An investigation by ET has revealed that such information can be sold for as little as Rs 150-Rs 300 by informants who provide these “datasets” to employees at call centres, BPOs, or telemarketing companies.
One such example is the story of Rishabh Shukla (name changed), a 22-year-old telemarketer who starts his workday at 9 a.m. with a sheet containing 70-100 phone numbers of people who have recently bought, sold, or rented an apartment in a Noida residential complex. Shukla made an additional incentive of Rs 5,000 from the leads he generated.
“But soon, this list started drying up, and I got used to the incentives,” said Shukla, adding that ” I started going to every new apartment complex in Noida, tipped off the security guards, and took pictures of visitors’ registers to generate new leads.”
Shukla then sold this information to online real-estate platforms, which would provide the leads to various businesses, such as interior designers, brokers, property dealers, housekeeping agencies, and internet service providers.
“I made close to Rs. 1.5 lakhs in three months because these were the most accurate leads in the market. Online companies sometimes paid me Rs. 10,000 for every dataset,” Shukla revealed.
Blatant Data Theft
The digital privacy landscape is riddled with numerous sources of data leaks that contribute to the growth of a thriving industry, according to experts in the field.
“Blatant data theft, disguised as lead generation, has become an organized industry,” said Dhiraj Gupta, co-founder and CTO of digital fraud detection agency mFilterIt.
A cursory search on Google reveals a plethora of websites offering targeted marketing leads at prices ranging from Rs 120 to Rs 300, often claiming to have obtained these leads through “market research.” Interested parties can purchase leads specific to certain cities or engage services for particular projects.
In sectors with intense competition, the importance of acquiring leads is even more pronounced.
For instance, when a user requests a data connection online from a service provider, the CRM (Customer Relationship Management) operator frequently sells the lead to a competitor in exchange for a commission.
In other cases, information is shared among group companies to facilitate cross-selling of credit cards, loans, and mutual funds. The hospitality and travel industries share databases of guests, while delivery personnel, mobile recharge shops, and logistics providers serve as hubs for data mining.
Legal professionals believe that the new Digital Personal Data Protection (DPDP) Act will significantly restrict the unregulated circulation of personally identifiable information.
According to Shreya Suri, a partner at INDUSLAW, “with the DPDP Act holding violators accountable through penalties, data fiduciaries will need to be extremely cautious about managing and sharing personal data within their systems and third-party networks. Consent for unrelated purposes will no longer be conditional.”
Alkesh Kumar Sharma, a former secretary of the IT Ministry and a key contributor to the Act, highlights that “the law places limitations on the purpose, time, and storage of data by fiduciaries, who will be accountable for any misuse without the data subject’s consent,” he said.
Nevertheless, achieving full compliance with the DPDP Act may require a period of two to three years.
An investigation conducted by IDfy, a company specializing in identity management solutions, revealed that a majority of leading banks, nine out of ten, lack even a basic cookie consent manager on their websites.
WhatsApp Scam
Vishal Gondal, the founder of GOQii, recently shared with ET that several members of his team were targeted via WhatsApp by an impersonator claiming to be Gondal himself. The impersonator alleged that Gondal was in a difficult situation in London and required financial assistance.
“The most shocking part was how the scammer knew who my immediate team members were and had their phone numbers,” Gondal said. He observed a distinct pattern in the scammers’ combined utilization of data, analytics, and artificial intelligence.
“We can’t trust what we see or hear anymore. How does one verify identity now?” he asked.
Voice cloning technology has advanced to the point where a mere three seconds of audio is sufficient to generate a highly realistic replica of an individual’s voice. This capability is readily accessible, with numerous websites providing free voice cloning services boasting up to 95% accuracy. The ease of access to this technology raises concerns about its potential misuse for fraudulent activities.
The rapid development of generative AI poses a significant threat, as it can quickly analyze vast amounts of data from multiple sources and compile detailed profiles on individuals. Experts caution that the unchecked power of generative AI could escalate the problem of voice cloning fraud to unmanageable levels.
Furthermore, the dark web serves as another avenue for accessing personal information. A simple search using a phone number can reveal sensitive details such as a person’s name, Aadhaar number, and address. This vulnerability is exacerbated by the numerous data breaches that have occurred over the past three years, making it easier for malicious actors to obtain and exploit personal data.
#tracked #personal #information #sold #telemarketing #companies #BPOs #call #centres #Times #India