‘Cyber security must be preventive’

Photo: SNS


Hargobinder Singh Dhaliwal, an IPS officer from the 1997 Batch, is best known for solving Sidhu Moosewala’s murder case in 2022. HGS Dhaliwal, as he is popularly known, is chief of the Delhi Anti-Terror Unit Special Cell. He also heads the cyber cell.

In an exclusive interview with Anjali Bhatia, Dhaliwal shared his views on how citizens can cooperate with the police in containing cyber fraud.

Q. Cyber crimes are on the rise. How do you think citizens can fight the menace?

A. I think a person must take due precautions to protect himself from online fraud, and that is not very difficult. Just by being aware of their (the fraudsters’) modus operandi, one can secure oneself by not sharing OTP, not giving sensitive information, etc. But if one does fall for their designs, he can take several steps to minimise or nullify the loss. Speed and presence of mind are everything. First of all, notify credit reporting agencies as soon as possible. Then report the crime to a competent authority and inform your bank about the bogus transaction so that they can take punitive steps. Besides, be mindful while sharing your data with organisations that collect data about you, such as your healthcare provider, insurance company, bank, and credit card companies, and change the passwords for your accounts after every few weeks using long strings. You can report the incident to the Federal Trade Commission to receive a tailored plan for recovery from the incident. For financial crimes online, you may report at 1930 for the immediate blocking of unauthorised transactions/amounts. Besides, you could make your complaint online at www.cybercrime.gov.in

Q. What exactly is one supposed to do if he is a victim of cybercrime?

A. Spam emails, fake “free” offers, click bait, online quizzes, and more use these tactics to lure you into clicking dangerous links or giving away your personal information. Always be wary of offers that sound too good to be true or ask for too much information. Never give out your Aadhaar number. These days, there are plenty of opportunities to share your personal information online and on social media. Be careful about what you share, especially when it comes to your identifying information. Tablets and cell phones face new risks, such as dangerous apps and links sent by text messages. Be careful where you click, and don’t reply to strangers’ messages when shopping online, inputting your credit card or financial information, or visiting websites for online banking or other sensitive transactions. Check the site’s address. The address should always start with “https” instead of “http” and there should be a padlock icon in the URL field. This indicates that the website is secure. Use a safe search tool such as McAfee Web Advisor to avoid risky sites. Keep all your software up to date so that you have the latest security patches.

Q. How effective is cyber security and how vulnerable is a person or an organisation to data theft and various other frauds online?

A. Cyber security should not be a mere post-action response. It should be preventive and must be upgraded from time to time. There is a need for technical intervention. The companies must also conduct tests to identify where system and network vulnerabilities exist. The better an organisation knows about the risks and vulnerability of its data type and holds, the better it is at responding to attempts of data theft.

Q. Are you collaborating with private companies to minimise the vulnerability and incidents of data theft?

A. We are better off together than we are apart. I think that’s a trend in the cybersecurity community over the last five years. You see a lot of vendors coming together to share information and working more collaboratively now. The companies must be fully aware of the data they own. They must be aware and understand the types of personal data they collect of their customers, employees, vendors, website users, etc., and should ensure that it is kept safe with multiple layers of security. Perhaps collaboration between the public and private sectors is the only way to go and is critical to ensuring that companies stay safe and share information transparently.

Q. Many people have lost lakhs of rupees by getting caught in the trap of fraudsters online. How do you view this? How effective has the Delhi Police been in bringing these scammers to book?

A. Our success rate in catching such elusive criminals involved in cyber crimes is quite high. As a cyber security official, I track data breaches and the black market for stolen data. The destination of the stolen data depends on who is behind the data breach and why they have stolen a certain type of data. For example, when data thieves are motivated to humiliate an individual or organisation they release relevant data into the public domain. We identify the motive and then zero in on the suspects.

Q: How is stolen data used by scammers/cyber thieves?

A: Buyers use stolen data in several ways. The credit card number and security code can be used to create a cloned card for carrying out fraudulent transactions. Social security numbers, home addresses, full names, dates of birth, and other personally identifiable information can be used to impersonate a person. This is called identity theft. For example, the buyer may apply for a loan or credit card in the name of the victim and file a fraudulent tax return.

Q. The big question is how one protects oneself. Sometimes people have lost their life savings in one minute.

A. With hacks, scams, cyber criminals, malware, and more, the internet can feel like a dangerous place these days. And, devices ranging from smartphones and tablets to Internet-connected devices put us at even greater risk. But by taking a few safety measures, we can significantly reduce our exposure to all these threats. Creating strong, unique passwords for all your important accounts is the best way to truly protect your personal and financial information. This is especially true in the era of widespread corporate hacks, where a single data breach can reveal thousands of user passwords. If you reuse your password, a hacker could take the data leaked from an attack.

Your logins are secure, your connections are secure. When you’re at home or work, you probably use a password-protected router that encrypts your data. But when you’re on the road, you end up using free public Wi-Fi. The problem with public Wi-Fi is that it is often insecure. This means that it is easy for a hacker to access your device or information. Even if your network is secure, you should still use a firewall. Using a firewall ensures that all devices connected to your network are protected, including Internet of Things (IoT) devices such as smart thermostats and webcams. Many of today’s online threats are based on phishing or social engineering.