Is Our System Geared Up To Tackle Cyber Crime In Financial Markets?
Victims narrate their sad tale of how the system is so complex and involves multiple lawyers
Financial market regulators are flooded with complaints related to cyber crimes. cybercriminals in India are impersonating reputed mutual fund houses to defraud gullible stock market investors. Nisha Gupta, a Pune-based mutual fund investor was the victim of such an attack recently. But more than the attack, Gupta was the victim of a negligent financial market system and the fund houses, who were not eager or willing to help her, says Vibhor Anand, Lawyer of the victim. Another victim Amita Ravindra Lalas has a sad story to tell about the system that is letting the victims of cyber crime down. It all starts with registering a first information report with the police, which is extremely difficult and then with financial market regulatory bodies, which the victims say do an eyewash of an investigation.
How The Scam Happened?
Nisha Gupta , a Pune-based investor was duped. Here is the full story in her own words, which shows how the scam operates. I was defrauded by somebody who impersonated or officials claiming to be from Tata Mutual Fund and Axis Bank - US Bancorp.
Axis Bank Case
I was approached by people in April 2024 who claimed to be Axis Bank employees (were not employees of Axis Bank actually) and offered me access to Institutional trading accounts under Axis Bank's collaboration with US Bancorp Wealth Express program. This was being offered to me since I am a priority Axis Bank customer and so I believed them and went ahead. It's notable here that this incident happened after I activated my Axis Demat account.
Documents and proof attesting to this, duly signed by Amitabh Chaudhary were shared. Upon agreement, I was added to a WhatsApp group which had 200 plus members and I was asked to download an app UWMIN from the App store (which they said will provide me more benefits than the usual Axis Demat account) which I did. All instructions regarding stocks, IPO, and ETF were shared here and trading happened on the UWMIN app. They shared account details which were posted as Registered brokerage accounts on this whats app and we then transferred money to these accounts. (Only the cybercriminals were impersonating Axis Demat).
Tata Mutual Fund
Around the same time, I was also added to another group which was Investment Guide, run by Tata Mutual Fund (Again by those cyber criminals who were impersonating Tata Mutual Fund) and they were having a trading opportunity under the name of Tata Investment Club, spearheaded by their senior Fund Manager Chandraprakash Padiyar. Because of the novelty of all this, I decided to give this a try. Following this, the group admin shared an Institutional account opening form which I filled and submitted and following this I was given access to their institutional trading account. Tata's trading app (maybe a lookalike) I downloaded from the App store and account details on which deposits were to be made was done through customer service feature available on the app. Details of which stock to trade and every evening the so-called Mr Padiyar conducted trading sessions in the evening on whats app group.
First week of May, it was my parent's 50th anniversary and I wanted to give them something grand so I decided to withdraw money but was not able to do so from both the apps. After lots of reasoning and arguments with both the Group admins, I was removed from the groups and my app access was blocked. It was then that I realized I had been defrauded and lost all my life savings.
What Did the Victim Do?
She first registered cyber crime on number 1930 on the 6 May night and then went on to register an FIR in Ranchi Cyber Crime Police Station with DSP Neha Bala on 7 May 2024.
Following the cyber complaint and FIR, criminal/fraud accounts were frozen and recovery of Rs. 5,10,000 /- was documented. I got a lawyer who helped me file a petition and got the Court order for recovery. Till now Rs. 490000/- has been refunded to me. I am still waiting for the remaining. For recovery, I have also put a grievance on PGPortal but all pleas and subsequent appeals have been dismissed /closed.
Sebi Case
On the advice of a family member who is also a lawyer, I registered cases against the cyber attackers with SEBI on May 13, 2024 and also separately with Axis Bank PNO and Tata Mutual Fund.
Axis PNO investigation consisted of a phone call from them and reiterated my details, clearly pinning the blame on me and washing their hands of all liability. But somehow I feel that my confidential data was leaked and hence made me susceptible to this fraud. Axis dismissed it by saying investigation has been done and since I made the transactions they are not liable. They justified and negated their liability by sharing the caution notices they had published in the local daily. They suggested seeking police help and offered their co-operation in the investigation. I sought review and they came back with the same reply.
Second level review was sought and a meeting with the Compliance/Legal Head along with Advocate Vibhor Anand was requested. Sebi disposed of the complaint and asked to seek RBI help. I registered a complaint with the RBI and after a couple of months, the RBI has closed the complaint without any explanation.
Tata did not reply to the email but replied to the Sebi complaint. They dismissed the complaint and advised me to be careful before investing.I asked for a First Review to which they came back with the almost same reply. I filed for a second level review and a meeting with the Compliance/Legal Head along with Advocate Vibhor Anand was requested. They came back with the same reply and since as an investor I was not satisfied, SEBI asked to go for ODR.
