberattack that targets a specific individual or a group of individuals within an organisation, and tries to manipulate them into divulging sensitive information by –
   a. Making them unknowingly download malware/ransomware; or
   b.Sending them a link to an authorized payment gateway.

Illustration – Hackers in such cases often use publicly known data of the targeted victim(s). For example, Person A (the victim) is known to be an avid reader and often posts about different books and visits different book fairs and libraries. A spear phisher might use this information to customize an email specifically for Person A, suggesting they visit for a special weekend book event taking place at their store located in Person A’s city. 

• Clone Phishing – Hackers often recreate an identical duplicate of an authentic email (or email template) from an authentic organisation. It is often indistinguishable from what an original would’ve looked like.

Illustration – A real-life example of clone phishing is when in 2017 Facebook and Google were scammed for $100 million. A Lithuanian scammer constructed a sophisticated clone phishing campaign aimed at two tech corporations, Facebook and Google. The scammer set up bogus email accounts and invoices mimicking a Taiwanese manufacturer with whom both companies did business.

• Whaling – A whale phishing or whaling assault is a spear phishing attempt directed solely at a high-ranking executive or official. The attacker usually impersonates a peer from the target’s organisation or an equivalent or higher-level colleague or acquaintance from another organisation. Whale phishing mails are very personalised.

Illustration – A real-life example of a Whaling phishing attack is when in 2018, the Pathe Film Group lost £19.2 million(i.e., approximately $21 million in USD). Pathe is France’s one of the leading film groups. The scammer pretended to be the CEO, Marc Lacan of Pathe’s headquarters in France and emailed the CEO of Pathe’s Netherlands CEO, Dertje Meijer, requesting wire transfers to fund an acquisition. 

• Deceptive Phishing – In this type of cyberattack the cybercriminals often pretend to be representatives of an organisation or officials from law enforcement or similar agencies. They target individuals or organisations who are already involved and experiencing an ongoing cyberattack. Either they take advantage of the vulnerable state of such individuals by sending them malicious links via email or they send ‘court/police orders’ alleging criminal offences (further evolving it into a social engineering attack).

Illustration – A hacker sending emails with an email ID that looks deceptively similar to the original and authentic email ID of the organisation. Attached with malicious links and photos, or notifications/orders directing the victim to open them and respond in the manner prescribed in that email. This leads to the hacker collecting the victim’s information for further use.

• Pharming – In this type of cyberattack, the victims are often redirected to fake and fraudulent websites. This type of cyberattack often is carried out using the following techniques – DNS cache poisoning, Malware infection, Rogue DNS servers, and Host File modification.

Illustration – In 2014, a Venezuelan volunteer organisation’s website ‘voluntariosxvenezuela.com’ (Voluntarios por Venezuela, Volunteers for Venezuela) experienced a pharming attack by a group of hackers. The attackers redirected users to a fake website (which looked completely identical and legitimate). This was done to steal the personal data of the users visiting the website.

• Social Engineering – This type of cyberattack involves pressuring an individual into revealing sensitive and personal information by using manipulative tactics.

Illustration – A Person A (hacker) impersonates a bank employee and, calls up Person B (victim). Then Person A proceeds to pretend to be a bank representative requiring either the credit card information or the OTP (one-time password) of Person B. Then Person A tries to persuade and manipulate Person B, pressurizing them to divulge such information as enquired by Person A. They often leverage the fear of the bank account or the credit/debit card closing down and the victim being unable to access their funds.

All types of phishing attacks involve the conjunction of two or more different type of phishing attack methods.

HOW TO SPOT THE ‘FAKES’

The neat trick to avoid falling for such phishing scams is to carefully, calmly and thoroughly read through the email as well as the accompanying ‘court order’ attached to it. These emails are oftentimes poorly structured and pumped with irrelevant facts. 

