DATA THEFT IS REAL! DID YOU ALLOW IT, TODAY?

Data theft is pretty common these days. There are entities, who may be interested in procuring your personal details.. like signature, thumb impression, e mail address, your GPS location etc. And the gullible agencies, who employ simpletons like Raju, know they can easily get such a data on a large scale to trade it with someone eager to procure it at a good price. And your privacy and safety is out in the market.. left open to be breached. There is a thin Line between balancing our Privacy and Security in everyday life as we come across unexpected encounters, points out CYBER SECURITY AWARENESS EXPERT MISS AISHWARYA TIWARI as she shares her real life experiences and observations with the readers of Indiainput.com. Read on.

How frequently are you visited by strangers for some task related to surveys? And how often do their questions or unusual demands make you feel your personal space is being intruded, the privacy is being encroached upon ? 

Let me tell you about this courier delivery person who rang my door the other day. He handed over to me the parcel, held forth a gadget and insisted that I put my left thumb’s impression on its screen. Yes, not a signature, but my thumb’s impression. It wasn’t as if I couldn’t sign or my right hand had any injury. He kept insisting for my left thumb impression, in place of my signature. “That’s what we ask for these days, madam. The technology is changing”, he coolly announced.

“Yes, technology will keep improving, no doubt,” I partially agreed while putting my feet down, “You have verified my contact number. If you want to deliver the parcel, you get my signature on paper. That’s more than enough. Thumb impression can not replace it.”

He had a very common passable name ‘Raju’ and had no identity card to offer. And he kept insisting for the biometric impression while holding the courier carrying my precious box. I counter questioned him,

“Will you give me your thumb impressions, if I ask..”

“What are you joking about, madam. What is the problem in it? Everyone gives thumb impression for the courier these days. This is your box and the impression is mandatory. It is the rule now a days, madam,” he was adamant, “It is legally binding.. very necessary..”

There, I got him ! “And may I know, who told you so?”

“I have been asked by my bosses. This is the common procedure. There are hundreds of such thumb impressions in this gadget!”

I firmly told him that my signature was no less authentic proof of the delivery whereas the thumb impression was possibly just another ploy to collect biometrics data of the clients. And it was absolutely not mandatory. And his company was obligated to deliver my box.

Finally, he relented when I insisted for the relevant rule book or to speak to his bosses. He collected my signature on his paper form, like they used to, and left the box. 

That set me thinking. Had I not refused to comply to his insistence, my thumb impression, a part of my personal identification data would be in his gadget by now. I was being asked to submit my thumb impression with my name, age, address, contact number, e mail address and signature. All at the marginal incentive of getting my consignment box delivered at my place. Hadn’t I just successfully managed to ward off an attempt to hack my world..? Just could be.

I kept rethinking on his words, ‘hundreds of such thumb impressions’. Of those unsuspecting people, or may be they had been too busy to ponder over the implications. 

What could be the motive? Is thumb impression so essential and the only viable way to verify that the couriered item has been delivered to the right person? How many people unknowingly submit everyday, their personal data this way? And what possibly happens to this huge collection of priceless data?

DATA THEFT MARKET

Let us accept that, there are entities out in the world, who may be interested in your personal details.. like your signature on a digital screen, your thumb impression on a digital screen, e mail address, your mobile number, the physical location of your address and even the related GPS location. There is no dearth of gullible agencies, who employ simpletons like Raju, get it collected on a large scale knowing fully well that they can trade the data with someone who may be eager to procure it at a good price. And your privacy and safety is out in the market.. left open to be breached. The data market, something big enough to swallow the whole world, may be. 

OTP IS A BETTER ALTERNATIVE! 

Thankfully, the leading shopping apps like Amazon and Flipkart have already initiated steps in this direction for privacy during verification. They have installed a new feature of One Time Password that is, OTP. The customer receives an OTP on his or her  respective application which is needed to be shared with the delivery person to receive the order in hand which means absolutely no need of providing any biometrics like automated recognition of individuals by means of unique physical characteristics such as finger prints, retina scan and face recognition etc. Yes, and the world is promoting the use of OTPs on a large scale.

Let me cite another incident, a more recent one.

SURVEYS THAT MAY LATER MAKE YOU FEEL SORRY!

Early this year, on a winter Monday morning I had just finished my breakfast when the door bell rang. As I approached the door, a large and chubby cheeked woman holding a tablet like gadget, over 10 inches wide, a paper register, and a handbag, was there. A smile and a good morning later, she asked me if she might step in and talk.

When faced such a situation, we must ask ourselves, “Why should I let a stranger inside my residential space? Am I being not alert enough? Am I assisting a thief in the potential data theft?”

She persisted in encouraging me to let her in. However, I said, “Of course, ma’am, we can chat for a little while but please answer to few of my questions first. Please tell me the name of your business and the reason for your visit.” 

She informed me that she worked for a survey company  and that all they did was gather rudimentary data on the kind of financial apps, that individuals used. What kind of apps, which ones, any change in their traits, new trends heard etc.

When questioned again about the precise intent of this survey, she was unable to provide a trustworthy response.  I softly requested her to show me her employee ID card. The card, she produced, surprised me because it had another company name printed. 

Upon pointing this, she maintained that they all are the same as it’s a group of companies. 

Well, I proceeded to take a picture of her ID card. As a cyber security professional, I believe data is scarcely junk. I have seen cases when people’s data is sold for profit; may be for targeted marketing or for a variety of fraudulent actions.

