Stay alert. Shop smart. Protect yourself from online fraud.

Think before you click. Verify before you pay.
🚫 Don’t fall for the illusion.

ग्राहक फसवणुकीचा नवा ट्रेंड: ऑनलाइन फॅशन स्कॅम

अनेक ऑनलाइन विक्रेते बनावट फोटो, चुकीची माहिती आणि खोट्या ऑफर्सद्वारे ग्राहकांची दिशाभूल करत आहेत.
ग्राहकांनी तक्रार नोंदवणे, पुरावे जपणे आणि कायदेशीर मार्ग अवलंबणे गरजेचे आहे.

📢 ग्राहक जागरूकता हीच खरी सुरक्षा.

The Chief Justice of India
Honourable Supreme Court
New Delhi

As a person following Cyber Laws in India since 1998, I am happy that the Supreme Court of India has taken Suo-Moto Cognizance of the “Digital Arrest Scam” and is trying to develop some guidelines to mitigate the hardship of the victims. This is a great opportunity to improve the digital eco system in India and we need to make full use of this opportunity.

In this context, I would like to place before you the following suggestions for consideration and request you to provide suitable directives to the relevant parties.

1. We need to identify and apply corrections to the root cause.
2. Consider introduction of a new Law for Neuro Rights Protection
3. Bring changes to our Banking practices by directing RBI and the Bankers avoiding collateral damage of innocent persons.
4. Bring Technical improvements to the Telecom and Mobile service providers

I will try to elaborate each of these suggestions.

1. Root Cause and it’s Rectification

The first thought that occurs to every one of us is how is that educated and otherwise mature persons fall into the trap of the Digital Arrest scam to the extent they take out crores of rupees of their savings and hand it over to the fraudster. This is continuing even after the Prime Minister himself addressed the awareness requirement in one of his “Man Ki Baat” episodes. While “Awareness” continues to be necessary, it is obviously not sufficient.

The modus operandi indicates two reasons why people are falling into a trap which is apparently irrational. The modus operandi is to make a fake phone call, threaten action by law enforcement agencies and suggestion that certain amount may be deposited temporarily in a Government account pending enquiry.

The irrational action of the victim in this context is induced by

a) Fear that even if they are innocent, law enforcement agencies may harass them
b) A False sense of security that the Government agencies where the money is sought to be parked can be trusted to return it since they are any way innocent.

Thus the fraudsters cleverly exploit both the “Fear” and the “Trust” and mesmerizing the victims through their talking. We may recall that some times back, the “Blue Whale” game was prevalent where fraudsters drove innocent children to harm themselves through suggestions.

The psychological analysis of this situation is that the victims got into a “Hypnotic State” where they lost their rational decision making process and blindly followed the suggestions of the fraudster. This is a sophisticated “Cyber Hypnosis” strategy.

We can observe such behaviour also in situations where people “Freeze” at the sight of a real or toy gun for the fear of harm that may occur. The so called “Stockholm syndrome” is also a manifestation of a defence mechanism that follows the initial state of obedience through fear.

Law recognizes that actions taken under threat, coercion, mistaken impression and when a person is not under control of his mental faculties as “Void” under law. Hence the act of “Handing over of money voluntarily” which is used as a defence by Banks to avoid their responsibility is not legally sustainable.

Therefore, the liability for the digital arrest scam, cannot be held against the victim even if it looks foolish for the victim to act in the manner in which he did.

The solution to prevention of this “Fear” and “Blind trust” together placing the victim in a terrorized state of mind and blind compliance is to increase public knowledge on institutions like CBI, ED and RBI on what they do and what they do not do.

Also a single point PR contact should be available at all these institutions to provide clarifications when required. A direction to this effect must be issued.

Academic institutions should work on creating “Cyber De-addiction Websites” which try to remove the misconceptions about social media that whatever comes on the Internet is true and reliable. People should be made aware that after the AI based synthetic content spreading across the Internet, no information is reliable unless it is cross verified from a reliable source. Availability of public contact points with law enforcement agencies is the first step in this direction.

Government agencies such as Meity should be directed to invest in measures to publicize the lack of reliability of information on the Internet and the dangers of synthetic content. Such investments should be mandated as a security measure along with investments for technology promotion.

2. New Neuro Rights Law

If we recognize that these frauds are occurring because the mind of the victim is manipulated, we should recognize that this is an offence. This is part of “Dark Patterns” under the Consumer Protection Act. It was also a part of the earlier versions of the Data Protection Bill which was omitted in the latest version of DPDPA 2023.