Therefore, there are two important components of this email, i.e. –

1. The Body of the email, and
2. The attached ‘alleged Court Order’.

A Look at the Body of the Email

Here is what to look for while reading such phishing email’s structure – 

Sr. No.	The E-mail Structure	Analysis
1.	TRIBUNAL ORDEROffice Of The Commissioner Of PoliceCybercrime Cell / Computer CentrePolice Headquarters,MSO Building, J.P. Estate, New Delhi 110002.Ref: No. 39724-34-01/ICB-IPHQ/2024	An email should always be addressed to the individual/organisation receiving it. But in this case, the emails are structured in a manner, where the sender’s address and rank are mentioned.
2.	Dated the 16-04-2024.	The mentioning of the date in an email should be observed carefully.
3.	OFFICIAL COURT ORDER. This is to inform you of the attached alleged court order against your Internet IP traffic by the Central Bureau of Investigation, Department of Research and Analysis Wing. It is quite unfortunate to turn your official or private Internet to a juvenile pornographic movie cyber. The Central Bureau of Investigation works in partnership with the Police Cybercrime Special Units in handling all complex and sensitive cases of cybercrime, especially when the victims are women and minor children. Our laboratories are equipped with state-of-the-art spider/crawling digital software and equipment, having forensic capabilities such as extraction of deleted data from hard drives and mobile phones, imaging and hash value calculation, forensic servers and portable forensic tools for on-site examination, facility to extract data from latest Android or IOS as well as Chinese phones. Based on the above, it is extremely difficult for any victim to consciously or unconsciously visit juvenile pornographic sites without being digitally captured. More information or clarification on the court order will be made available to you upon receipt of your response within 24 hours; our office operates 24 hours / 7 days. Be assured that serious legal action will be taken against you if you fail to respond to this notice within 24 hours of receipt. To forewarn is to forearm.	Phrases like the following should raise alert you –‘alleged court order’‘by Central Bureau of Investigation, Department of Research and Analysis Wing’‘turn your official or private Internet to a juvenile pornographic movie cyber’‘works in partnership’‘minor children’‘spider/crawling digital software’‘any victim to consciously or unconsciously visit juvenile pornographic sites’‘upon receipt of your response within 24 hours’‘To forewarn is to forearm’Always carefully look at –the words,the phrases, grammatical errors, sentence structure, the legal terminology used, and the message being conveyed by such an email. If any order is attached, look at the official seal, stamps and signatures of the relevant authorities. Visit the official government websites and cross-check the names, phone numbers, official logos, addresses, etc.
4.	Sincerely, xxxxx xxxxxxxx (ACP/CB)For Deputy Commissioner Of PoliceCybercrime Cell / Computer CentrePolice Headquarters	Do your research. Check the name, rank and office address. Visit the official cybercrime website and look at the ‘Contact Us’ tab.

A Look at the Alleged Court Order in the Email

A look at the image of a ‘Court Order’ attached in the email – 

1. If you look at the above document it is easy to identify the grammatical errors, typos, and weird phrases. From the above document, we can see the use of, ‘INDIAN CYBER SQUARD’, ‘victims through the technology information’, ‘appropriate sanctions’, ‘closest Police Station’, ‘in partnership’, etc.
2. The spelling, colour, font and font size are not consistent all over the document.
3. The multiple stamps, signatures and seals used all over the document are fake. The placement of the ‘officials’ seals makes the document look like a child’s fancy sticker collection.
4. The mention of NCRB and the use of its seal in this document is also questionable.
5. The name of the organisations and their relations to such offences is questionable. For example, in the above image, it is clear that there is no existing organisation or team by the names of the Indian Cyber Squard, the Cyber Cell India, or the National Response Centre for Cyber Crime. Furthermore, CBI (Central Bureau of Investigation) is the sole nodal agency for Interpol in India.
   1. The seal of MP Police (State Cyber Cell) is on the top left of the document. It raises the question of why a state-level cyber cell is involved with Interpol and CBI inquiry/investigation.
6. No legitimate organisation working in the law enforcement area would ever directly contact an individual accused of indulging in such offences. They would never try to threaten to divulge such information to the Media for the sole purpose of defamation, as can be seen in ‘.
7. Make sure that the organisations mentioned perform the tasks or inquiries related to child pornography or cyber pornography. A victim should raise the question of why would CBI and IB directly engage with you via email.

PRECAUTIONARY MEASURES

In case you or your organization has been targeted by such scammers, here’s how you can proceed regarding the email sent to you –

1. Be Vigilant: Always stay alert, such emails often ruin the peace of mind and tend to make the victim, resulting in them responding to such emails. 
2. Never Respond: Such emails create a sense of urgency by giving you a time limit for responding to them, and claiming that non-compliance would lead to legal consequences against you. Therefore, never respond to or engage with such fraudulent emails. 
3. Confirm the Email Address: Check the email address used by the sender. Confirm the email address by visiting the official government websites. A government mail always has a ‘gov.in’ extension in it.
4. Check the Logos: The court order attached to such emails has logos on them. Cross-check the authenticity of such logos. 

Always keep in mind that police personnel or officials in any law enforcement agency would never directly approach you in such a manner. They would never ask for your personal or sensitive information, and threaten you to defame you if you do not comply.

Everything is a simple Google search away. Authenticate before taking any action.

Approach Cyber Police

In the instance that you have replied to such an email under duress, coercion or misrepresentation via impersonation, you can immediately inform the cyber cell –

1. File a report at – www.cybercrime.gov.in or the National Cybercrime Reporting Portal (NCRP) –  https://i4c.mha.gov.in/ncrp.aspx
2. Always use the ‘Report and Track’ option after reporting any cybercrime.
3. Use the Helpline Number – 1930.

CONCLUSION

A phishing scam can present itself in various forms. The best way to deal with any cyberattack is to identify if the email so received is authentic, what its origin source is and if it poses’ an immediate threat or has the potential to become a threat once you respond to it. Always stay alert and aware about your situation given any fraudulent allegation.