“Cybersecurity must be preventive”
Hargobinder Singh Dhaliwal, an IPS officer from the 1997 group, is best known for solving the case of the murder of Sidhu Moosewala in 2022. HGS Dhaliwal, as he is popularly known, is the head of the special cell of the Delhi counter-terrorism unit. He also leads the cybercell.
In an exclusive interview with Anjali Bhatia, Dhaliwal shared her perspective on how citizens can cooperate with the police to contain cyber fraud.
Q. Cybercrimes are on the rise. How do you think citizens can fight the threat?
A. I think a person should take the necessary precautions to protect themselves against online fraud, and it is not very difficult. Just by being aware of their (fraudsters) modus operandi, one can protect themselves by not sharing OTPs, not giving out sensitive information, etc. But if one falls into their designs, he can take several steps to minimize or nullify the loss. Speed and presence of mind are essential. First, notify the credit reporting agencies as soon as possible. Then report the crime to an appropriate authority and notify your bank of the bogus transaction so they can take punitive action. Also, be careful when sharing your data with organizations that collect data about you, such as your healthcare provider, insurance company, bank, and credit card companies, and change the words of switches from your accounts every few weeks using long strings. You can report the incident to the Federal Trade Commission to receive a customized incident recovery plan. For online financial crimes, you can report to 1930 the immediate blocking of unauthorized transactions/amounts. Also, you can file your complaint online at www.cybercrime.gov.in
Q. What exactly should one do if he is the victim of a cybercrime?
A. Spam emails, fake “free” offers, clickbait, online quizzes, etc. use these tactics to trick you into clicking on dangerous links or disclosing your personal information. Always be wary of offers that seem too good to be true or ask for too much information. Never give out your Aadhaar number. These days, there are many opportunities to share your personal information online and on social media. Be careful what you share, especially when it comes to your credentials. Tablets and cellphones face new risks, such as dangerous apps and links sent through text messages. Be careful where you click and don’t respond to messages from strangers when shopping online, entering your credit card or financial information, or visiting websites for online banking or other sensitive transactions. Check the site address. The address must always start with “https” instead of “http” and there must be a padlock icon in the URL field. This indicates that the website is secure. Use a secure search tool such as McAfee Web Advisor to avoid risky sites. Keep all your software up to date so you have the latest security patches.
Q. How effective is cybersecurity and how vulnerable is a person or organization to data theft and various other online frauds?
A. Cybersecurity should not be a simple after-action response. It should be preventive and should be updated from time to time. Technical intervention is required. Companies should also perform tests to identify system and network vulnerabilities. The better an organization knows about the risks and vulnerability of its type of data and holds it, the better it responds to data theft attempts.
Q. Do you work with private companies to minimize vulnerability and data theft incidents?
A. We are better together than apart. I think it’s been a trend in the cybersecurity community over the past five years. You see a lot of vendors coming together to share information and work more collaboratively now. Businesses need to be fully aware of the data they own. They should be aware of and understand the types of personal data they collect about their customers, employees, suppliers, website users, etc., and should ensure that it is kept secure with multiple layers of security. Perhaps collaboration between the public and private sectors is the only way forward and is essential to ensure that companies stay safe and share information transparently.
Q. Many people have lost hundreds of thousands of rupees by getting caught by online scammers. How do you see this? How effective were the Delhi police in getting these scammers to book?
A. Our success rate in catching these elusive criminals involved in cyber crimes is quite high. As a cybersecurity manager, I track data breaches and the black market of stolen data. The destination of the stolen data depends on who is behind the data breach and why they stole a certain type of data. For example, when data thieves are motivated to humiliate an individual or an organization, they release the relevant data into the public domain. We identify the motive and focus on the suspects.
Q: How is stolen data used by scammers/thieves?
A: Buyers use stolen data in several ways. The credit card number and security code can be used to create a cloned card to perform fraudulent transactions. Social security numbers, home addresses, full names, dates of birth, and other personally identifiable information can be used to impersonate someone. This is called identity theft. For example, the buyer may apply for a loan or credit card in the victim’s name and file a fraudulent tax return.
Q. The big question is how do you protect yourself. Sometimes people lost their life savings in a minute.
A. With hacks, scams, cybercriminals, malware, etc., the internet can seem dangerous these days. And devices ranging from smartphones and tablets to internet-connected devices put us at even greater risk. But by taking a few security measures, we can greatly reduce our exposure to all these threats. Creating strong, unique passwords for all your important accounts is the best way to truly protect your personal and financial information. This is especially true in the age of widespread corporate hacks, where a single data breach can reveal thousands of user passwords. If you reuse your password, a hacker could take the leaked data in an attack.
Your credentials are secure, your connections are secure. When you’re at home or at work, you’re probably using a password-protected router that encrypts your data. But when you’re on the road, you end up using the free public Wi-Fi. The problem with public Wi-Fi is that it’s often not secure. This means it’s easy for a hacker to gain access to your device or information. Even if your network is secure, you should still use a firewall. Using a firewall ensures that all devices connected to your network are protected, including Internet of Things (IoT) devices such as smart thermostats and webcams. Many online threats today are based on phishing or social engineering.