she end up losing 10 lakhs for the family and most of these things happen because of stupidity that is a hint for me hello every everyone subject frauds especially cyber frauds okay then so be it I have worked very closely with uh the prime investigation agencies in the country can say CBI at all not the only one and to also to assist so I've trained in the National judicial Academy inal and Jud Jud this was for all the high court justices across the country I trained them in C crimes that's the first part you can think one of the biggest one happen in this city where we sitting so my team has cracked that very fraud 120 people sitting here here in Hyderabad we cracked that so so I leave it there so that's up to you to use your imagination one of the bigges our team my team the technology team was r uh one to actually catch incriminating evidence Li because I'm not strally othered to go and do investigation unless I work with the legal um stat law enforcement I work for a consulting company or a big company like that so I or if it's inside a corporate the management will appoint us but they may not know the method and means because of it's too Hightech so bookkeeping biggest government Authority probably don't even know how to mount it or get into the data or analyze it is much farther then you need somebody who understands technology from a database perspective or a structured data or unstructured data perspective to use me ecovery okay so that's where we assist and finally the report uh will be co-created or but they are responsible for it we are assisting them from in official capacity as subject matter expt got it KPMG PWC de comp got it wonderful SC normal 80% and it is I would say very evolved variety of social engineering attack soci well let's let's dig into social engineering d but let's come back to fishing depending on smart all he not using a free email of the it's not sophisticated enough most probably of typical Nigerian scamers stupid exactly add it it may look very easy but it is not so so it's a combination of factors you apply in filter so Nu f depending on the country you are in which is a normal thing very very normal thing add not even getting close to so datab leak employe [Music] darket or other black markets it's commodity got it and this is probably the cheapest commodity online you can get email address of anybody wonderful sir now uh let's skip to one of those interesting things happening in our lives around okay so she's a housewi m roughly around 29 30e old two kids so normal life so when they started earning more money obviously feeling so she started looking out Google okay she got she thought she got an opportunity she end up losing 10 lakhs for the family wow in a span of one week so 10 lakhs what she did was first second very good third day very good she end up losing the entire thing and my wife was withy what is happening here um the two to explain fishing you could call it smashing or something else because probably they Ed WhatsApp or some other medium you can't track the probably First Catch happens in WhatsApp because that's then move to something where because doesn't have a server in India or it's very hard for police or law enforcement to get good idea from a criminal perspective right you're cutting the traceability for the picture so let's go back uh and pause for a moment from the victim's perspective victim mindset housewife inferiority complex cre I'm not prod enough so I have to Comm you know do something for the family more than just you know doing the household course I'm not feeling already it's a good intent yeah the intent is right because she wants to contribute to the Family Wellness One Way or other financially right but I go from the criminal side how do I exploit this obviously he knows there are no uh real tangible skills emitted for her to step out she can't step out of the family and go for a real job so he knows it's not rocket science to know Indian housewife situation primary priority is the husband children or the family around her he probably would have targeted thousand of them so what did he do he created a trust and sometimes they actually do into the account 50 rupes trans sometimes they are rewarded enough to S Dum application balance nowhere all the fake apps also put the money also now nothing is there so then I start a little bit of cyber SEC salami attack salami attack either he can start his trick from there or he can wait and double it also so he again extended the trust to 500 rupes which is now triple to 1500 rup my God this guy is a God so now I will he will go for the kill now he doesn't know how long the victim will hold on to this trust he will start now big before the victim realizes good money be bad money he wants to do one big attack that's when you go into LAX but unfortunately in this case the victim fell into a gambling mentality which good money behind coin slot machine so gambling and he's exploiting that mentality of the poor lady to get the money out and he got it and he got and this is probably one of the biggest he got I can tell you A lot of people realize much before hitting [Music] the bank account okay specific social enging fing spear fishing so you will do lot more homework so you target specifically for blood say card number last three card numbers last four account numbers I create a situation of [Music] urgency so emotions soci it doesn't have to be fear all the time it could be uh Elation it could be something coming free and you're going to miss out you see the gradually evolving into this next CF okay Rec shareholder details okay okay explain okay so assuming okay and that includes I really know who are your rep who are under you I know your okay so then now I want to start my attack okay monthly you know it could be a Microsoft or it could be a normal transport vendor who will move your employees either one of them right large large large ones who pay large bills and let's assume I'm a vendor and you need to pay me and I first send you probably diali greetings okay and you respond thank you Nork