Let's Build a Responsible Cyber Society




Undermining the E Commerce System


A New Type of Fraud using Phishing..

A new type of a fraud has been brought to the notice of Naavi.org and it is essential for the public to take note.

This is a case where a person got an email message appearing to come from a Bank that a certain payment was in the pipeline to the addressee. If this was an independent email, it would have been like one of the usual Lottery Scam type of frauds. However this case was different. It had a background. The addressee had recently posted on one of the E Commerce sites an offer to sell his Camera. He had received what appeared to be a confirmation from a buyer. This was followed by the Bank's advice that the amount equivalent to what was expected by the seller had been debited at their customer's account and will be transferred after confirmation of shipping.

Had the material been shipped, he would have lost its value. Fortunately in this case the target was intelligent enough to check the headers of the e-mail and realize that it could not have come from the Bank. He therefore did not ship the product and instead called for clarification from the Bank whose name was used in the e-mail. Though Bank remained silent, the target avoided being duped.

Copies of the E Mail content is given below separately.

Will all customers of Banks be as intelligent or as sceptical when they receive a mail stating that certain money (Which they were actually expecting) is being credited?.

It is important to note that the victim here perhaps got alerted since the shipment was directed to be made to Nigeria. Had it been to any other country, he would not have been immediately alerted.

This vigilant attitude  exhibited by an ordinary citizen has not often been exhibited by Indian Bankers and many fraudulent transfers have occurred because of the "I don't care" attitude of the Bankers. Regular visitors of Naavi.org would recall my October 16, 2007 article "Indian Overseas Bank abets in Cyber Cheating through negligence" highlighting the omissions of the Bank in putting through a fraudulent fund transfer request for a customer to some Nigerian beneficairy.

Another case had been brought to the attention of Naavi some time back involving State Bank of Mysore in Bangalore. In this case a customer of the Bank who was an exporter had been cheated with an export order from Nigeria. The customer was reasonably diligent and insisted that he would ship only on advance payment basis. The importer agreed and remitted the money by a cheque which was deposited with SBM. After three weeks, SBM advised the customer that a credit had been received. Customer withdrew the money, spent on the fulfillment of the order and completed the shipment. After the shipment reached Nigeria, the Correspondent Bank of SBM reversed their credit stating that it was a provisional credit and the instrument had been dishonoured. SBM then reversed the credit which rendered the account overdrawn. The Bank there after proceeded against the customer through DRT proceedings. (P.S: Final outcome not known.)

I was recently told by a customer of Canara Bank that he once got an ATM balance confirmation slip showing a balance of Rs 1 crore and the Bank could not explain the error.

What these incidents show is that it is difficult today to believe even a credit advice from the Bank because E Banking is carried out in an insecure fashion. Phishing is rampant and any communication  appearing from a Bank and Banks donot take responsibility for any frauds in which they were "Intermediaries" to the fraud.

Though Indian law expects intermediaries to bear liabilities for their negligence, the process of recovery is still a pain. Banking Ombudsman scheme is of no use in such cases since the BO s are hand in glove with Bankers in rejecting any complaint which has a tinge of fraud. Adjudicators donot have sufficient time to attend to multitude of cases and things get delayed. There is also an expenditure involved in pursuing the case with the Adjudicator. Banks have unlimited money to stretch the case at the Adjudicator and to take it on appeal to higher Courts and endlessly harass the customer. Customers have limited resources in time and money and cannot match the Banks in a legal battle. RBI is content in issuing guidelines on paper and does not help the customers  in any manner. On the other hand they continue to push new technological innovations though they are unproved from security point of view.

As a result of all this, what is suffering is "Trust" in e-commerce. What has happened to the customer in the instant case can happen to all those who have listed their products to sell on E Commerce sites. Already these sites have many fraudulent sellers. Now if the genuine sellers also back out in the fear of these frauds, E Commerce business will get adversely affected. It is high time e-Bay, Quickr or olx.in, rediff, sify etc strengthen their KYC and systems to reduce the incidence of frauds in their sites. Simultaneously Banks should improve trust in any communication that carries the Bank's name by adopting Digital Signatures as a mandatory procedure for all outgoing mails.

What is true of Banks today is also true for Companies since "Phishing" is being used for Job frauds in the name of the companies. Hence Companies also need to start using Digital signatures as a mandatory process for outgoing communications.


October 14, 2011

Details of the Fraud referred to above:








 Comments are Welcome at naavi@vsnl.com