“Manipulation of Human Mind” with either devices or communication should be considered as a violation of “Neuro Rights” and should be protected either as an extension of the “Right to Privacy” or “Right to Free Choice” or through a separate law.

3. Changes in Banking Policies

It is noted that in a few instances where vigilant Bankers have identified the problem and prevented the customer from going through the payment. This indicates that in other cases, Bankers have been negligent.

In all the successful digital arrest fraud instance, the Bankers both at the end of the victim and at the end of the beneficiary along with the Mobile Service Provider who issued a SIM to the fraudster should be considered as co-conspirators to the fraud and must be jointly and severally liable.

The KYC norms and the RBI instructions on adaptive authentication make it mandatory that an account is monitored and any “Unusual” transactions are flagged for elevated authentication checks. Unfortunately Banks donot follow this norm. The beneficiary Banks donot check the known sources of income of their customers with the unusually large amounts that are credited. This is a blatant omission of the RBI norms.

In the TDSAT judgement on S Umashankar Vs ICICI Bank, the Tribunal considered that not following reasonable security practices by the Banker was a violation of Section 43(g) of ITA 2000 and makes them liable directly along with criminal consequences of Section 66.

This needs to be put into a direction by the Supreme Court.

At the same time, the Banks and the Police often mis interpret the RBI guidelines and when some stray funds are found in the account of innocent account holders proceed to freeze the entire account. Law is very clear that if there is any disputed credit in the account there can be a lien only on that amount and not the entire account. However many Police personnel issue directives to freeze entire accounts and Bankers oblige them. De-freezing of such account will be delayed unless pals are greased. This obnoxious practice must be stopped.

We request Supreme Court to give a clear direction to all Banks that unless a Court has indicated an amount on which a garnishee order is issued, no amount in excess should be frozen. Also the Garnishee order should apply to money due and payable as on the date of the receipt of the garnishee order and not future receipts. Hence the practice of Banks freezing the account is completely illegal and Banks should be suitably penalized for following such practices. Police issuing notices without indicating the amount under dispute also needs to be stopped. RBI itself should modify its “Freezing” provision and adhere to the known principle of a “Garnishee Order” and not create new provisions of law expanding their powers.

Further, the Court should direct that in all instances where the Bank cannot establish a conspiracy between the victim and the beneficiary, it should be presumed that the liability for the digital arrest payment lies entirely on the Beneficiary’s Bank or jointly by the Beneficiary’s Bank and the Victim’s Bank.

Further it is noticed that when the victim reports to his bankers about any fraud the Banker does not act immediately to stop payment in transit. This is contravening the established Banking practice of “Stop Payment”. Even in the case of Credit card transactions, RBI has taken an untenable stand under which Banks prioritize payments to the acquiring Bank instead of the Credit card owner and refuse charge back requests.

Supreme Court may kindly direct the Banks to honour “Digital Sop Payment” and initiate immediate action to inform the destination Bank whenever a victim reports a fraud or the Bank observes an “Unusual Transaction” so that the destination Bank “Exercised Caution”. These established practices which were prevalent before the advent of Digital Banking have been given up in the new digital banking era and must be restored.

4. Technical Improvements

Since “Collection of Electronic Evidence” is an important requirement for any legal defence, the Telecom operators should be advised to

a) Follow the suggestion of TRAI to display the caller ID linked to the KYC in respect of all calls so that impersonation can be identified
b) Introduce a “Hot button” on the mobile where at the click of a button the screen recording can be silently activated and deposited with a repository at the end of the call so that it is available for evidence. Currently “CEAC drop box” is a service that is available for voluntary deposit of electronic documents for evidentiary purpose. A similar service can be managed either by the law enforcement/MeitY or by a consortium of approved service providers. The user may subscribe to any of the free or paid services so that the evidence can be collected without a problem.

This has no “Privacy” bar since a “Conversation” is a data that belongs jointly to the caller and the called and hence each should be considered to have the right to record particularly when it has to be presented in legal defence of one of the parties. DPDPA 2023 also exempts collection of data for self legal defence.

These technical measures can also be directed to be introduced by the Mobile Service Providers along with a strict directive to ensure KYC for SIM card issue.