remember upate oh my company is moving to New officea I will send you soon anytime vendor onboarding happens in large corporates you go through various checks and you give a cancel check or you submit your bank details and the whole process and then only your account details will enter sir this is my new Account Details new address details please change in your database and if you think so or you think that's enough time you say Sir this is my new invoice it could so then this guy can send it there he can attack depending he has done enough homework approve go change and paid this has happened I'm telling you in Hyderabad hundreds if not thousands of times for largest companies [Music] reputation maxent story so so while only they are the ones who are carrying the baggage they are not really participating in the scheme it's nearly impossible especially in this country so let's okay okay system access administrative privileges virus you can say so okay it's and credentials adess unknowingly knowingly that it employee has become accomplice in the case right so this is very slow attack so we 6 months minimum one year so then one fine day they'll send you an email after encrypting it could be a server it could be documents it could be hard disk whatever that is lock ch Comm that is only cryptocurrency bit coins most safest for any attacker to receive that expence last years I would think respect okay probably have good it systems backup tapes were or backup data separated totally from the production systems they said I'll lose one day data or I'll restore it some people may definitely paid the number may not be high but some people may have taken the hit rebuilt for very old data which you kept and it happened my my belief is outside India Russian and Chinese they are generally massive networks they're generally not one indiv one country or individual and they hacker groups generally who run and they're professional enough to run this and hide from the large law enforcement they will get caught eventually but it's too late for this company cyber SEC expert conss it's too late for security in and least so comp interes anti fishing training okay and this is enforced quite a bit in any of the M company in spite of this all this happens oh this is a very interesting Insight audience me company and also audience who are watching to become cyber Security Experts uh this is a great opportunity let's do one thing let's step back here okay then you are forcing me to talk about the psychology of the victim okay so victim's psycholog okay he doesn't know about his Target at all it is stupidest attack he's like let there be a Target I don't know my Target that is that's the lowest level of that thing because you don't know at all anything then remaining people will modulate one of the human emotions at that moment in time he is modulating the fear fear of missing out of your money in the or losing the access or in disruption to your business exactly exactly so and and there is if you see there is a straight line reason so is it right uh maybe some of them but my my guess is they would have sent them SMS five times across the day your time table is very different it may have hit you email box at that time or you thought or you open it could have been housewife who probably looks at the phone many more times okay so it doesn't cost him anything that's fear ofing out that's last one then this is more popular or confidence I know my internet banking I know everything so they drag you into that use that over confidence as a emotion then I personally I have seen internet banking Pages it took me 5 minutes to recognize that website it's so perfect m perfect and you're talking about cases where Elder people potentially probably working in cyber security for all you care W it is so perfected it is because if you see everything on the website is so perfect they are they are really mastered and they are addressing a different segment and they probably have done so much homework so number two is overconfidence what is number three Authority okay Authority this has happened to a company I know I'm the CFO of the company okay you are the controller I'm ordering you to do it h and then typical to that exact CFO will be generally communicating with employee this is against spear fishing you know both parties reasonably enough and you engineer the attack and the mail goes W there you have other emotions but situation it is greed greed atasa almost bordering duras and TR thing we all need to remember in life is [Music] C we do magic and I'll tell you why and this is very basic mistake we used to do in Internet 1.0 process system 24 hours traffic so the summary of the matter is if there is a process which is not designed well or a system which is not designed well if you extrapolate that even a human being you connect and put it in cyber space you multiply the exploits or the possibilities of getting deceived by a million times I think you're right good absolutely but we haven't taken enough care or training to actually give them basic security how to deal with it yeah this is very interesting password password admin password I get into the change thew you can disc everybody else from correct that is little complex for normal user you only have access to it you only know it and you only can use it respons you can't pinpoint like that it is it is a society at Large so it is not so easy to pinpoint it's a multi-dimensional uh problem where we have to keep it as a prime aspect only chart otherwise our society is on the brink of getting left right ripped off by cyber criminals and creating more suicides everywh we have to address this let's imagine I have a weird imagination is there a Poss wow that is a very doomsday kind of situation I hope not at least % other than God nothing can be certain % Anything Can Happen will happen typical Banks rules data Cent datb my belief is they have to keep three data centers discreet so different data C separ dat rep I think it could be three what could be wrong any private data centers even if they the cloud