Online frauds of every hue and color have been on the rise since the past decade. As internet has permeated far-flung rural areas, the evil of cyber crimes has followed. A 2016 multi-market survey conducted by the Telenor Group, Norway, reveals that in India, despite 85% of internet users being aware of the term ‘internet fraud/scam’, at least a third have been a victim of it and 57% know a friend or family member who has met the same fate. The amount of money stolen through online frauds from Indian victims is by far the highest, out of all surveyed countries. ‘Lottery scams’ have claimed about a quarter of those surveyed; 17% fell for ‘identity theft scams’; ‘shopping scams’ attracted widespread media attention with e-commerce websites such as Shopclues, Amazon, Flipkart and ebay facing legal action for allegedly selling (or enabling the selling of) counterfeit products ranging from speakers to sarees; however, as per the survey, the most common online fraud in India is the “work-from-home” or online employment fraud, laying claim to 39% victims.
As per news reports, innocent jobseekers are increasingly falling prey and being duped of large sums of money on the internet, with false promises of lucrative employment. The conmen are well-educated, tech-savvy and represent the changing face of online criminals. In most cases, the modus operandi to fool unsuspecting jobseekers is eerily similar. The impostors adopt trade names or register domain names with names that are identical/deceptively similar to those of wellknown job portals/companies/government agencies with a mala fide intent to create confusion amongst jobseekers and indulge in cheating and fraud. We have come across instances when even companies are registered using a well-known trade mark/ name, with the shareholders often being uneducated drivers, watchmen etc., who are generally unaware of what they are getting into and their personal information is provided to the Registrar of Companies for compliance purposes. The conmen pose as consultants and contact jobseekers on the pretext of arranging false interviews or sending false employment letters and demand money for their “consultancy services”. After certain transactions, they shut down their websites, close the bank accounts and flee with the money.
Such online employment scams have been rampantly reported across the country and have especially mushroomed in cities such as Pune, Mumbai, Delhi-NCR, Bengaluru and Hyderabad, which are hubs for IT companies. Investigations by Delhi Police and Uttar Pradesh State Task Force (“UPSTF”) in April this year revealed that at least 50 fake call centres and job portals are running in the Delhi-NCR region. The Information Technology Act, 2000 is sufficiently geared to deal with this growing menace on the internet and also has specific penal provisions for several cyber offences such as sending offensive messages, identity theft, cheating by impersonation, violation of privacy, obscenity, etc., using computer resources. However, cybercrime experts claim that it is difficult to bust these gangs as their bank accounts, payment gateways and domain names are created on fake identities and their servers are generally based abroad. The complexities are further compounded as the payment gateways do not conduct physical verification of their clients, domain registrars do not ask for any identity proofs from registrants and most of the conmen have worked with job portals before, so they know how to exploit the loopholes. However, in spite of such complex hurdles, there have been several success stories. The UPSTF arrested a gang in October 2014 which had created a fake website of Railway Recruitment Board (RRB), Bhopal to dupe job aspirants. The complaint was lodged by RRB Bhopal Chairman with the state cyber cell informing them that a fake website www.irrbpl.org had been created and the fraudsters had also hyperlinked the site to RRB’s real website (www.rrbbpl. nic.in). The gang had extracted `13 lakhs from over 10,000 candidates in the name of “processing fees”. In March 2015, police, in conjunction with cyber cell tracked and arrested 59 people, including 21 women accused of cheating over 500 people through fake job websites. In June 2015, a fake website which was running in the name of the Ministry of Human Resources Development was shut down by the cyber cell of Delhi Police’s Economic Offences Wing. In May 2016, the Hyderabad Cyber Crime Department arrested three persons who had duped several local residents to the tune of twenty five lakh rupees by offering them jobs in renowned American and Canadian companies. The investigation also uncovered over 70 fake bank accounts which the culprits had opened for carrying out their nefarious activities.
