Amid spiralling stock prices, dodgy operators are impersonating brokers, clients and figuring out ways to access cell phone networks in reaching out to gullible investors.
Acting hand in glove with employees of SMS gateway firms, these fraudsters send bulk messages to rig up penny stocks and even use specialised software to spoof mobile numbers and defraud small investors.
Despite efforts, telecom companies, brokers, cyber security experts as well as Telecom Regulatory Authority of India seem helpless in ending the menace.
"Unfortunately, many times, such messages happen beyond registered telemarketers. Consumers can complain on DND (do not disturb) 2.0 and we will be able to stop them immediately. That is the only way," said RS Sharma, chairman, Trai. However, individuals continue to receive stock tip messages even after registering for DND service.
In bulk SMS, sender identity is captured in short codes. For instance, in the code AM-XYZ, AM stands of Airtel Mumbai while XYZ is the brokerage or bank. A typical stock tip text would read: "INSIDER NEWS: BUY (name of scrip), CMP:60, ST TGT (short term target): 63, SL (stop loss):59, LT TGT (long term target): 120 +"
GAMING THE SYSTEM
Even though short codes have to be registered with telcos — expected to check messages sent are in line with business of the company using the code — unregistered users and suspicious entities with strange codes are using the telecom network.
"What attackers would mostly do is register a short code that reads very similar to a broker or a bank's actual short code. For example, they may use VMABCBK instead of ABVBNK," said KK Mookhey, CEO of Network Intelligence, a leading cyber security firm. Kamal Goel, senior vice-president IT) at broking house Anand Rathi Securities, said, "At times, it is one broker's code and fictitious research attributed to another brokerage.
We suspect one way is when these operators obtain access (user ID, password) from an SMS service provider. Some employees of service providers may have joined hands with some staff at telecom companies. Rules do not allow bulk SMS from unregistered small codes."
SPOOFING CELL NUMBER
The other kind of fraud is when someone manages to get a client list from a broker, with details such as PAN, phone number, etc.
Next, he uses a specialised software, so the client's number shows on the broker's phone when the scamster calls.
He attempts to impersonate clients to put through trade orders.
"This is scarier. Such client data can be obtained from multiple sources. Exchanges have issued guidelines to curb this and such trades can be null and void on reporting to exchanges in a specific format with police complaints," said Goel.
"Call spoofing is trivial through use of service providers such as Spoofcard and spoofmyphone.. there are also talks of SMS spoofing," said Mookhey.
ALL RULES FOLLOWED: TELCOS
Leading telcos including Bharti Airtel and Vodafone India say they have complied with all regulatory requirements and are vigilant. Privately, though, some officials concede they can't do much since the defrauder is mainly buying bulk messages from registered telemarketers.
Carriers say they give out short codes as requested by registered telemarketers, without much due diligence.
As per rules, they just need to keep a record of who is given which code. They add that they can't control or monitor telemarketers' content, or who they resell to, due to privacy and other reasons. Telcos say it's up to the regulators and while Trai officials are working on it, they seem to be at their wits' end.
Operators say they can't even control the software used to manipulate caller line identification (CLI) system. "Any CLI tampering, if it is happening, is being done using various IT solutions available in the market.
There is absolutely no involvement of service providers in such a malpractice," said Rajan S Mathews, director general, Cellular Operators Association of India (COAI), which represents all major telcos in the country.
Sharma said Trai is working "very aggressively" with capital markets regulator Sebi to ensure unsolicited stock tips through messages or other frauds through call don't happen. "We will also consider issuing guidelines to consumers so they are aware," he added.
"Stock-related tips information can be sent only by Sebi registered entity and telemarketers are required to do this precheck.
Further, key word filtering and blocking has been implemented as per Trai directions," Vodafone India said in an emailed statement to ET.