also they separate so there are systems like so from a regulating perspective RB does pretty good job is lots of other Regulators in the world and they are very prescriptive from a cyber security perspective the level regulator can do H obviously banks have to go over there is always scope for improvement but my belief is from a cyber security perspective the posture could be reasonably decent from the country it is not gory as you saying it could happen well anything nothing is guaranteed in the world but I'm fairly confident that decent from a redundancy perspective or a BCP perspective but there is something that's happening especially in the last three years in most number of suicides happened until most number of reports happened to cyber Department loan apps generally because of single School whatever kind of credit history yeah yeah yeah typically they go out and start doing a Google search 100% interest 50% interest 14,000 cases only last [Music] year T is the highest then comes Maharashtra then comes biar but this is typically how we are started around Co it just man in the socio economic condition of a sudden shutdown lockdown coming so you suddenly have a situation access to funds has gone so it is a unique situation which probably never happened in the memory and uh if you dig deeper you will find some common and just imagine the situation probably in the community despair desperation it's a human situation not emotion it's a desperation situation which you are forced into again a human thing is being exploited by somebody but somebody just saying very easy 5 minutes Easy Loan Easy Money 5 minutes no documentation reasonable interest rates whatever 20% for S you will say 25% so that's the situation I in app store this by the way time all these apps were legally in Google Play Store so they didn't have to do anything until this became a pandemic of proportions on its own other than Co this was another pandemic which came across because of until until 2023 mid RB hasn't legally announced it Google that's a side track let's pause there location contact photo you give them the opportunity you you welcome them with Open Hands 10 15 or whatever minutes but in the process he took all your identities he took a live video of yourself double but [Music] generally sth day and he says this is the interest you are to pay if it is a no or negative answer then gross abuse in and if if you fall for it you pay you're lucky if you don't fall for it then they will say I know your location where you live first thing I'll call your neighbors second thing all your parents or siblings it will start now then it goes and these are all specialized people absolutely and somebody is monitoring if they're doing a good job or not of abusing people they're sitting and watching them like any other call yeah it's a professional job that's how they think it is a criminally professional if that is a term uh and by the way please sir very good point Magic will happen in your life if you immediately whatever St doesn't matter just go and seek help so this a very good uh way you explain Jiggy so last then they'll start morphing it moring online family name so they have all the tricks in the book they have they hold all the aces against you so hence seek help seek help there is no easy way out otherwise this will hurt you badly so it is very important to understand them and cut it as early as possible okay I don't believe that is a emotion or sense people have maybe I have to go out of my comfort zone economic causes somehow this generation is living beyond their means everybody's luxury is their choice and they may have money they afford it maybe I can still understand so a socioeconomic causes could be very Vari there is something really different in the way people are behaving here we probably have to address that behavior we reasonably as a country doing well across Agriculture and various segments so suddenly segment something wrong and the on us to educate those people and if at allu loine understood uh-huh so let us understand the psychology behind the frauders mindset SC okay it probably covers most of it but I'll explain it any which case okay then g g o n e for greed opportunity need and excuse uh greed uh we talking about criminals so they want quick and dirty money so they're very clear about they don't care how it comes so greed I have to get rich by hook or and to get opportunity because the target leaves the door open or is not secure enough all those things are instigating this person saying that just go get it it is yours that's an opportunity in their world for them it's a open opportunity AFA need need could be a little bit on the gray it's a genuine need or artificial need or a perceived need you to pay foration both are needs but uh and E excuse the excuse is for excuse It's like convincing yourself that you are okay doing it so then she's not going to feel bad like a non-criminal mindset you have fear of God because he's applying different criteria to his tasks he's going about uh doing that's that's how no it's good I just we just [Music] 18 I'll stay with that slogan for now but let's go step back a little quickly repeat but I'll go back wow always wanted to be somebody on the internet probably the word cyber they not fortunate [Laughter] enough one of theg Serv okay do you know what you're talking fast forward fast forward fast forward billion so what happened in this 22 years and I went body shop in those days Body Shop was a term used to sell resources to other countries Netherlands from picture that's where my love life turned Corner if you say you know I work my first company was Unisource business networks part of Dutch Dutch Telecom the Royal kpn hity you would say 1997 okay 1997 was my starting real work in Internet Internet Security and uh D they used to sell over and above the typical Le lines they used to sell value added Services proxy proxy web proxy up antivirus service in the building this is just before I left so m 3.0 you can think it's 3.0 so we built something called a hosted antivirus