To counter the growing menace of fake online employment rackets, multi-national companies are realizing the need to equip and reorient themselves to perform a proactive role in prevention of such crimes. Last year, officials of Indraprastha Gas Limited came across fake advertisements uploaded on two web portals advertising vacancies for freshers. IGL lodged a complaint with the Cyber Crime Cell of Delhi Police and also issued a public notice through its website cautioning jobseekers not to fall prey to any such rumors. Intel India filed a police complaint in Bangalore after it found that at least two people had received fraudulent letters calling them for interviews at the company’s office and asking them to make security deposits prior to the interview. Intel also used its Facebook page to warn people about the incident. IBM has a “fraud alert” section in its recruitment portal and Facebook page and sends such alerts to all registered engineering colleges, since most of the victims are freshers who have recently passed out from college. Similarly, Bosch also issued public messages warning people about fraudulent interview calls. Tech Mahindra has stepped up its efforts to fight impostors who claim to be its representatives offering jobs at the company by implementing technology solutions to help curb this menace. It has started using digital signatures to help job seekers distinguish genuine offer letters from fake ones. The company is also working actively with law enforcement agencies and industry body NASSCOM on the issue. Leading job portal, Monster assembled securityrelated articles and resources on its website for educating jobseekers on simple security precautions to take while evaluating job postings and opportunities. Microsoft’s Digital Crimes Unit filed a civil lawsuit in California against technical support scamming companies, for unfair and deceptive business practices and trademark infringement – one of them being the Indian company C-Cubed Solutions Private Limited which allegedly operated the mail server through which fraudulent technical support businesses communicated with customers.
Notwithstanding the aforesaid efforts being undertaken, companies can also use a combination of strategies to curb infringing use of their trade mark for committing online frauds, by inter alia - (a) conducting simple internet checks using search engines and/or periodically ordering search reports from a commercial vendor, to obtain information on the level of infringement and its landscape; (b) reviewing the publically available WHOIS records of the impugned domain name (which in most cases will have incomplete/fake contact details and thus, can be a ground for cancellation of the domain name upon broaching the issue with the domain registrar); (c) reviewing the impugned website and names of the persons, phone numbers displayed therein and checking their details on anti-spam websites and lists.
The Internet Corporation for Assigned Names and Numbers (“ICANN”) recently released a revised report on “New gTLD Program Safeguards against DNS Abuse” in July 2016, which explored pre-emptive methods to mitigate Domain Name System abuse. In the said report, the following were inter alia, included as recommended safeguards - (a) prior vetting and screening of registry operators to prevent applicants with a history of criminal or malicious behaviour from running TLDs; and (b) maintaining “thick WHOIS” records containing registrant’s contact information and designated administrative and technical contact information - for enabling complete and rapid data search during efforts to identify malicious actors/infringers.
However, the onus of curbing this menace cannot solely be shouldered by enforcement agencies and the affected companies/government agencies. Recently, a division bench of Justice Ranjit More and Anuja Prabhudessai of the Mumbai High Court ruled that if a web user is “careless and negligent”, fails to ensure online safety and falls for one of the common “internet scams”, the company/matrimonial website cannot be held responsible. Thus, web users too must exercise reasonable diligence while surfing the internet.
In view of the aforesaid, while efforts are being made to tackle proliferation of online employment frauds involving trademarks/names of well-known companies/government institutions, it is also imperative for all stakeholders to come together and collaborate for generating public awareness on the issue; sensitizing web users of all ages and advocating internet safety measures and pitfalls to avoid, at various fora, such as educational institutions, offices and government departments. The enforcement agencies must also constantly train their officials on the nuances of the latest techniques being employed by cyber criminals to make them more adept in investigating such cases. Companies may also prefer adopting robust enforcement strategies and sending “cease and desist” notices to the impugned entities immediately upon becoming aware of the fraud being committed and addressing letters to domain name registrars to suspend the impugned domain names.
Disclaimer – The views expressed in this article are the personal views of the author and are purely informative in nature.