Source : INDIA TODAY NEWS
With the fast rise in digital technology across India, more people are using online services like UPI payments, cloud-based apps for business, and digital banking. While this has made life easier, it has also opened the door for cybercriminals to take advantage. Online frauds have now gone far beyond basic OTP scams and fake links. Today, fraudsters are using advanced tools like artificial intelligence (AI), social engineering tricks, and even behavioral psychology to fool people in smarter and more convincing ways.
Because of this, simply being careful or avoiding suspicious emails is no longer enough. Cybersecurity today requires a deeper understanding of how the internet works, how frauds are carried out, and what kind of protection can stop them. We need strong systems with multiple layers of safety not just individual awareness. It’s also important to know how AI is being used on both sides: by cybercriminals to launch attacks, and by security experts to stop them.
To understand how people can protect themselves in this changing digital world, India Today spoke with Shashi Bhushan, Chairman of the Board at Stellar Innovations. He shared practical advice on how to stay safe and avoid falling into the trap of online fraud.
advertisement
UNDERSTANDING THE LANDSCAPE OF ONLINE FRAUDS
Modern cybercrime in India operates across a layered framework:
1. Social engineering attacks: Fraudsters impersonate authority figures, HR executives, or bank officials using sophisticated emails or deepfake audio. This category also includes WhatsApp job offers, fake KYC updates, and refund frauds completed with QR codes.
2. Credential stuffing and brute force attacks: Bots are being used to log in to various sites like e-wallets and email accounts using a set username and password. Personal information leakage due to hacking of third-party platforms bubbles to the surface through these attacks.
3. AI-enhanced phishing (Vishing and Smishing): With AI, phishing emails now mimic real institutional language, logos, and even tone. Voice-cloning tools have made vishing (voice phishing) more convincing, particularly for senior citizens and low-digital-literacy users.
4. Business email compromise (BEC): Phishing emails have become sophisticated scams because of technology. Scammers now use voice-recording technology to target specific individuals. This is particularly convincing for older, less tech-savvy individuals and seniors.
advertisement
5. Ransomware-as-a-service (Raas): Cyber criminals now attack public service organisations, schools, and local businesses by renting ransomware kits through service-provider-like companies, which used to be uncommon.
THE DOUBLE-EDGED ROLE OF AI
AI is a piece in the puzzle of modern cyber warfare.
ATTACKERS USE IT FOR:
Deepfakes and voice emulation: Replicating identities via technology for fraudulent purposes, impersonation scams in the case of voice or deepfake emulation.
Social profiling: Social network profiling allows a scammer to collect user-specific data through public social media profiles and create more effective scams.
Automated reconnaissance: Bots operating on Artificial Intelligence retrieve system security-linked information at a speed surpassing that of manual hackers.
USED BY DEFENDERS:
- Threat detection and anomaly identification: Social profiling helps create identity-deep fake-aware bots that can monitor networks for strange activity, try to log in from different places, or download files en masse outside business hours.
- Automated incident response: AI can isolate infected devices to a secure zone or shut down compromised accounts instantly, which is classified as autonomous incident response.
- Fraud scoring: Based on spending patterns and geolocation, AI models flag high-risk transactions for further review.
STRATEGIC PROTECTION: GOING BEYOND OTP HYGIENE
To improve cyber resilience, people and organisations should implement the following layers as an added defense:
1. Digital behaviour hygiene
Be cautious about sharing personal details like birthdays or geographic locations. Cybercriminals misuse these. Use unique passwords for distinct accounts, as a breach in one account can compromise other accounts. Always verify payment requests irrespective of the recipient. Payment requests made by other contacts should also be cross-checked, especially if the message sounds strange or urgent.
2. Technology hardening
Empower your devices with AI-powered endpoint protection hardware that allows for real-time threat detection. Use browser isolation for safely accessing sensitive dashboards such as work or banking interfaces. In email, strong authentication methods like SPF, DKIM, and DMARC email signing protocols should be used. These prevent domain spoofing while protecting organisations from phishing attacks.
3. Multi-layered authentication
Security posed by OTPS can be strengthened with the usage of app-based authenticators like Google Authenticator, Microsoft Authenticator and Duo. These provide an additional layer of security. Also, enable biometric layer and passcode on the devices to further preclude unauthorised access.
4. Human layer training
Engage all employees, including senior management, in regular advanced persistent threat (APT) simulations and phishing awareness sessions to ensure they have the necessary threat recognition skills. Encourage employees to report suspicious online behaviour involving their relatives, and in turn, family members share pertinent information without fear of derision or embarrassment.
5. Incident response readiness
Develop a detailed cyberattack response playbook that includes a contact person list and response steps. Implement secure, offline, and immutable backups to prevent data loss. Ensure familiarity with the reporting channels, such as the Cyber Crime Helpline 1930 and www.cybercrime.gov.in, for prompt incident reporting.
CYBER AWARENESS IS NO LONGER OPTIONAL
It has the best blend of personal and professional life digitally. Founders running payrolls on shared drives, to teenagers managing digital wallets, make every user an active node in India’s cyber terrain.
The AI features customisable offensive and defensive measures, but layered security, heightened awareness, and proactive monitoring are our strongest defences. Cybersecurity is no longer the exclusive domain of IT staff or state authorities; it has transcended to being an increasingly collective responsibility of citizens, digital platforms, and lawmakers.
Soon, cybercrime will become even quieter and more personalised. However, with the right mindset, AI tools, and a proactive perspective, we can ensure that we remain ahead of the curve.
SOURCE :- TIMES OF INDIA