I registered my complaint on Online Dispute Resolution (ODR) and TMF again blatantly refused all liability and did not accept any responsibility. ODR has asked to go for conciliation and now my complaint is with a third party legal firm JUPITICE. The conciliation hearing happened online on 9 Sep wherein TMF lawyers said the same thing and refused to accept liability. The lawyer did say that it's not possible for them to keep a track of all dubious activities happening and investors should be exercising caution. I don't know what will happen from here now.
Response From Tata Mutual Funds
"At Tata Mutual Fund, we place the utmost importance on customer service and investor protection. In this particular matter, we have acted promptly and responsibly. The investor reported being misled into investing Rs 10 lakhs in a fraudulent scheme falsely linked to one of our fund managers. We lodged a formal complaint with the cybercrime authorities on 5 April 2024, and updated our "Public Caution Notice" to warn against such fraudulent activities."
“Despite the case being escalated to Sebi and through the Online Dispute Resolution (ODR) portal, the conciliator confirmed that Tata Mutual Fund has no involvement in the fraud. The investor acknowledged that Rs 4.9 lakhs were recovered through the cybercrime cell. As a responsible fund house, we have filed multiple complaints with authorities and published public caution notices to protect our investors from fraudsters misusing our name.”
"We strongly urge the publication to evaluate the merit of the story that could mislead readers and create panic. Such reports would not only be inaccurate but could also harm the trust we have built with our investors."
Axis Securities Official Statement
"At Axis Securities, customer safety is our top priority. In response to the incident reported to us in May 2024, we filed a complaint with the Cyber Crime Cell and notified the relevant Stock Exchanges and Depositories. As a trusted brokerage, we adhere to strict regulatory guidelines and ethical standards. Axis Securities does not operate any WhatsApp groups or platforms offering unauthorized investment advice or false promises of high returns. We emphasize transparency and customer protection, offering only research-based guidance through official channels. We continue to raise awareness via social media and other platforms, urging customers to stay vigilant. For any verification, we advise our customers to visit our official website or contact customer care at helpdesk@axisdirect.in. We also recommend reporting any suspicious activity by calling 1930 or filing a complaint with the cyber police."
Victim 2 - Amita Ravindra Lalas
Being a customer of a financial services company one would expect dependable, & competent customer service, particularly for situations involving fraud. However this notion was broken when we suffered from cybercrime leading to fraudulent transfer of shares from AmgelOne to a fake account in Zerodha via CDSL easiest platform. Cybercriminals were able to change contact details, get KYC done, & steal shares in a day, outsmarting AngelOne & CDSL's verifications. As the fraud unfolded we informed CDSL & AngelOne, however they lacked a response mechanism, SOP for such emergencies, & knowhow to deal with such situations. There also was a complete lack of empathy as our calls for help were treated as business as usual. We would like to narrate this experience to drive awareness among small investors so that they are better prepared to avoid such situations & safeguard their interests. We also hope that such financial services companies improve their protocols & processes to help customers in distress.
On 24 June, we started to receive suspicious sms messages. On the same day we realised that our email (hotmail) account had been hacked. We immediately changed the password. The suspicious sms messages continued, but we were not sure if the messages were fake or genuine. As some messages indicated CDSL so we checked AngelOne (demat) account, but did not find anything unusual. As we tried to understand the messages, in the evening we received a sms message about a debit transaction of shares. We immediately checked the AngelOne (demat) account & noticed nothing unusual. Instead it showed a credit of a few bonus shares that was expected. We tried to dial AngelOne support numbers but none of the numbers mentioned on their site were reachable as the time was outside their working hours While no material loss could be ascertained at that point, just to be on the safer side we logged a grievance with CDSL on their portal mentioning about the suspicious sms & requesting to check.
Next day on checking the AngelOne (demat) account we realized that all shares were missing. We had no choice but to wait till AngelOne working hours. As soon as AngelOne customer care was available we reported the incident however we did not receive any help or guidance nor was the incident escalated. We were in desperate need of guidance in the moment of stress to understand the situation and act. A SOP or protocol for such urgencies was possibly missing. AngelOne did share a holdings statement but that did not offer us any help, guidance or clarification. As our email was hacked, we also raised a request with AngelOne to change the email ID linked to the demat account. We were told that it takes 24 hours for the contact details to get updated. While we were clueless about the fraudulent transaction, we reached out to CDSL. Unfortunately CDSL also did not offer any help or guidance & we were asked to log another grievance. If a CDSL officer could have shown some empathy & urgency we would not have lost the golden hours during which the fraudulent account needs to be identified & frozen. Left with no choice, we submitted another grievance providing additional evidence to CDSL. We also reached out (via email) to investor grievance contacts for each company whose share we were holding & have lost to this fraud. Notion that in demat form.shares have digital identity and trail, and therefore those could be traced, does not hold good in such situations.
