Just received an SMS from gov about reporting financial frauds to cyber crime police, and that reminded me of the horrors I had to face back in 2018.

This thread involves how a few frauds stole money from an educated lady, how they kept tab on our actions post the fraud,
how quickly "Cyber" police came back to us for next steps, how I tried on my personal level to trace back the frauds, how I got to reveal their identities and blackmail them to return the money, the depth of this nexus of frauds ranging from people who were merely the face
of this fraud, some who had their electricity, mobile, DTH recharged, others who had the money transferred to their own bank accounts, and how I got to find their address via their electricity connection's account numbers, but couldn't do much :)

It was 13th March, and
around 6pm I received a panicky call from my sister telling me that our Mom is crying at our hometown in Patiala, Punjab, as some frauds stole money by tricking her on a call. I was in my office in Bangalore, immediately called her, and my Mom told how a person posing
as SBI employee had called her, and told her that her SBI account had to be linked to her Aadhar identification by some past date. Now that the due date is gone, this is her last chance right now to link it, else her account will get frozen immediately and
she would have to take steps later, file claims and it will be a long process to un-freeze that account.

My mom was very well aware of fraud tricks luring people to give away their OTPs saying they won some amount, and she was clear she shouldn't do that ever.

In this case
she suddenly got scared thinking her account would be gone. The psychological panic made her vulnerable in an instant thinking all the hard-earned money would be gone and simply sharing theAadhar OTP would help stop it. She was sceptical, but in the moment she panicked.
The person on the call already had some digits of her debit card with him, and he tricked her to reveal remaining digits to "authenticate" that she is the owner of the account. Well, that resulted in her losing ~55k INR, and by the time she realised what had happened,
the fraud had cut the call.

Fraud's phone was switched off immediately, while my Mom started realising the gravity of what had happened. Dad was not at home at that point, so she called my sister to convey what can be done. My sister immediately blocked that Debit card,
helped Mom calm down, and then informed me.

SBI's customer support told her they can't reverse it, but will investigate it only after an FIR is filed.
Cyber Police in Patiala was given hardcopy of bank statement to register FIR the next day, but they said such cases
never materialise into a successful recovery.

With police clearly giving up, and SBI doing their own "investigation" post the FIR, I realised there was no hope.

So, the frauds had added money into their PayTM and PhonePe wallet by some 4-5 txns, as shown in the debit statement.
I emailed PayTM and PhonePe for urgent support to block the money from moving out of the wallets.
PayTM came back within 24hs saying the money is already gone out of the wallets. Luckily, they gave me the account details of users who used that debit card. What I got was Name,
Phone, add money, and transactions by those users after the money addition.

PhonePe told me they have blocked the wallet, and money is safe there. I requested for details of account holder/s, but they refused, directing me that only Cyber Police's email can request that info.
At least I was glad the money has been blocked within PhonePe only, and Cyber Police will be of some help here finally. I conveyed this to my parents to ask Cyber Police to send info requested by PhonePe, to recover that money (~15k).

Meanwhile, I was hopeless
about PayTM side of money (~40k) as that had already moved away.
I was angry that evening about the fact that my Mom was crying so much on the day of fraud, and still kept regretting losing hold of her panic every day in our phone calls.

Meanwhile, another event happened:
my Mom received a call from a person "A" saying he felt bad for my Mom, and what his "colleagues" did to her was so unfair. He said he wants to help her get back the money, and started asking if "we know any political
bigwigs who can apply pressure on police to ensure his colleagues pay for their crime". My Mom understood that this was a trick to see what we are planning to do, so she simply told him we have filed an FIR, will see what happens next.

Ok, coming back to my anger over
seeing what this event had done to my Mom, I simply thought of at least making the frauds panic a bit, to the extent possible.

The game began at 3am, the time I chose to call on 1 of the 2 PayTM accounts where money was added. Let's name this person "B". The conversation
went like this, but in Hindi:
Me: Is this <B>?
B: Yes, do you know what time it is?
Me: Did you know what time it was when you stole money?
B: What money? Who are you?
Me: My Mom cried because of you, she panicked because of you. I'm coming for you. I know your address.
B: Do whatever you can, I'm going to sleep. Do not call back.

Fun fact: I didn't have his address or location, only an IP address which I didn't trust to be used in the call.
Well, I had one more shot remaining to get more details about these people: the other PayTM account owner. Let's name him "C".

