Daybreak - Cybercriminals are exploiting big-tech to dupe users. Who's responsible?
Episode Date: November 27, 2023Tech platforms like Google, Meta, or even e-marketplaces such as Olx are increasingly becoming hotbeds of online advertising scams in India. People have been losing anything from a few thousa...nds to even a few crore rupees to cyber crime syndicates who have proficient, tech-savvy members.The amount of money consumers have reported losing to fraud that originated on social-media platforms has skyrocketed since 2017. Last year alone, people reported losing more than $1.2 billion to fraud that started on social media.What are big techs like Google and Meta doing to prevent these crimes? Is it enough?Tune in to find out.FREE READEngineering grads haven't struggled this hard for a job in a decade Daybreak is produced from the newsroom of The Ken, India’s first subscriber-only business news platform. Subscribe for more exclusive, deeply-reported, and analytical business stories.
Transcript
Discussion (0)
Hi, this is Rohan Dharma Kumar.
If you've heard any of the Ken's podcasts, you've probably heard me, my interruptions, my analogies,
and my contrarian takes on most topics.
And you might rightly be wondering why am I interrupting this episode too.
It's for a special announcement.
For the last few months, I and Sita Raman Ganeshan, my colleague and the Ken's deputy editor,
have been working on an ambitious new podcast.
It's called Intermission.
We want to tell the secret sauce stories of India's greatest companies.
Stories of how they were born, how they fought to survive, how they build their organizations and culture,
how they manage to innovate and thrive over decades, and most importantly, how they're poised today.
To do that, Sita and I have been reading books, poring over reports, going through financial statements, digging up archives, and talking to dozens of people.
And if that wasn't enough, we also decided to throw in video into the mix.
Yes, you heard that right.
Intermission has also had to find its footing in the world of multi-camera shoots in professional studios, laborious editing and extensive post-production.
Sita and I are still reeling from the intensity of our first studio recording.
Intermission launches on March 23rd.
To get alert, as soon as we release our first video.
episode, please follow intermission on Spotify and Apple Podcast or subscribe to the Ken's YouTube channel.
You can find all of the links at the ken.com slash I am.
With that, back to your episode.
You know that Bangalore lost almost 500 crore rupees this year to cyber crimes.
And less than 30 crores of this money has gone back to the people that it belonged to.
Only 30 crores out of 500 crores.
I am obviously not one of those lucky ones.
I lost a grand sum of $2,200 to a Google Arts camp some months ago.
I was trying to order some beers online, and I knew the name of the store, so I googled it.
I called the first number that showed up on the results page, and the person, he asked me to pay via Google Pay before the delivery.
I did not suspect much, so I paid the amount, and then the person called me saying that he had not received.
the money. But the money had been successfully deducted from my account. So he said that I should add
this five-digit code that he was giving me that was supposedly his OTP to receive the money.
Weird. And then, and this is what gave him away, he asked me to put this number in the box
where you add the payment amount. I realized something was shady and I called him out. I sent him a few
threatening messages, but of course he blocked me everywhere.
An IIT-Kanpur incubated startup recently published a study that found that there are just 10 districts in India that collectively contribute 80% to the cybercrimes in the country.
It found a bunch of common factors that add to their vulnerability and these included geographical proximity to major urban centers, limited cybersecurity infrastructure, economic challenges and of course low digital literacy.
Interestingly enough, the Ken reporter Pratap Vikram Singh wrote about these scams in detail in a story.
He specifically covered online ad scams.
Turns out, these sort of ad scams in India using tech platforms like Google, meta, or even e-marketplaces such as OLX are becoming dangerously common and also quite creative.
Cybercrime syndicates have been duping people of anything from a few thousands like me.
to even a few crore rupees.
And this is just one way that these crime syndicates are defrauding unsuspecting users
through these fraud ads on Google, Facebook, Instagram and marketplaces.
Scammers also manipulate Google Maps, promote links on Google Search,
and they host malicious apps on Google Play.
The amount of money that customers have reported losing to fraud
that originated on social media platforms,
has skyrocketed since 2017.
Last year alone, people reported losing more than a billion dollars
to frauds that started on social media.