Yours sincerely

Na.Vijayashankar

Naavi
(Na.Vijayashankar)

Digital arrest Scam is growing and hard earned money of Citizen being looted by scamsters. Every Agency is doing its best to stop such scams but who is taking care of DIGITAL ARREST SCAM victims by initiating some OUT OF BOX legal measure? These people who have lost crores of rupees are reputed members of our society and having reasonable intellectual level. If they can be scammed then is something wrong in our banking system, which was/is used to siphon this crores of rupees, even outside India?
Dr Mahendra Limaye is representing before various forums for such Cyber-space affected Victims including Digital arrest victims.
Its great beginning where Highest Consumer Commission i.e. NCDRC has admitted such matters and issued notices to BANKS.

There are many such DIGITAL ARREST SCAM victims, who are clueless about this remedy. They can join the battle. I quote famous SHER Majrooh Sultanpuri
MAI AKELA HI CHALA THA JAANIB-E-MANZIL, LOG SAATH ATE GAYE AUR KARWAN BANTA GAYA.

Collectively we can make the change in present mindset of Judicial system in context of CYBER FRAUDS

IS POLICE COMPLAINT IS END OF THE ROAD OF RECOVERY OF HARD-EARNED MONEY LOST BY THE DIGITAL ARREST SCAM VICTIMS?
Dr Mahendra Limaye has recently filed two complaints before NCDRC. The highest consumer Commission in India, scrutinized these issues wherein victims are seeking relief against the banks, whose accounts were used to siphon the money and these banks have been charged with not-complying with various RBI guidelines. The victims lost Rs 10.30 Crore and 5.85 Crore respectively. It is contended by the complainants that Victims have been met with Digital Accident known as Digital arrest and were not at all negligent while parting with their hard-earned money. It was also contended that various mandatory guidelines of Reserve Bank of India were flouted by these banks and which aggravated the passage for siphoning off the money from victim’s account.

The Hon NCDRC Bench consisting of President Retd. Justice. Shri A. P. Sahi and member Mr. Bharatkumar Pandya considered whether such complaints would fall Within the definition of a consumer complaint and what would be the pecuniary jurisdiction to be determined for entertaining such complaints. And after much deliberations issued notices to the banks calling upon them to answer both the complaints.

Assessing the gravity and seriousness of the Digital arrest scams, the Hon NCDRC has also made its intention of seeking assistance of agencies like the Financial Intelligence Unit of India, the Indian Cyber Crime Coordination Centre and such other agencies which may be needed in course of further hearing.

This Admission of complaints filed by Digital arrest Scam victims is certainly encouraging event for the victims as they had no other remedy available to seek the financial relief.

“There are various banking guidelines issued by RBI, for protection of bank account holders and when banks own Duty of Care towards its customers, non-compliance of these guidelines must result in penalizing the banks and providing compensation to the bank consumers. If other such victims of Digital Arrest scam come forward and take up their matters before appropriate foras, courts will also realize the quantum and perhaps some government intervention is also possible for compensating the victims” feels Adv Dr Mahendra Limaye who is representing the two victims in above cases a/w Adv Alok Sharma.

Adv Dr Mahendra Limaye
Cyber Legal and Data Privacy Consultant
9422109619/8830139056

The comments/ debates are welcome for better understanding of one and all.

Dr Mahendra Limaye
The author is having Doctorate in Law and practices in specialised domain of Cyber Litigation and is FDPPI certified Daat Privacy Professional.

Adv Dr Mahendra Limaye is Cyber Legal and Data Privacy Consultant

SURPRISED!!!!!! Read the entire article to know the answer.

As per notification issued dated 25 May 2022, Twitter agreed with Department of Justice and Federal Trade Commission to Pay $150 Million Civil Penalty and to Implement Comprehensive Compliance Program to Resolve Alleged Data Privacy Violations. The settlement will resolve allegations that Twitter violated the FTC Act of USA and an administrative order issued by the FTC in March 2011 that Twitter misrepresented about how it uses non-public contact information of its users and coincidently March 2011 order was also a compromise settlement.

The US government, in fresh complaint, filed in 2019 had alleged that Twitter violated the FTC Act and the 2011 order by deceiving users about the extent to which Twitter maintained and protected the security and privacy of users’ non-public contact information. The US Government specifically, pointed that, from May 2013 to September 2019, Twitter told its users that it was collecting their telephone numbers and email addresses for account’s security purposes, but failed to disclose that it also would use this personal information to help companies send targeted advertisements to consumers. Twitter also falsely claimed to comply with the European Union-U.S. and Swiss-U.S. Privacy Shield Frameworks, which prohibit companies from processing user information in ways that are not compatible with the purposes authorized by the users.

