Undermining the E Commerce System
A New Type of Fraud using Phishing..
A new type of a fraud has been
brought to the notice of Naavi.org and it is essential for the
public to take note.
This is a case where a person got an email message appearing to
come from a Bank that a certain payment was in the pipeline to
the addressee. If this was an independent email, it would have
been like one of the usual Lottery Scam type of frauds. However
this case was different. It had a background. The addressee had
recently posted on one of the E Commerce sites an offer to sell
his Camera. He had received what appeared to be a confirmation
from a buyer. This was followed by the Bank's advice that the
amount equivalent to what was expected by the seller had been
debited at their customer's account and will be transferred
after confirmation of shipping.
Had the material been shipped, he would have lost its value.
Fortunately in this case the target was intelligent enough to
check the headers of the e-mail and realize that it could not
have come from the Bank. He therefore did not ship the product
and instead called for clarification from the Bank whose name
was used in the e-mail. Though Bank remained silent, the target
avoided being duped.
Copies of the E Mail content is given below separately.
Will all customers of Banks be as intelligent or as sceptical
when they receive a mail stating that certain money (Which they
were actually expecting) is being credited?.
It is important to note that the victim here perhaps got alerted
since the shipment was directed to be made to Nigeria. Had it
been to any other country, he would not have been immediately
This vigilant attitude exhibited by an ordinary citizen
has not often been exhibited by Indian Bankers and many
fraudulent transfers have occurred because of the "I don't care"
attitude of the Bankers. Regular visitors of Naavi.org would
recall my October 16, 2007 article
Overseas Bank abets in Cyber Cheating through negligence"
highlighting the omissions of the Bank in putting through a
fraudulent fund transfer request for a customer to some Nigerian
Another case had been brought to the attention of Naavi some
time back involving State Bank of Mysore in Bangalore. In this
case a customer of the Bank who was an exporter had been cheated
with an export order from Nigeria. The customer was reasonably
diligent and insisted that he would ship only on advance payment
basis. The importer agreed and remitted the money by a cheque
which was deposited with SBM. After three weeks, SBM advised the
customer that a credit had been received. Customer withdrew the
money, spent on the fulfillment of the order and completed the
shipment. After the shipment reached Nigeria, the Correspondent
Bank of SBM reversed their credit stating that it was a
provisional credit and the instrument had been dishonoured. SBM
then reversed the credit which rendered the account overdrawn.
The Bank there after proceeded against the customer through DRT
proceedings. (P.S: Final outcome not known.)
I was recently told by a customer of Canara Bank that he once
got an ATM balance confirmation slip showing a balance of Rs 1
crore and the Bank could not explain the error.
What these incidents show is that it is difficult today to
believe even a credit advice from the Bank because E Banking is
carried out in an insecure fashion. Phishing is rampant and any
communication appearing from a Bank and Banks donot take
responsibility for any frauds in which they were
"Intermediaries" to the fraud.
Though Indian law expects intermediaries to bear liabilities for
their negligence, the process of recovery is still a pain.
Banking Ombudsman scheme is of no use in such cases since the BO
s are hand in glove with Bankers in rejecting any complaint
which has a tinge of fraud. Adjudicators donot have sufficient
time to attend to multitude of cases and things get delayed.
There is also an expenditure involved in pursuing the case with
the Adjudicator. Banks have unlimited money to stretch the case
at the Adjudicator and to take it on appeal to higher Courts and
endlessly harass the customer. Customers have limited resources
in time and money and cannot match the Banks in a legal battle.
RBI is content in issuing guidelines on paper and does not help
the customers in any manner. On the other hand they
continue to push new technological innovations though they are
unproved from security point of view.
As a result of all this, what is suffering is "Trust" in
e-commerce. What has happened to the customer in the instant
case can happen to all those who have listed their products to
sell on E Commerce sites. Already these sites have many
fraudulent sellers. Now if the genuine sellers also back out in
the fear of these frauds, E Commerce business will get adversely
affected. It is high time e-Bay, Quickr or olx.in, rediff, sify
etc strengthen their KYC and systems to reduce the incidence of
frauds in their sites. Simultaneously Banks should improve trust
in any communication that carries the Bank's name by adopting
Digital Signatures as a mandatory procedure for all outgoing
What is true of Banks today is also true for Companies since
"Phishing" is being used for Job frauds in the name of the
companies. Hence Companies also need to start using Digital
signatures as a mandatory process for outgoing communications.
October 14, 2011
Details of the
Fraud referred to above: