Cybercrime 101: What you don’t know can hurt the most

KARACHI:

The Internet, like all technologies, is a double-edged sword. Where it empowers us to pool our efforts and maximise our potential by interconnectivity and greater convenience, it offers these same boons to criminal elements and predators.

Advances and increase in user bases around the world have been matched by a proportional increase in online crime around the world. On the financial front, costs inflicted globally cybercrime are increasing by roughly 15 per cent year on year. Enabled by the Covid-19 pandemic, online criminal activities increased by up to 600 per cent in 2020 and 2021, and are expected to cost $6 trillion by the end of this year. By 2025, a report by Cybersecurity Ventures estimates the figure to rise to a staggering $10.5 trillion.

But finance is only one part of the equation. Much of cybercrime leaves in its wake a human toll that is immeasurable by its very nature. As predators, harassers and stalkers prey on the must vulnerable, the damage they leave behind often lasts a lifetime for their victims.

When it comes to Pakistan, what is even more tragic is how preventable much of cybercrime is. Unlike their counterparts in many developed countries, criminals and predators here don’t even require that sophisticated a toolkit as they find greater opportunity in exploiting victims’ lack of awareness and knowledge.

Speaking to The Express Tribune, a senior anti-cybercrime officer of the Federal Investigation Agency underscored this very point.

All around us

 

“The first thing I think people need to realise and be aware of is that cybercrime is taking place all the time and that it is taking place in a whole host of different ways,” said the head of FIA Cyber Crime Zone Sindh Imran Riaz. “There is a sense among people, perhaps, that it is not as severe or that it is rare and cannot happen to them.”

But this lack of awareness is not limited to victims or potential victims of cybercrime alone. Riaz shared that in many cases of cybercrime, the perpetrators themselves were unaware that the activities they were carrying out online constituted cyber offences.

Speaking about the need for greater awareness, the FIA official pointed out that most people tend to unaware what risks exist on the various platforms they use. “People do not know, for instance that cybercrime is taking place on gaming platforms – or how is it taking place on gaming platforms? What risks exist for them or in the case of parents, for their children? What features enable such criminal behaviour and what features are provided by the creators of that platform or app to prevent them.”

Highlighting the vulnerability children are exposed to online, he said that it is very important that parents thoroughly learn, use and explore an app or platform before allowing their children to use it. “If they play any games online, it is important, the parents sometimes play those with them to understand the risks and the controls they can enable to mitigate them.”

Risks for children

 

According to Riaz, the risks on gaming platforms exist broadly in two ways. “There is a financial element. Many games encourage in-app purchases of various items. These are bought using real money,” he said. “So, on one hand, with children especially, they can either duped by scammers into giving them money by offering to purchase items for them.”

He added that there is a second, more alarming risk. “The graver danger children face online is cyber-grooming. Strangers may offer to buy items or provide other services or favours in exchange for explicit photographs, for instance,” the regional FIA cybercrime head explained. “Predators could lure children into meeting them in person. Or, certain twisted individuals may try to share explicit or gory content with young kids, which can be very traumatising. These risks exist on all online platforms for kids, beyond games as well.”

As such, Riaz said it is very important for parents to be aware of such risks and also for them to be able to speak candidly and frankly about them with their children. “Parents should be the first line of defence. In order to be that, they need to meticulously research any platform, app or game before they install it into their children’s devices or allow their children to use it,” he advised. After doing their research, parents should sit their children down and tell them about the potential threats that exist and how they can avoid them, he added. “They should tell them how predators operate and how to identify phishing links.”

“In the 90s, there was a massive effort on television to inform kids that they should not trust strangers. That if a strangers offers them treats, they should refuse and report it to their parents. I think this attitude needs to be extended to cyberspace, when it comes to children,” the FIA official suggested. According to him, parents must tell children to never accept in-app purchases from anyone other than their parents.

“They should be told that they should only contact online close friends who they know in person. Not just that, children should be told to report any account that is behaving irresponsibly or in a sexually enticing manner to their parents. Even if the account seemingly belongs to a friend, relative or loved one.”

Another thing parents must learn about are any controls or features that apps and platforms provide to safeguard children. “Most mainstream platforms nowadays do have child safety features, like keyword filtering, that can be enabled to protect children from traumatising or explicit content,” he shared.

He added that on a wider level, we need a cultural transformation where parents give their children the trust and confidence to be able to share anything or talk about anything. “We need to be able to break some taboos about conversation in order to do so.”

Beyond parents, Riaz said teachers too need to be especially aware of the latest developments in cyberspace. “They should be trained on the risks that exist on popular platforms so that they can raise awareness in the classroom. They should be able to take a proactive approach.”

Of fraud and scams

 

Speaking about financial crimes, the senior FIA official said the biggest issue is a lack of awareness about how credible organisations and institutions – both government and private sector ones – contact people and what procedures when they do so. “As a rule of the thumb, no organisation, government or otherwise, will call a person and ask them for information over the phone or through email,” he shared. “No bank will do that and neither will the FIA or FBR, or other government bodies. If your account has been blocked or if a certain notice has been issued to you, credible organisations will not ask you to verify your identity over the phone.”

Riaz said most victims of online financial fraud are unaware of this allowing fraudsters to take advantage. Likewise, many people are unaware of how phishing links and malware works, and what links, platforms or sites to avoid in order to stay away from them, he pointed out.

“For adults, the first thing they should be aware of are what procedures and protocols credible organisations use to contact people,” Riaz said. “Scammers will often mask their phone numbers or emails to appear credible, so if you do get a suspicious email, call or text message, you need to contact the organisation they are impersonating yourself before exchanging any information.”

He added that adult users must also learn to identify phishing links and emails, and avoid any websites, accounts or platforms that can expose them to malware risks. On social media, he suggested it is best to keep one’s account private and to disable comments for anyone you don’t personally know.

Unwitting criminals

 

In Pakistan, it is not only the victims of cybercrime who suffer from a lack of awareness. Riaz pointed out that in many cases, the perpetrators of certain cyber offences were unaware that their actions were criminal.

“Take the case of these recent posts on social media concerning Tehreek-e-Labbaik Pakistan. We have been conducting raids against those behind accounts that have been sharing sectarian, anti-state or hate speech posts, and many of them are shocked to discover that they have carried out what essentially is cybercrime or even cyberterrorism,” he shared. “People share hate speech online without batting an eye. They re-tweet a hateful or inciting post and don’t even know they have committed a crime. In fact, they can’t even identify the content they are sharing and re-sharing as hate speech. Some of the accounts involved in such posts are run by people as young as 14 years of age.”

Cyber-bullying and cyber-harassment is another area where those involved are many times unaware that these actions are criminal ones, according to Riaz. “People will share posts or images that defame someone, or they will share images or video of a sexually-enticing nature. They will doctor images and with deepfake technology, even footage to show their victims in explicit situations. And people will have a laugh about it and treat it as something normal. They need to be made aware that this too is a crime.”

The same, he said, goes for cyber-stalking. “If you are trying to add someone or contact someone online, and they have made it clear that they would not like to be contacted by you, but you still persist with your efforts and keep sending messages, what you are carrying out is cyber-stalking. And that is a crime under Section 24 of PECA 2016.”

Cybercrime trends

According to the FIA official, cybercrime had been on a steady rise in Pakistan since roughly 2015. “But in 2020, with the advent of Covid-19, it skyrocketed,” he shared. “At present, we have noticed a decreasing trend, but we are expecting it to increase again.”

“The thing is, cybercrime is much easier than physical crime. It is inherently less risky,” he explained. “If you rob someone, for instance, there is a chance you can be hurt. This contributes to the allure of cybercrime.”

Providing a breakdown of offences, Riaz said the highest ratio of cybercrime in Pakistan is taken up by financial fraud. “In Pakistan, most of this is taking place through illegal SIMs and through spoofed email addresses and phone numbers,” he explained.

According to data provided by the FIA, financial fraud constituted 23 per cent of cybercrime complaints in 2021. Hacking complaints formed the next highest chunk of complaints with 12 per cent, followed by harassment complaints with 10 per cent. “Harassment, bullying, blackmailing and stalking online, in many cases, takes place using the same tools as financial crime – namely spoofed numbers and emails, and fake social media handles and accounts,” Riaz shared.

He added that most Pakistanis may be unaware but online impersonation and identity theft is also quite prevalent in the country.

Raising awareness

 

According to Riaz, the FIA has several initiatives in the pipeline, many of which will be rolled out very shortly. “One effort we are involved in is the development of an e-booklet that pictorially explains the various forms of cybercrime taking place in Pakistan,” he shared. “We plan to roll this e-booklet out in private schools in Sindh in the first stage. In the second, we will translate it into the Sindhi language and roll it out in government schools with the help of the Sindh government.”

He added that the agency is also working on collaborating with teachers training institutes on courses on cybercrime and online risks in the due course of time so that teachers can make cybercrime awareness a part of their curriculum. “There is also a cybercrime awareness animation campaign in the works which will be rolled out with the help of celebrities and social media influencers to hit 50 to 60 million people across Pakistan.”

Beyond high profile media campaigns, the agency is also working on other outreach efforts by setting up dedicated Zoom communities and social media accounts to provide a direct line of communication with the public, Riaz shared.

The future of anti-cybercrime

 

“One measure we are heavily engaged in at the present is cyber-patrolling. We scour cyberspace – social media and other websites – to identify and take appropriate action against online vices, like with hate speech enabling trends at present,” Riaz shared. “We can identify who his behind provoking trends that foster hate, sectarianism and violence. It helps us track other criminal activities, such as gambling and sale of drugs, calling data records, fake Covid certificates and PCR tests, that have migrated online as well. For the future, we are in the process of increasing our cyber-patrolling capacity.”

Another plan in the works is the setting up of a Cyber Emergency Response Team, the FIA official noted. “The idea is to have a team that can take immediate action on complaints, particularly of online harassment, or if anything comes up during routine cyber-patrolling, such as a suicide announcement or a heinous offence like child porn or cyber-grooming.”

Speaking about current legislation, Riaz explained that it deemed only cyber-blackmailing, child porn and cyber-terrorism cognizable offences. “What this means is that we can register an FIR immediately, apprehend suspects immediately and start our proceedings immediately. For all other offences noted in PECA, we need the court’s permission to proceed ahead,” he said. “This is my personal opinion, but I believe some more crimes – electronic fraud, electronic forgery, glorifying crime, impersonation and hate speech – need to made cognizable offences as well.”