Youngsters lead cyber fraud surge in Nepal
In September, the Crime Investigation Bureau (CIB) arrested Pragyan Rimal, 22, and Ayush Sharma, 20, from Kathmandu for their involvement in cryptocurrency transactions, which is illegal in Nepal. An investigation is ongoing.
Another group was found investing in cryptocurrency and gold. The group engaged in Hundi—they collected remittances from Nepalis working in the UAE, Qatar, Kuwait, Australia, the US, Japan, South Korea, the UK, and other countries, and invested the money in cryptocurrency and gold in foreign countries.
The money was then transferred to the bank accounts of the migrant workers’ families through local agents in Nepal. The case is also under investigation.
In June, the CIB arrested six people in Kathmandu involved in operating an online gaming platform named Wolf 777. The investigation revealed Rs240 million in unaccounted digital transactions. All the suspects were under 30.
According to the Cyber-Enabled Frauds under Strategic Analysis Report, 2024, published by Financial Intelligence Unit-Nepal, Nepal Rastra Bank, on Sunday, the proportion of fraud-related suspicious transactions was high in the first five months of 2024 compared to the same period last year. This year, the cyber-enabled fraud from January 1 to May 31 was compared to the same period in 2023.
Among the 501 fraud-related suspicious transaction reports filed during the period, 319 were linked to cyber-enabled fraud.
These cases are just the tip of the iceberg.
A large number of digital transactions involving ConnectIPS, various wallet accounts, and
Fonepay transfers were traced to accounts belonging to illiterate persons who apparently lacked the skills to use such payment systems.
Upon scrutiny, these accounts were found to be operated by fraudsters as “money mule” accounts.
Fraud schemes reported at the Financial Intelligence Unit-Nepal included money-doubling scams, cryptocurrency investments, network marketing, online room rental services, and fraudulent online payments for the Pearson Test of English (PTE) and International English Language Testing System (IELTS) exams, among others.
Fraud by luring victims with promises of gifts or parcels was the most reported type of cyber-enabled fraud.
Fraud using social media impersonation and fraud by tempting victims with promises of free iPhone and other Apple products were jointly ranked as the second most reported typology.
Social media impersonation was mainly observed on WhatsApp and Facebook.
Hacking of Facebook accounts was frequently linked to social media impersonation, where fraudsters used stolen photos and names of prominent public figures to create fake accounts. Fraudsters would then engage with the real persons’ close relatives and friends and ask for money by using various tactics, including creating fake emergencies.
Youngsters are at the forefront of internet-based fraud schemes.
According to the report, 70 percent of the individuals suspected of cyber-enabled fraud were aged between 19 and 30 years.
This means the young people are working as “money mules” in Nepal.
According to the report, most common fraud methods include gift or parcel scams, social media impersonation, fake online business platforms, OTP fraud, lottery scams, and unauthorised access to bank or wallet accounts using various fraudulent techniques.
A central bank report said that cyber-enabled fraud is rising in Nepal.
By May 31 this year, cyber fraud had risen by 63 percent compared to the same period last year, indicating that the spike in cases is worrying.
Around 15 percent of the suspicious transactions and suspicious activity reports received in the review period were related to the predicate offence of fraud. A predicate offence is a criminal act that serves as a foundation for a more complex criminal activity, often tied to money laundering or organised crime. The term “predicate offence” is commonly used to describe money laundering or terrorist financing.
Commercial and development banks have reported the majority of cyber-enabled fraud cases related to suspicious transactions and activity reports.
Although digital wallets are frequently used for cyber-enabled fraud, the report said that only a few suspicious transactions and suspicious activity reports related to cyber-enabled fraud come from payment service providers.
Most accounts flagged for cyber-enabled fraud were opened in Bagmati province, followed by Madhesh and Koshi provinces.
The report said fraudsters typically initiate contact with victims via social media and then use other mediums as the fraud plot develops. The use of social media to lure victims and defraud them is constantly evolving.
The report showed that the money swindled from unsuspecting victims is quickly withdrawn using ATMs in different parts of the country and India or transferred to other bank accounts and wallet accounts.
Fraudsters have also been found opening accounts at multiple banks, financial institutions, and payment service providers using the same credentials within a short period.
The same mobile numbers are used to open these multiple accounts. Although the know-your-customer (KYC) details of such account holders suggest they are incapable of performing digital transactions, these accounts see frequent digital transactions daily.
Nearly half of the accounts linked to cyber-enabled fraud were reported within three months of their opening. Similarly, around three-fourths of the accounts were reported within nine months of account opening, suggesting the use of new accounts to collect the proceeds of fraud.
The report has suggested that banks and financial institutions implement robust KYC measures, including biometric features when onboarding customers who use digital banking products. This includes verifying whether the mobile phone number used to access mobile and internet banking and wallet accounts is registered in the customer’s own name or that of an immediate family member.
It suggested implementing multi-factor authentication methods, such as e-mail verification, text-based one-time passwords (OTP) sent to registered mobile numbers, biometric verification, and authenticator apps, to verify customers and secure financial transactions above a certain threshold.
The report recommended regulators encourage wallet and card insurance to protect people who are either unaware of digital fraud risks or have genuinely been defrauded. For instance, eSewa has introduced wallet insurance, which covers losses arising from unauthorised transactions.