Twitter was charged with engaging in deceptive acts or practices in violation of Section 5(a) of the FTC Act, for its failures to provide reasonable security measures to prevent unauthorized access to non-public user information and to honour the privacy choices exercised by Twitter users.

The violations of the FTC act as described above was upheld on two counts. In First Count, Twitter has represented, expressly or by implication, that it uses reasonable and appropriate security measures to prevent unauthorized access to non-public user information. But in truth and in fact, Twitter did not use reasonable and appropriate security measures to prevent unauthorized access to non-public user information. And hence commission observed that the representation of respondent Twitter was, and is, false or misleading. In Second Count, respondent Twitter has represented, expressly or by implication, that it uses reasonable and appropriate security measures to honour the privacy choices exercised by users. But In truth and in fact, it was found that Twitter did not use reasonable and appropriate security measures to honour the privacy choices exercised by users.

The FTC concluded that acts and practices of Twitter constitute deceptive acts or practices, in or affecting commerce, in violation of Section 5(a) of the Federal Trade Commission Act.

So, in a nutshell Twitter or for that matter No social media should be trusted regarding the privacy of the contents/information provided/uploaded through them.

FTC observed that Twitter had engaged in deceptive acts or practices by misrepresenting that user of protected account could control who had access to their tweets or could send private “direct messages” that could only be viewed by the recipient only when, in fact, Twitter lacked reasonable safeguards to ensure those choices were honoured. In other words Twitter is making fool of the users who believed that messages will remain Private or Protected.

It is open secret that Commercial entities regularly use Twitter to promote offers or advertise to consumers, and many tweets contain links to other websites, including websites that users may use to purchase commercial products or services. Twitter’s core business model monetizes user information by using it for advertising. It is reported that of the $3.4 billion in revenue that Twitter earned in 2019, $2.99 billion(@90%) flowed from advertising.

Twitter primarily allows companies to advertise on its service through “Promoted Products,” which can take one of three forms: (1) Promoted Tweets, which appear within a user’s timeline, search results, or profile pages, similar to an ordinary tweet; (2) Promoted Accounts, which typically appear in the same format and place as other recommended accounts; and (3) Promoted Trends, which appear at the top of the list of trending topics for an entire day.

Twitter also offers various services that advertisers can use to reach their existing marketing lists on Twitter, including “Tailored Audiences” and “Partner Audiences.” Tailored Audiences allows advertisers to target specific groups of Twitter users by matching the telephone numbers and email addresses whereas Partner Audiences allows advertisers to import marketing lists from data brokers and match against the telephone numbers and email addresses collected by Twitter.

Twitter has prompted users to provide a telephone number or email address for the express purpose of securing or authenticating their Twitter accounts. However, Twitter used this information to serve targeted advertising and further its own business interests through its Tailored Audiences and Partner Audiences services without mandatory disclosures.

The facts revealed that Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up using the data to target users with ads and this practice affected more than 140 million Twitter users, out of which 23.6 million were Indian users and also boosted Twitter’s primary source of revenue.

Consumers who share their private information have a right to know if that information is being used to help advertisers target customers under US Laws. It is no secret that all social media companies share such private information and can be held accountable.

It is highlighted through Footnote that A consent agreement is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated.

India has more than 23.6 million users on Twitter as of January 2022. If Twitter has agreed to pay @150 million dollars as a compromise settlement, then how much contribution every Indian Twitter user has made to this America Relief Fund? Yes about 6.5 $ or say Rs 500.

Just think seriously about the trap named social media laid for all, whose main intention is to gather the information. The social media companies on pretext of various security features and authentication/verification purposes go on collecting updated data from the users and by selling that data, are minting money. Just think, as a true national if you donate some amount proportionate to your data valuation to your own country, CAN YOU CHANGE FUTURE YOUR COUNTRY????

The present Twitter incident may be another eye-opener after 5 billion compromise settlement of Facebook with FTC in 2019. Who is getting benefitted by this money? This entire money is going into US treasury and at whose cost? Are 23.6 million Indian social media users are supposed to contribute in America relief Fund?

Its we, who have to collectively find out the answer for the same.

BECOME A PART OF CHANGE BY UNDERSTANDING THE DARKER SIDES OF THESE SOCIAL MEDIA PLATFORMS!!!!!

STOP SHARING INFORMATION THROUGH SUCH SOCIAL MEDIA PLATFORMS!!!

Adv. Dr. Mahendra Limaye

Cyber Legal and Data privacy Consultant

09422109619