With no help in sight, the next day we logged a complaint on the National Cybercrime Reporting Portal. We also called 1930, however the person attending the call was not able to understand this as a financial fraud. After our request to update contact details was processed we were able to gain control of our CDSL log in. While we requested a contact details update as a precautionary measure, we realized that our contact details with CDSL, before our request was processed, were already updated by cybercriminals. The cybercriminals managed to get our contact details updated, and we are not sure if any verification was done by CDSL or AngelOne. By hacking our email the cybercriminals were able to gain full control & manipulate complex processes.
Two days after the incident & on repeated follow ups, someone from AngelOne asked us to check if there is a trusted account added to our CDSLaccount. On checking we noticed there was a trusted account. AngelOne representative informed us that it was a Zerodha account & we should file a FIR with police.
At this point we raised another grievance with CDSL providing further details & contacted the police station. The concerned officer was not available & we had to wait till next day to file a complaint. During this time we sent a request to Zerodha to freeze the fraudulent account where the shares were transferred. While Zerodha confirmed over phone that they froze the account temporarily, they also responded via email asking for an instruction from police. So we requested the concerned officer for help. We were asked to visit the police station the next day. We did visit the police station & submitted a copy of correspondence with Zerodha. Later in the evening an instruction was sent to Zerodha by police to freeze the account.
With no material help or satisfactory response from AngelOne and CDSL, we reached out to SEBI helpline. We were asked to send an email to AskSebi email ID. On writing to AskSebi we were advised to log a grievance on the Scores platform. So we submitted complaints on the Scores platform.
As we continued efforts to seek guidance and relief, we reached out to the Sebi helpline seeking clarification on the process to transfer shares from one demat account to another via online mode. Again Sebi helpline was unable to help & asked us to write to AskSebi email Id. We sent a requested via email to AskSebi, to which there was no response despite follow ups. So we submitted a request to higher authorities at Sebi citing no response. After weeks of follow up we received a clarification from CDSL that suggested a 7 step process with multiple sub steps for transfer of shares. The process included verification of account holder's request for upgrade from easi (read only) to easiest (transaction). The verification is to be done by DP (being AngelOne in this case). Neither AngelOne nor CDSL gave any satisfactory response to clarify how the verification was done. We also did not get any satisfactory response regarding unauthorised change of contact details.
All our complaints were disposed of without any satisfactory response.
Further, we logged a complaint on SmartODR, while also escalating our grievances to CDSL GRC. At all levels we received the same standard response that the said transactions have been done using user ID & password that belonged to us. We requested AngelOne & CDSL to clarify as to what verifications, if any, were done at their end. We also requested a full trail of the fraudulent transactions. There was no visible difference in the handling of our complaints across various platforms & escalation levels.
As we continue efforts for fair and reasonable relief, the experience so far has been disappointing due to multiple reasons as follows:
It took us four weeks of follow-ups with Sebi to get clarification (from CDSL) on the prescribed process for online transfer of shares.
The process is complex and includes seven steps with multiple sub-steps. CDSL's official response on the process has reference to a communique that CDSL did not shared while providing clarification, hence adding to ambiguity.
All complaints were disposed of based on the inputs provided by AngelOne & CDSL, and no effort was made to seek our point of view on negligence towards our calls for help that were not acted upon promptly.
Contact details were changed as a part of the fraud, however, we were not offered any satisfactory response to clarify the trail leading to a change of contact details.
Multiple times we sought clarification and resolution to complaints raised with CDSL, AngelOne, & SEBI on grounds of negligence & inaction including - lack of prompt action when fraud was reported; A detailed trail of actions & transactions leading to fraud (not provided to us); We were not allowed to connect with designated escalation contacts.
We submitted grievances through multiple channels from the day the incident of fraud took place including - CDSL grievance portal, AngelOne customer support, National Cybercrime Reporting Portal, Thane Police (FIR Filed), SEBI Scores Platform, SmartODR Platform, & approaching SEBI & higher authorities including RBI.
We received a response from RBI suggesting that the matter is outside RBI's jurisdiction and that RBI has forwarded the concern to Sebi.
The fraud involving the unauthorised transfer of shares from demat account with AngelOne to a fake demat account with Zerodha also involved unauthorized KYC (through NDML KRA & eMudhra).
We received multiple assurances of response from AngelOne including the escalation team and compliance team. However, each time a standard response was offered, suggesting that the said transaction was based on user id, password, and OTP.
We also approached AngelOne's office where we were asked to write to FDS Support and were assured resolution. However, we did not receive any further relief from the support.
It is very difficult to approach CDSL & AngelOne except through emails as calls to CDSL's contact numbers for investor grievances are often unanswered, & AngelOne's escalation numbers are attended by support persons who do not allow any connection with designated escalation points of contact.
An email sent to AngelOne remained unanswered. Will add their response when received.
Ravindra Lalas (from the victim's family).
