TN: Spike in Phishing Attacks, Experts Demand Data Privacy Bill

Chennai: Phishing attacks have become a common phenomenon, leading to people losing lakhs of rupees with a single click. Tamil Nadu accounted for 4,866 cases in 2021-22, the highest in the country.

The increasing thrust on digitisation, particularly after the lockdown due to the COVID-19 pandemic, is cited as one reason for increasing cybercrimes. Recently, two individuals from Tamil Nadu lost around Rs 12 lakh to messages posed as from Tamil Nadu Generation and Distribution Corporation (TANGEDCO).

The number of cybercrime cases in Chennai increased from 748 in 2011 to 13,077 in 2021. Krishnagiri district, an industrial belt, accounted for 400 phishing cases in 4 months, from February to May 2022.

The lack of awareness, responsibility from stakeholders, guidelines on data security and lack of data security acts play a role in continuing economic crimes. Experts call for strategic planning from the union and state governments to create awareness and prevent phishing attacks.

PHISHED IN THE NAME OF TANGEDCO

On July 23, a 52-year-old woman from Coimbatore lost Rs 4.24 lakh when she opened a link sent to her, claiming to be from a TANGEDCO official. In a similar incident from Coimbatore, an 83-year-old man had earlier lost Rs 8.7 lakh but was retrieved in 20 days, thanks to timely lodging of complaint.

The TANGEDCO and cybercrime police have alerted the public on the modus operandi of scamsters, but such incidents continue. While timely action from the victim helps retrieve the money, the scamsters go largely scot free.

Vinod Arumugam, a cybersafety tech coach, while speaking with NewsClick, stressed the need to create awareness and lodge complaints on time to retrieve the lost money.

“The victim must lodge a complaint through 1930 on the financial cybercrimes. An online or offline complaint must also be registered within 24 hours to ensure the possibility of retrieval,” he said.

Several phishing incidents go unreported considering the small sum of money lost, but Arumugam insists on reporting all such cases to understand the modus operandi to prevent future crimes.

“The victims, instead of approaching private hackers to retrieve their money, should lodge a complaint irrespective of the quantum of money. This way, they can help prevent a bigger future crime,” he added.

‘COLLECTIVE RESPONSIBILITY ESSENTIAL’

The increasing incidents and magnitude of phishing have exposed a majority of the users prone to attacks. The continuous attacks and loss of money may lead to a reduction in usage of the technological platforms.

“Cybercrimes are part of the Indian economy, and hence it questions the economy and/or the services of the country. No one is spared from these attacks, and creating awareness becomes essential,” Arumugam said.

Phishing incidents need to be viewed with collective responsibility, rather than blaming the victim or the stakeholders, considering factors like awareness and data ownership.

“Apart from the government, the banks and other organisations must create awareness among the end users. In most incidents, these organisations pass the bug and refrain from taking responsibility. The users must not think they are safe, which is not true,” Arumugam added.

On the role of the banks and other service providers in creating awareness, Arumugam said, “Most organisations do not allocate budget for awareness programs. They devote time in passing the bug which needs to be avoided.”

‘DO NOT DELAY DATA PRIVACY BILL’

Even as part of the money lost is being retrieved on registering timely complaints, there are no provisions to punish such scamsters and those who sell data, a breach of privacy. Data privacy is another critical element which has attracted very little attention from the common public and the government.

“The Bill on data privacy is still under discussion”, Arumugam said, “while the data can be purchased from different organisations, there is no law binding the misuse of it. There must be regulations on how an organisation must protect data, who is the data owner and extent of ownership and punishment for breach must be defined.”

As per experts, the need of the hour is a proper data privacy Bill to prevent the breach of privacy, misuse of data and online financial scamming.