So what are the likes of Google and Meta doing to prevent these crimes?
And more importantly, is it enough?
Welcome to Daybreak, a business podcast from the Ken.
I'm your host, Nick Dha Sharma, and I don't chase the news cycle.
Instead, thrice a week on Mondays, Wednesdays and Fridays,
I will come to you with one business story that is worth understanding and worth your time.
Today is Monday, the 27th of November.
Remember that show called Jamtara on Netflix about this town in Charkand
where a bunch of young boys were running a fishing scam?
The actual town is infamous for being a hotbed for such crimes.
But guess what?
A new city has now taken its place as the number one cybercrime hotspot in India.
Bharatpur in Rajasthan, which is followed by Madhura in Uttar Pradesh and Ngu in Haryana.
But that doesn't mean that cyber crimes from Jamtara have stopped.
Just this march, a man called Anil Nautia lost $10 lakh in a scam that was traced to Jamtara.
In another incident, a man in New Delhi called Gopal Singh lost money while trying to buy an Ola electric scooter.
When his efforts to apply for finance through Ola's app,
and website were failing, he noticed these ads popping up on his Facebook and Instagram.
They were promising easy online booking and financing options.
But as it turns out, it was a trap set up by scamsters and Singh ended up losing 30,000
rupees.
Pratap managed to access both the FIR and the charge sheet and they clearly state that
the scam originated with Singh clicking on a link on Meta's Photoshop.
sharing app, Instagram.
The Kent's review of copies of six FIRs and three charge sheets file in similar cases in
Mumbai, Delhi and NU in Haryana showed a pattern.
In all of them, these tech platforms and marketplaces were turned to account with scammers
paying for fraudulent ads to deceive users.
Varun Singhla, new superintendent of police, carried out raids with over 5,000 cops at more than
300 areas across the district in April this year.
He told the Ken that during interrogation, it was found that a majority of the accused were
using Facebook for scamming.
Overall, the police booked 65 suspects and filed 11 FIRs.
Another senior cop in Mumbai police told us that scammers manipulate Google Maps, promote
links on Google Search, and they host malicious apps on Google Play.
Now, here is where this gets even more interesting.
In the case concerning Singh who was trying to buy a Nola electric scooter, the Delhi police
caught three key members.
These people were running the group's tech support.
There was Seni in Delhi and TV Venkatajala and Nagesh in Bangalore.
Seni happens to be a mass communications graduate from Delhi's IP university, and Vanka Tjala is
an engineering graduate.
Venka Tachala told the Delhi police that there are many tech-savvy, organised, long-time members in the group
who frequently asked him to modify website content and contact numbers.
Their work is all meticulously planned.
And another group, mostly from West Bengal and Assam, was helping them get SIM cards that they were using in the crime.
And the syndicate's linchpin was the one managing the money transfers.
The police arrested over 20 people from Bihar, Telangana, Haryana, West Bengal and Delhi in the case.
Now, considering that a good chunk of these crimes are taking place on platforms like Google and Meta,
what are they doing about it?
Stay tuned to find out, but before that, my colleague Dikshah has a message for you.
We all know how tough placement season can get at India's top engineering institutes like the IITs and the tributties
and the triple ITs.
Barely 17% of the engineering graduates
actually get placed every year.
And as if having an engineering career in India
wasn't tough enough,
this year, engineering graduates
are in for the worst placement season
in more than a decade.
Big companies are in no mood to make bulk hires,
and recruitment agencies are expecting
a 30% fall in placements.
Many IT firms that are regulars at campus placements
have decided to not show up at all,
and even the ones that are coming
are not bringing in more than a handful of jobs,
with even stricter conditions.
And in the middle of all of this,
the burden of getting the engineering grads,
their dream jobs,
falls on the shoulders of the placement cells
and the placement officers at these institutes.
In this unexpected year,
they are pulling out all stops
and getting pretty creative to get the graduates placed.
The whole process of placement
is changing. And some of these changes, not all in the interest of the students, by the way,
might just become permanent. And what I've told you is just the tip of the iceberg. If you want to
get the big picture on what engineering placements might look like a couple of years from now,
I suggest you read this story by the Ken reporter Alifia Khan. And for you to be able to do that,
we've made the story absolutely free on the Ken's website. But it's only free for today.
the 27th of November.
