The concept of the golden hour plays a very crucial and important role in our lives, be it for prompt medical and surgical treatment to prevent death after an accident or clicking magical photos during the golden hour shortly after sunrise or before sunset. The same golden hour concept also plays a vital role in the timely intervention and recovery of money lost by victims of cyber fraud.
For example, a 52-year-old woman entrepreneur from Bengaluru, who lost Rs2.7 crore to cybercriminals, is set to get back Rs1.7 crore in a few days after police traced and froze the miscreants' bank accounts. She will also be returned another Rs30 lakh soon, says
a report from Times of India.
Apart from understanding the golden hour period for filing complaints in cybercrime, we will also relook at the rampant misuse of mule bank accounts by fraudsters.
In cybercrimes, the term 'golden hour' refers to the crucial period immediately following a cybersecurity incident, particularly a fraud, data breach or cyberattack. This time frame is critical because the actions taken by law enforcement agencies (LEAs) during this period can significantly impact the effectiveness of the response, containment and recovery efforts.
The golden hour concept in cybercrime emphasises the importance of rapid and effective response to minimise the impact of cyber fraud. The case of the 52-year-old lady is a fine example of using the golden hour.
The cheating took place between 6th April and 22 April 2024. Soon after realising what had happened, the woman dialled the national cybercrime helpline number 1930, reported the incident and filed a complaint with the cybercrime police.
Kuldeep Kumar Jain, deputy commissioner of police (DCP) for east in Bengaluru, told the newspaper that "Soon after the complaint was lodged on 22nd April, we found the money (about Rs1.7 crore) in three mule bank accounts in Rajasthan and West Bengal... With the court permitting us to return the money, we are returning Rs1.7 crore in one instalment. Another Rs30 lakh has been traced to a fourth mule account, which will be returned to her after getting the court's permission. We will continue the investigation into the rest of the money."
If you have become a victim of a cybercrime and lost money, then you must immediately call 1930, the toll-free number of the national cybercrime reporting portal (NCRP) or visit the NCR portal, https://cybercrime.gov.in/, to report the incident. It must be done within four hours of the incident to help the police effectively trace and block the proceeds of the crime.
NCRP uses the 'Citizen Financial Cyber Frauds Reporting and Management System' (CFCFRMS) platform for quick reporting of financial cyber frauds and monetary losses suffered due to the use of digital banking, credit or debit cards, payment intermediaries and unified payments interface (UPI).
When a victim reports a cybercrime incident (preferably within four hours) to NCRP, the CFCFRMS platform works in tandem with LEAs, Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), banks, and financial intermediaries to ensure that quick, decisive and system-based effective action is taken to prevent the flow of money siphoned off from the victim to the fraudsters.
Once the victim registers the complaint with NCRP (via 1930 or the website), an SMS regarding the complaint is also sent to the nodal officer of the concerned financial institution(s)- FI. The nodal office then checks the details on her dashboard which are available on the reporting portal.
If the proceeds of the crime are still available, then the FI or bank puts a hold on it, thus blocking the fraudster from withdrawing the money. If the proceeds of the crime have moved out of the concerned bank, then a ticket gets escalated to the next FI (where the fraudsters had transferred the money), which puts a hold on the money. This process is repeated until the proceeds of the crime are blocked and saved from reaching the fraudster. The FIs involved in this process then inform the concerned state police about the action taken and the amount blocked.
When the victim from Bengaluru filed her complaint, the CFCFRMS platforms, along with FIs and banks, successfully traced and blocked Rs1.7 crore from three mule bank accounts from Rajasthan and West Bengal. Police also traced and blocked Rs30 lakh from a fourth mule account.
If you have noticed, the word 'mule bank account' is repeated quite often in this incident. In cybercrimes, the money moves online from one account to another. In order to avoid trace or direct links to themselves, fraudsters use multiple bank accounts owned or registered by various people. These are called mule bank accounts.
According to a 2024 report by BioCatch, a leader in digital fraud detection powered by behavioural biometric intelligence, banking mules is a massively under-reported plague. It notes a concerning bump in mule accounts in India, in line with what BioCatch data shows as a growing global threat. "Every device found to participate in mule activity in India logged into an average of 35 accounts each," it added.
Fraudsters are likely accessing Indian mule accounts from outside the country, the report says, adding while 86% of the first session of documented mule account activity came from within India, after a month, that number fell to just 20% - and 16% of those sessions used a virtual private network (VPN).
BioCatch customers saw more mule activity (14% of the total) in Bhubaneswar than anywhere else in the country. Lucknow and Navi Mumbai accounted for 3.4% of recorded mule activity, two cities in West Bengal—Bhagabatipur and Gobindapur - 1.7% and 2.6%, respectively, Mumbai 2.2%, Bengaluru 1.8%, and Cuttack 1.6%.
Last year in October, Navi Mumbai cyber police arrested two persons believed to be middlemen between banking mules and fraudsters. During the probe, it was revealed that these arrested persons handed over mobile numbers, bank account details, chequebooks and automated teller machine (ATM) cards of various persons (mules) to others involved in the crime. The investigation led to Rs32.66 crore being frozen from these accounts.
In March this year, Gurugram police's cybercrime cell arrested two private bank employees for allegedly providing bank account details for cyber fraud. During interrogation, they disclosed that they kept in touch with cybercriminals and provided bank accounts to be used to commit cyberfrauds. In return, they received Rs1.60 lakh.
"Out of Rs1.32 crore, Rs10 lakh was also transferred by cyber criminals in a bank account provided by the bank officials," Priyanshu Diwan, assistant commissioner of police (cybercrime), told IANS.
Cybercriminals recruit people to act as bank mules through job advertisements, online messages and emails promising easy money for minimal effort. Sometimes, they also take help from agents who provide mule accounts for the crime.
Unfortunately, most bank mules do not fully understand the illegal nature of their actions. Still, their involvement can have serious legal consequences, including criminal charges, financial loss, damaged credit and tarnished reputation, among others.
Remember, participating in money mule activities is a criminal offence, even if the person is unaware of the true nature of the financial transactions carried out in his/ her bank account.
Remember, cybercriminals adopt various tactics to exploit individuals and often prey on people's vulnerabilities or ignorance. Staying vigilant and cautious is your best defence against becoming a bank mule or falling victim to financial scams.
Stay Alert, Stay Safe!
How To Report Cyber Fraud?
Do report cybercrimes to the national cybercrime reporting portal http://cybercrime.gov.in or call the toll-free national helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.