IoCF — Indicator of Cyber Frauds
Need of the hour to tackle rampant cyber frauds across the country.
Physical crimes are not shifting online. Cyber is a safe, low investment playground for criminals. Majorly, generalist are fighting the specialist, resulting in lower resolution, attribution and conviction.
Build once, exploit everywhere
Similar to cyber attacks, wherein one CVE or vulnerability is exploited by hackers across the world; same goes with cyber fraud. Examples:
Google Ads
From Jobs search, matrimony, customer care to Alcohol delivery, people use google search. However these people have identified that Google is not strict in Ad verification. Hence this:
- Put any hot searched topic related advertisement.
- Create a cheap/free site with no relation to ad.
- Put in your phone number which may be purchased with fake kyc or from online channels.
Interestingly experimented on the same and following was the result of my ad campaign. I got 4 calls from interested parties. Return on investment is excellent. Even if I manage to get one person fall prey, I will get minimum of 5,000 to 10,000 with techniques.
Concept of Indicator of fraud:
For the above case, following will be the indicator of frauds that target masses in India.
- Phone Numbers of Suspect
- Websites & Domains
- Account — Payment medium
- Ads Keyword
- Advanced: Origination of call/district/GPS coordinate
If a system is deviced which captures these fields, and put in a database, it will be a massive repository of cyber frauds.
The question here is how to get data on the same?
Internet & Social Media Data Mining
Many of techniques are indigenous and require an ‘Indian’ solution rather than blindly adopting international solutions. Huge amount of data is available online, especially in social media, YouTube comments, public forums etc.
- Sample Twitter Query to get information on KBC Frauds
2. Consumer Complaints Websites
3. Terminated Merchant lists
4. Blocked mobile number list etc.
How will a Indicator of Cyber Fraud Looks like?
Organized Cyber Financial Frauds IoCF
Mobile Number: Retailer/Distributor
SMS Header: PAN, Mobile Number, Address
Cryptocurrency: Wallet Address/Exchange, IP address,
Email Address: Provider, IP
Company Registration: GST, Income Tax,
IP Address, ISP/VPN/Subnet, API/Access
Government ID Proof: PAN, Aadhaar, Passport, License,
Device: Device ID, User Agents,
Physical Address/Location, GPS coordinates
Mobile Application: Developer,
Social Media, Email, Mobile Number, Content
Reliability
Initially human intervention will be needed to understand the pattern. Many a times a proactive engagement in the modus operandi will be needed to ensure confidence level in data.
Co-relation will play a major role in data confidence.
Limitation:
- False positives must be taken into consideration. Initially model should work in learning and informational mode.
- Rented accounts may cause an issue. This must be taken into consideration.
Usability
Data has immense value. A banker needs to know whether the person whom he is giving loan is a clean person. A matrimony site would like to clean prospectus of listings. An e-commerce company would like to verify its merchant before verifying/onboarding. A telecom operator will know which aggregator/distributor is having a dark background.
- An API based clean up activity or sweeping of these IoCFs in bank’s, NBFC’s, Telecom database, Social Media accounts will lead to a immediate cleaning of system.
Thoughts are welcome.. Would recommend to make it a system like NPCI which all can use after proper approval for benefit of all and a healthy cyber ecosystem.