I called him:
Me: <C> speaking?
C: Yes. Who are you?
Me: You stole money from my Mom, why are you sleeping peacefully right now?
C: I don't know what you're talking about.
Me: You even transferred the amount to <local government> bank? I have the account details and your address. You did recharges too.
C: My PayTM has been hacked, I have request customer support to unblock it. Someone else would have done all this. Please do not involve me in this.
Me: Well, "B" is your friend? He has accepted that you both had stolen the money. I have call recording too.
I'm sitting in police station right now, we will be at your places in 24hrs to investigate further.
C: No no, it was "B" who masterminded all this. He asked me for my PayTM account details, I had shared with him, that is all I know.
Me: Ok, police will investigate this thoroughly, do not worry if you haven't done any wrong. But if you have, the sooner you spill the beans, the better for you.
C: Ok bhaiya (brother), I will go to "B"'s home right now to ask him.
Well, you know the drill, I didn't have his bank account details and address.

Received callback from "B" within 5mins:
B: "C" had done it. He gave me Rs. 2k to give my account details for a day.
Me: Well, then your help will be appreciated when I arrive there tomorrow with police to arrest both of you.
B: <Asked for forgiveness> Give me a chance to fix this for your Mom. In a few hours I will force "C" to return the money. I didn't know I would get used in a crime.
Me: Ok then, you have it. These are my bank details, refund the entire amount <40k> here in next few hours, or I'll reach with police.
B: Yes, I'm meeting "C" right now.

Turned out, "B"'s father was a well-known lawyer in that small town of Jharkhand.
He called me, threatening to get me arrested for accusing his son of something he didn't commit.

With panicky voice on my end, I shared the sheet shared by PayTM with him on WhatsApp, clearly listing out "B" and "C"'s account names.
All I could do at this moment was to just hope this lawyer guy is a good human. The lawyer conveyed he will call me back after talking to his son. He was calmer in the call now.

After 30 mins, lawyer called me back saying his son has admitted to the crime, but
that it is true that someone else had asked him for his account details, that few others are also involved in this entire case who are not named.
He spoke to me, talking about good ethical things, and conveyed he will solve the case for me in his town.
I couldn't be happier, I got someone on ground there to help me solve this :)

After 1 hour, may be around 5 or 6am then, lawyer called back telling a mobile shop owner nearby, guy "C" had been the masterminds, and "B" also had joined them seeing how lucrative it will be.
He promised me he will recover the money and send to my account by morning.

Received an update at around 8am: Money recovered from all three boys.
These 3 people were college teens, aged 19 or so. I still have their contacts saved in my phone, as I had made them promise that they wouldn't do anything like this in future ever.
I spoke to Dad of "C" too, conveyed to him what "C" had done, and that he should
keep him under watch as he may soon turn up to be a criminal in future.

Both Dads ("B" and "C"'s) promised they will definitely teach their sons a few lessons, and thanked me for somehow "bringing this to their notice".

At 11am, after a branch opened there, the lawyer
returned back the amount to my account, and again thanked me, and apologised for his son's behaviour in causing pain to my Mom.

Meanwhile on PhonePe's side, Cyber Police in Patiala had done nothing, not even an email to PhonePe.

In May of 2018, they wrote back to us
saying they have a few details of users who used that PhonePe account, and to pursue the case, they would need us to visit those user's towns, places, all on OUR OWN COST WHILE PAYING FOR EXPENSES OF POLICE TOO.

I tried contacting PhonePe to at least revert money that
was blocked to the source, and PhonePe said: "That money is gone, it was no longer blocked after some time, and it got taken out".

I gave up immediately about the PhonePe side of money, which had seemed to be the only safe side in the beginning.
And we had to withdraw the FIR with police, saying we do not want to visit with them all over India looking for the frauds, while paying for trips of all.

This is all about how we could recover ~40k, thanks to a good human. I'm hoping the lawyer wasn't acting to
make things go cool, and keep himself, his son and others safe. With police "unwilling" to help, I could never figure it out.

Meanwhile, looking at transactions done, I noticed 2-3 PSPCL electricity bills were paid, with account numbers mentioned. I tried finding addresses
of owners of those accounts online, found out they were from Patiala, and UP. I did plan to visit the Patiala address next time I go to Patiala, but I guess I was already tired of going through this process, was afraid too, and gave up on this later on.
This is it guys, this is the story of how you should report frauds to Cyber Police, and how they will help you solve it :)

#cybersecurity
You can follow @harkirat1892.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more