service with seven antivirus scanners in series so every male which comes to your company so it was the first any Telecom company we collaborated with another British company which had this Tech W when I spoke to my manager then so there are still companies using that so VP what prate ex as far as my knowledge goes who are the first Telecom company in the world to deploy something closest to wepn in the world commercially deoy commercial Cas can as absolutely youth is a feeling in your heart and you have to carry it for long that's what I'm striving to do wonderful so Netherland Netherland on F day me and my wife decided that uh it's high time and literally it is not because I'm from movies I'm telling you scene like that don't think like that we decided one day my is best uh so and we put our home for sale uh and we did not we were not able to sell the home by the time in okay toay they will take it it was I was a white hat hacker hacking for money and for the right purpose secure network design data center security audit come toally it is the process of finding truth evidence of whatever way is draged in any investigation evidence time traditional investigation follows the same principles in cyber okay Comm nice so then because of him then I set up the India's first for technology laborat Delhi and Hyderabad Hyderabad because when that big event happened we came here and then I moved my base after the event here then I set up my office here and but my lab and majority of my team it was dedicated people of 100 people only doing cyber forensics cyber for invation even cyber crime espcially corporate cyber related crime you also need to understand the behaviors of people Field Force who can understand people's movi investigator SOI investigation we don't know that so generally we Source those people from the traditional law enforcement that could be CBI C maybe IPS or not we don't care really oh they're out of out of the service and they're fulltime working with us on our payroll so that is a hint for I'm not specialized in that art so so while why they are not reporting to me but they are in the team cyber forensic team you will have definitely people who will crack the hard disk crack the passwords analyze large amounts of data uh structur dat only way you can identify is that number of transactions could be absolutely in US large fashion okay so Christmas so Christmas flat 50% yeah so % imagine okay that's when they something happen backing system top 10s same Bing system system and very aggressive very funny guy I'm the bull in the China so we went and un enironment the [Music] so we we checked room controlled access lied people lied people have access access room Swip in swipe out okay emplo we don't create the fear we go very friendly people we only have to extract tricks with uh truth with smartness or D showing showing it to him on the face investigation is finished next day I could see the CTO on the fire 20 people all departments there three people were fired on on the spot on the spot he doesn't know he's he's a learner why production system one of the India's largest banks he could be a recommendation candidate you could be friend or relative of somebody who's working there it is really stupid and most of these things happen because of stupidity carelessness stupidity or lack of training if you will right but the reality of Life translate that is where the problem is let's summarize this okay so let's spend a couple of minutes on understanding so good starting point it could be you receiving information which is you know without your intervention or you approaching a source let's cover both the bases fishing internet is you wild west anybody can send anything it comes your mail box so unsolicited mail if my memory serves right spam is I don't know 80% of the internet traffic I mean email traffic 80% % even though you not me seeing it because ising it is lying there doesn't mean so you have to treat what comes your way with please don't even think so anything too good to be true don't touch it okay information irrespective the information Source you get it from okay and principle me access credentials resp at least the respect complex password all major email providers all major Banks insistor Authentication or transaction passord similar concept this is not giving respect stupidity I think should have spent time with your banking person then third one related what about storage phot then you have to see where the app source is so Storage St it gets access to the default installation storage unless it is genuinely doing a kyc application or it is a photo editing application it would not need be safe spacking because that app could be a launching pad for attack for somebody you could become an accomplish for another crime smartphone it's as powerful as a computer 10 years back reality of Life at this moment people should realize it and I have seen it happening in real life so so I I'll repeat from the last one install only from trusted sources Play Store these are all Android phone security trusted Source Play Store at all orle whatever that is uh and uh subset of applications only on need to have if you think you are not Savvy enough then get a extra layer of Internet Security application Android phone related let's say now you are the person who got caught in this web okay what is your first reaction first thing I'll do is seek help okay I'll ask for help seek number one especially if it's a cyber crime first I'll report it okay report it on ncrp National cyber crime reporting portal 1930 okay so that officially documented which is a very good thought at least step okay suay afternoon number Access last four digits m number one number two okay well sounds good you also trying to help and lead the police to the criminal correct so which is very important unless it becomes very easy for the investigator to pinpoint them absolutely thank you very much we did a decent episode on making and breaking how this happens we'll see how we can take this further deep cont thank you great see you in the next one