I tossed another question, “Exactly what kind of information will you be asking me for the survey?” 

Her list was seemingly unending. Full name, contact information like landline phone number, mobile number, WhatsApp number, email address, the date and year of birth, names of any online banking services used, such as pay tm, g-pay, phone-pe, etc., which bank is linked to online app with, the user’s occupation and, if a student, the specifics of educational institution, how many family members there are, and the same information about all of them, too. Quite an exhaustive information was being sought. But, why this much of effort?

THE LOCATION WAS ‘ON’ !

I then sought to know  the whereabouts of the tablet she was holding. Was the location on? She smiled shyly. Then her answer was in affirmative, indicating that the entire coverage area, treaded by her was being tracked or would definitely be mapped. She had already registered the physical location of my residence. So, a complete range of details about me. Was anything being left? Actually, nothing.

Why was all this needed? What was the urgency? Is it not questionable to mention a the exact location on a map together with these fundamental facts about the individual? First of all, why is it necessary to conduct a study to find out which online banking apps individuals use overall? Okay, if they are attempting to assist online banking users with digital money options, then it may be somewhat justified; however, later  when I googled the company names listed on her ID card and the one she claimed to be a survey company,  I was unable to find any information about either of them. Were they fictitious entities? Were unsuspecting people being taken for a ride?

ASKING EVERYTHING UNDER THE SUN.

It naturally gives rise to suspicions when some strange person comes seeking to know eerie details like the name or address of the educational institution one was enrolled at. Similarly, collecting phone numbers, asking for the phone number you use for your online banking applications is no less scary. To top it all, why is it necessary to know which bank I have linked my account with? Add all this to my GPS location and you get the complete picture.

She might well be an honest worker carrying out her duties as directed by her superiors in the company. This exercise may be essential for her to make the ends meet. However, isn’t she being a pawn in something that could potentially be nasty? 

It is scary indeed. You may not feel like doubting their purpose or honesty. It is hard to. They appear so plainly professional. 

Does it cross your mind whether they’re gathering the data for nefarious reasons that could potentially harm you or your family members digitally, in near future?

It very well could be. There are thousands of digital crimes or similar incidences taking place globally, every year.

YOUR REPLY IS OPTIONAL.

In these situations, one ought to  always remember some fundamentals. One ought to begin by asking for their employee ID or any other documentation to possibly verify that they indeed hail from an existing organization that is carrying out a legitimate survey venture. You may take a picture of the identity card for reference. This may be followed by a few basic questions like, “What is the aim of the survey?” 

You may like to pay attention to the questions they ask you while reminding yourself that it is absolutely not necessary to reply to each and everything asked. Rather, you ought to decide first whether the questions are pertinent to the survey.

For instance, if the survey person asks about “what newspapers your family reads,” then, providing your mobile number, email address, the name of the school or college your children attend, the exact nature of business or job that each member of your family holds, or any other such seemingly irrelevant information is obviously not at all necessary. 

DATA THEFT & DATA MARKET

Over sixteen lac cases of cyber crime were reported in last three years, the official data said in December, 2022. Not a matter of surprise either, that there has been a steady rise in cyber crimes. India reported 52,974 cases of cybercrime in 2021, an increase of over 5 per cent from 2020 (50,035 cases) and over 15 per cent from 2019 (44,735 cases), according to the official government statistics. These include a wide spectrum of cases ranging from exploitation to hacking and data theft. The Data theft market is ever expanding at an exponential pace. However, the data theft being carried out openly and swiftly in the presence of and in connivance with the unsuspecting victims is a sure cause of worry and must be dealt with through awareness.

In order to stay safe both online and offline, everyone should be aware of the personal information they give to complete strangers without giving it a second thought about how it might be used to cheat or loot them or others they know.

RATING ON A PRIVATE NUMBER.

Let’s end with yet another interesting incident, that is nothing less than an eye opener. One fine morning, I received my parcel sent through a well known e-shopping app and as I was in a rush i didn’t carefully look at the packaging and it didn’t seem suspicious, either. In the same evening, when I had a closer look, to my surprise I found a small chit along with what I had ordered. Yes, a chit that had these lines printed on it saying -‘ Please give 5 star rating for the product on the app and you may receive Rs. 50 or more as a cashback. Don’t forget to send the screenshot of the review on this number. Please. God bless.’

This was unusual and eerie. It raised my suspicion.

I tried the number for identification on a caller identification app. Yes, my doubts were proven then and there. It was an ordinary customer number belonging to some ordinary name and not some authentic customer care helpline number for some corporate entity.

It had certainly appeared a scam to me, for obvious reasons. 

When this well-known e-shopping has this amazing app, why would they require their users to send any screenshot to such random private numbers? Such a question must cross every cyber aware user’s mind. Obviously, there were some private persons in the chain to collect the supplementary customer data, God only knows why.  All this at a small tempting takeaway. The moral of the story is simple. Your vigilance is your duty & responsibility. So, be alert and never call or send any screenshot as suggested, requested, lured or asked, to any given random number. Think, do some little investigation yourself and ask yourself many basic questions before deciding, if you must. 

Because, there are invisible elements prying on your privacy and data. By each passing month, they are coming up with newer ways and methods of scams. You may encounter them online or offline or both. And must stay at least one step ahead.

 That’s it folks. Stay safe.

….