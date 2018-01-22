Dodgy stock operators have found a new way to trap potential investors. These fraudsters send bulk messages to investors about penny stocks luring them to invest, reports Economic Times.

To access customer's cell phone networks, the fraudsters work closely with employees of SMS gateway firms as well as use specialised software to collect mobile numbers and defraud small investors.

People continue to receive such SMSs, despite several efforts by telecom companies, brokers, cyber security experts as well as Telecom Regulatory Authority of India (TRAI) to tighten cyber security.

"Unfortunately, many times, such messages happen beyond registered telemarketers. Consumers can complain on DND (do not disturb) 2.0 and we will be able to stop them immediately. That is the only way," said RS Sharma, Chairman, TRAI told the paper.

Even Individuals who have registered for do not disturb or the DND service continue to receive stocks tips, said the report.

Bulk SMSs have specific codes such as AM-XYZ, where by sender's identity is captured in short codes. While AM stands of Airtel Mumbai while XYZ is the brokerage or bank. These short codes, which have to be registered with telecom companies, are altered by fraudsters to bear resemblence with a known entity.

"What attackers would mostly do is register a short code that reads very similar to a broker or a bank's actual short code. For example, they may use VMABCBK instead of ABVBNK," said KK Mookhey, CEO of Network Intelligence, a leading cyber security firm told the paper.

Kamal Goel, Senior Vice-President IT at Anand Rathi Securities, said, "At times, it is one broker's code and fictitious research attributed to another brokerage."

"We suspect one way is when these operators obtain access (user ID, password) from an SMS service provider. Some employees of service providers may have joined hands with some staff at telecom companies. Rules do not allow bulk SMS from unregistered small codes," Goel told the paper.

There are cases where the fraudster manages to obtain the client's details such as PAN, phone number from broker by using a specialised software. This causes the client's number to show on the broker's phone when the scamster calls.

He attempts to impersonate clients to put through trade orders.

"This is scarier. Such client data can be obtained from multiple sources. Exchanges have issued guidelines to curb this and such trades can be null and void on reporting to exchanges in a specific format with police complaints," Goel said.

"Call spoofing is trivial through use of service providers such as Spoofcard and spoofmyphone.. there are also talks of SMS spoofing," said Mookhey.

While the leading telcos including Bharti Airtel and Vodafone India claim they are in compliance with regulatory requirements, some officials say they can't do much as the defrauder buys bulk messages from registered telemarketers.

The short codes are given to the registered telemarketers as per their request, without much due diligence, said the report.

Sharma said TRAI is working "very aggressively" with capital markets regulator SEBI to ensure such frauds do not happen either through messages or calls. "We will also consider issuing guidelines to consumers so they are aware," Sharma added.