Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Dozens of websites offering targeted marketing leads – ET CISO

Dozens of websites offering targeted marketing leads – ET CISO

Dozens of websites offering targeted marketing leads – ET CISO

https://etimg.etb2bimg.com/thumb/msid-113247284,imgsize-213250,width-1200,height=765,overlay-etciso/data-breaches/dozens-of-websites-offering-targeted-marketing-leads.jpg

The flight you took recently, the broadband connection you requested, the car insurance that is expiring soon, the apartment you sold, or even the mutual fund you invested in, are all turning into a fair game for data collectors.

Such information can be exchanged for as little as Rs 150-Rs 300 by informants who sell such “datasets” to employees at call centres, BPOs, or telemarketers, an investigation by ET revealed.

Take the case of 22 year-old Rishabh Shukla, (name changed) who reports at his desk at a telemarketing company at 9 a.m every morning. He is given a sheet of 70-100 phone numbers of people who have recently sold, purchased or rented an apartment in one of Noida’s residential complexes.

The diligent Shukla calls these numbers day in and day out. Within a month, he identified 13 leads of customers who bought, sold or rented property through brokers. Shukla received an incentive of Rs. 5,000 in addition to his fixed salary of Rs. 8,000 per month for his efforts.

“But soon, this list started drying up, and I got used to the incentives,” said Shukla, adding that “ I started going to every new apartment complex in Noida, tipped off the security guards, and took pictures of visitors’ registers to generate new leads.”

He then “sold this information to online real-estate platforms who would in turn provide these leads to interior designers, brokers, property dealers, housekeeping agencies, internet service providers.”

“I made close to Rs. 1.5 lakhs in three months because these were the most accurate leads in the market. Online companies sometimes paid me Rs. 10,000 for every dataset,” Shukla said.

Privacy Abuse

Digital privacy experts point to multiple sources of data leaks that feed this proliferating industry.

“Blatant data theft, disguised as lead generation, has become an organized industry,” said Dhiraj Gupta, CEO of digital fraud detection agency mFilterIt.

A simple Google search reveals dozens of websites offering targeted marketing leads for as little as Rs 120- Rs 300, often claiming to have generated these leads through “market research.” One can search and buy leads for specific cities or hire services for a particular project.

In highly competitive sectors, the stakes are even higher.

For example, if a user requests a data connection online from a service provider, the CRM (Customer Relationship Management) operator often sells the lead to a competitor for a commission.

Elsewhere, information is shared among group companies to cross-sell credit cards, loans, and mutual funds. Hospitality and travel providers share databases of guests, while delivery personnel, mobile recharge shops, and logistics providers act as data-mining hubs.

Legal Protection

Legal experts are of the view that such “unchecked flow of personally identifiable information will be largely curtailed with the new DPDP (Digital Personal Data Protection) Act.”

Shreya Suri, a partner at INDUSLAW, said “with the DPDP Act holding violators accountable through penalties, data fiduciaries will need to be extremely cautious about managing and sharing personal data within their systems and third-party networks. Consent for unrelated purposes will no longer be conditional,” she said.

Alkesh Kumar Sharma, former secretary of the IT Ministry and a key architect of the Act pointed out that “the law places limitations on the purpose, time, and storage of data by fiduciaries, who will be accountable for any misuse without the data subject’s consent,” he said.

However, full compliance with the DPDP Act could take two to three years.

A study by IDfy, an identity management solutions company, found that nine out of ten leading banks don’t even have a cookie consent manager on their websites.

Scamming the C Suite

Vishal Gondal, founder of GOQii, told ET that 7-8 members of his team were contacted via WhatsApp by someone impersonating him, claiming Gondal was stuck in London and needed money.

“The most shocking part was how the scammer knew who my immediate team members were and had their phone numbers,” Gondal said. He notes a clear pattern in the combined use of data, analytics, and AI by scammers.

“We can’t trust what we see or hear anymore. How does one verify identity now?” he asked.

upGrad founder Mayank Kumar said that impersonation among executives has become so common that his organization now runs mock drills—organized by the IT department—to train employees against such scams.

“They are like mock fire drills. A fake account is created to see who might fall for a scam, and those employees receive special training,” Kumar told ET.

AI Abuse

It takes just three seconds of audio to create a convincing voice clone and use it to defraud anyone. Over a dozen websites offer free voice cloning with up to 95% accuracy.

According to a recent survey by cybersecurity firm McAfee, nearly half (47%) of Indian adults have experienced or know someone who has experienced an AI voice scam—almost double the global average (25%).

Among those who were targeted, 83% of Indian victims reported losing money, with 48% losing over Rs. 50,000.

Looking ahead, McAfee predicts that AI-generated deepfake media will increase risks of identity theft, phishing, and cyberbullying by 2024.

“AI will augment how scammers use personal data. It won’t just be voice calls and SMS—multimedia formats like photos, videos, and audio will be used to create deepfake content, impersonating friends, family, or even CEOs,” said Prashant Mali, a cybersecurity and AI thought leader. “For more sophisticated phishing campaigns, AI can now write convincing emails and even generate malware code.”

Experts warn that the power of generative AI, which can skim multiple databases in seconds and create comprehensive data profiles, could push this problem beyond control.

Carl Pei, founder of smartphone brand Nothing, recently wrote, “A scammer AI generated my voice and left WhatsApp messages asking a leader on our team to wire money for an urgent project. Luckily, our payment processes caught this as designed.”

Another source of data access is the dark web. A simple search for any phone number can yield sensitive information like a person’s name, Aadhaar number, and address, thanks to numerous data breaches in the last three years.

Here’s how it works: “An average hacker sells fresh data on 1,000 people for around $100-$150. Multiple anonymous accounts then resell it until the price drops to $2-$5. Within days, the repository is available with several accounts, some even freely on the dark web,” mFilterIt’s Gupta explained.

  • Published On Sep 11, 2024 at 10:45 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket