Do not let greed and fear overpower your common sense: Sandeep Mittal IPS, ADGP – Cyber Crime Wing, Tamil Nadu

How do cyber criminals exploit the ignorance of victims?

People often ignore police advisories about cybercrime for a mix of psychological and practical reasons. Many think “it won’t happen to me,” underestimating their own risk — a classic optimism bias. Others don’t fully grasp the evolving tactics of cyber criminals, like phishing or fake websites, because they aren’t tech-savvy or lack awareness. Trust plays a role too; some distrust authority or see warnings as overblown. Plus, advisories can feel vague or inconvenient — telling people to “be cautious” without clear, actionable steps doesn’t always stick.

Cyber criminals exploit this. They’re good at impersonating legit sources — banks, companies, even friends — making it hard for the average person to spot the red flags. Urgency tricks, like “your account’s compromised, act now,” trigger panic over scepticism. And let’s be real: daily life’s busy, so pausing to double-check a link or call feels like a hassle until it’s too late.

There is data to Data backs this up — cybercrime’s been spiking globally, with losses in the billions annually, yet surveys show most people still reuse passwords or skip basic security like two-factor authentication. It’s not just ignorance; it’s human nature clashing with slick criminal tactics.

We understand that no law enforcement agency can arrest a person digitally. However, people often get e-mails from entities pretending to be government agencies such as the tax department. How can they differentiate between an official communication and a malicious one?

Tax department notices and summons sent through e-mail are automatically generated from a government e-mail ID and not from a private ID. People need to be alert as scammers could use Cyrillic characters to make the sender’s ID resemble the official one. Never click on any links in such e-mails and take action only on the tax department’s portal or a bank’s official website.

Could you point out one vulnerability in our devices that could get a fraudster excited?

The scams of today happen through a process called social engineering, which means to exploit your emotions and behaviour. Succumbing to greed and fear is the vulnerability that scammers exploit.

An easy password can be cracked in two minutes, but I’ll tell you that nobody has cracked a password so far in any of the crimes. Why go to that extent while they can simply exploit your emotions.

However, keep your phones updated. Even apps downloaded from the Play Store or the App Store could be unsafe, such as a calculator app asking for permission to access your contacts or photos. Why would a calculator require access to contacts and photos? Such apps aren’t to be downloaded.

If at all a person is seeing his phone getting hacked, or comes to know he has lost money, what should be his first response?

Call the cybercrime helpline number 1930 immediately. The moment your complaint is registered, the process of freezing bank accounts starts automatically. The control room works 24×7 with 15 persons available at any given point of time. If your case doesn’t involve monetary losses, register a complaint at www.cybercrime.gov.in.

Could entities such as banks be a bit more proactive?

They should be. Banks are important stakeholders. They benefit from customers and have a duty to protect the interests of customers. They should process large withdrawal requests, only after thoroughly enquiring with the customer about the purpose of the withdrawal.

With deepfake videos of personalities promoting investment schemes looking more authentic by the day, how can people keep away?

Greed and fear mask common sense. Even if you know it’s fake, your greed will make you give it a try, with hopes of making money. Do not let greed and fear overpower your common sense.

Recently, we saw databases of insurance companies getting hacked. Such entities have a fiduciary role to protect policyholders’ data. What does the law have to say about such incidents?

We have CERT-In (Indian Computer Emergency Response Team) for the whole of India and also sector-specific CERTs such as the Financial CERT, Insurance CERT and Power CERT. These CERTs prescribe guidelines and safety measures to be undertaken. However, organisations should invest more on cybersecurity and get penetration testing done.

We get asked for our Aadhaar details even for something as trivial as checking into a hotel room. Is it okay to give these out?

The rule is that nobody should ask a copy of your Aadhaar card. But companies, including banks, keep asking for it. That is actually wrong. For authentication purposes, they are supposed to ask only for the last four digits and for purposes of KYC, they can ask for biometrics such as fingerprints. All companies and organisations are advised not to insist on physical copies of Aadhaar cards.

Could you share some digital hygiene tips for our readers?

Use separate phone numbers for banking and social media, so that even if your social media accounts are compromised, your bank accounts stay intact. Have a separate savings account with lower balance for your digital spends. Avoid having large balances in other savings accounts too. Regularly check your accounts for unauthorised transactions. Use two-factor authentication for important accounts. Above all, stay informed about cyber frauds and deceptive techniques. Being vigilant is crucial to preventing crime.