So go ahead, give it a read, share away with your friends before the counter runs out.
I'm Dixha from the Ken's audio team.
Thank you for listening to us.
And if you like what we do, please rate and review us wherever you get your podcasts.
And now back to your host, Snigda.
Google says that in 2022 alone, it removed more than 5 billion fraudulent ads from its platform around the world.
For this, it used a combination of automated.
and human monitoring.
In India specifically, despite the low per capita ad revenue,
big tech has been spending a lot of money and effort
to ensure a clean ad ecosystem
and also deliver adequate returns to the advertisers,
especially because it is their largest user market.
But scammers are constantly finding new loopholes
and it seems that these platforms are not doing enough
to keep these bad actors away.
They often turn a blind eye to all of it.
because in the end, they are getting paid for these ads.
You won't believe there was even a case where scammers used funds stolen from a victim's account
to pay their Google Ads bill.
When we asked me about all of this, their spokesperson told us, and I'm quoting,
all ads are subject to our ad review system, which relies primarily on automated and in some cases manual review to check ads against these policies.
This happens before ads begin running.
end quote.
Someone close to Google told us that Google has 20,000 employees, regular and contractual,
who handle its trust and safety teams globally.
Another person who is close to Meta told us that Meta has a team twice that size.
Teams within the trust and safety divisions look at ad integrity and they monitor and
approve ad postings.
And they reject the ones that appear genuine but have an altogether different landing page.
They also match the ad content against ad policies for each sector.
These teams are in-house and contractual,
the latter being the first in the line of defense to wet these ads.
These contractual staff are supplied by windows such as Accenture and Cognizant.
But Meadow laid off 20% of its trust and safety team in a year.
Something like trust and safety in online ads is a combination of automation and human.
which is why lesser people in the teams monitoring these ads is not a good thing.
In its email response to our questions, Google told us that it is constantly changing and
improving its technology and processes to ensure that bad actors who are also constantly
evolving with new techniques can be identified and actioned on in a timely manner.
But having policies in place is one thing and implementing them is another.
Plus, our government's regulations are a bit ambiguous and honestly a little too lenient.
Coming up next.
In the IT rules, platforms like Google and Meta are considered as intermediaries.
Intermediaries are defined as platforms that primarily or solely enable online interaction between two or more people
and allow them to create, upload, share, disseminate, modify or access information using.
their services. The Ministry of Electronics and Information Technology of India regulates these tech
companies under rules that protect these intermediaries by only expecting them to take down
content after it is flagged. But we spoke to Rakesh Maheshwari who worked at the Ministry's
Cyber Laws Division and was also part of the team that put down the IT rules of 2021. He told
again that Google and Meta, which brought to the ministry's cyber laws division, which brought to the team,
profit from scam ads cannot escape responsibility by claiming to be intermediaries.
This is because they are effectively acting as publishers and they should be directly accountable.
The study from IIT Kanpur noted that while established cybercrime hubs continue to pose significant
threats, the emerging new hotspots also demand attention and proactive measures by people and authorities.
The study pointed towards the low technical barriers that allows scammers to thrive
using readily available hacking tools.
Also, inadequate know-your-customer or K-Y-C-N verification processes on online platforms
let these criminals create fake identities and make it very difficult for law enforcement
to trace them.
And last but not the least, the study also highlighted that the pool of cybercriminers,
criminals in India is becoming bigger because underemployed and unemployed individuals are being
recruited and trained by cybercrime syndicates. But whether it is as publishers or as intermediaries,
tech giants need to confront these problems that they have helped foster.
Daybreak is produced from the Newsroom of the Ken, India's first subscriber-focused business news
platform. What you're listening to is just a small sample of our subscriber-only offerings.
A full subscription unlocks daily long-form feature stories, newsletters,
subscriber-only apps and podcast extras. Head to the ken.com and click on the red subscribe button
on the top of the website. I am Snigda Sharma, your host, and today's episode was edited by my colleague
Rajiv Sien.