Nepal Grapples with Rising Financial Fraud and Cyber Scams: An Expert Interview

Recently, incidents of financial crime and cyber fraud (scams) have increased in Nepal. The trend of defrauding the general public by deceiving the uninformed and tempting the knowledgeable is on the rise.

How can one avoid scams involving promises of high investment returns, threats of 'digital arrest,' or those initiated through social media? What types of 'scams' are active in Nepal, and how can users keep their confidential information secure? We discuss these issues in this edited excerpt from an interview with Sushil Paudel, Director at Nepal Rastra Bank, Birgunj Office.

• Financial crimes and cyber fraud (scams) are occurring frequently in the financial sector lately. What exactly is a scam, and how should it be understood?

In simple terms, a scam is taking someone's assets by deceiving the uninformed or by tempting or intimidating the knowledgeable. In digital scams, information and digital money are primarily stolen. There are mainly three types of trends observed: Authorized Push Payment, Data Theft, and Remote Access.

Under Authorized Push Payment, the victim is tricked into sending money or providing information to the perpetrator. Data Theft involves stealing the user's confidential information. Remote Access allows a distant individual to operate your device (mobile/computer) themselves.

In Nepal, due to relatively strong technology, the trend of remote access or hacking is less common. Instead, due to lower financial literacy among users, the incidence of fraud involving tricking people into willingly sending money or extracting passwords and OTPs is extremely high.

• What types of incidents or complaints are most frequently received at your office?

Based on the complaints and information received at the Birgunj office, most incidents involve soliciting money through social media for fraud. Another category relates to investments, such as the current SMC-like incidents.

In these cases, perpetrators initially ask for money to be deposited, show transactions, and eventually, the investment company disappears. Besides these, there are incidents of hacking emails and passwords through fake websites, and transactions made by resetting OTPs. Furthermore, there are 'money mule' incidents where money is transferred without the individual's knowledge, which we term 'Jobs and Employment' scams.

Considering Nepal as a whole, the main types of scams include soliciting money in the name of employment, demanding taxes for winning lotteries or gifts, threatening account closure, and the current trend of intimidating people under the guise of 'digital arrest' using 'deepfake' technology. Additionally, the practice of soliciting money after building virtual closeness or creating profiles resembling acquaintances has also increased.

• What exactly is social engineering?

Social engineering is when a perpetrator studies an individual's social behavior or habits and gains their trust by saying things that align with their desires. Scammers use SMS, email, phone calls, or social media to rush people or tempt them into revealing their confidential details (passwords/OTPs).

Fraud is now occurring even when people are physically present. For instance, incidents like threatening someone leaving customs by saying, 'Your goods will be seized, pay the money,' or placing fake QR codes, also fall under social engineering.

• What are the incidents reported to your office?

There was a professionally active nurse. She was connected to an app under the pretext of a part-time job or investment opportunity. This is called a 'Pig Butchering' scam, where the 'piglet' is fattened first. Initially, she invested a small amount and received her money back with profit. Once she was convinced that 'money is actually coming back,' she kept increasing her investment.

When her investment reached 24-25 lakhs and she tried to withdraw the money, the scammer told her, 'You have made a foreign investment; you must pay government tax.' She paid the tax. Then they demanded, 'A partnership fee is required for the profit share,' which she also paid. While being told the money would come, she was eventually blocked, and all data disappeared from the app. All her money was lost.

• How do scammers initially contact the victim?

There are certain warning signs, or red flags, in scams that we must always remember. Primarily, if someone promises high returns on investment but claims there is no risk, it is certainly a scam. Secondly, talking about giving money because you have won a lottery or gift.

Furthermore, scammers always pressure people to conduct financial transactions in a hurry. If there is pressure saying, 'You must do it now, do it quickly,' then think something is wrong. Recently, the trend of hacking social media accounts to ask for money in the name of acquaintances has also increased.

If someone pressures you to make a financial transaction, open a new account, or share confidential details, you must pause. To avoid this, one must follow the 'Stop, Check, and Act' rule.

• What is being done to raise awareness about this issue?

Financial literacy cannot be achieved by us alone; all sectors of society must be involved. Since money moves very quickly from one account to another in digital fraud, recovering the money is difficult. Therefore, prevention is the main solution.

One must maintain digital discipline. Your username, password, OTP, and PIN are strictly confidential and should not be shared with anyone. When setting passwords, avoid easily guessable things like names or birth dates. Enable 'Multi-Factor Authentication' on social media and emails, which notifies you when logging in from another device, and continuously monitor your accounts.

• Are 'high-tech' frauds also occurring in Nepal?

So far, 'high-tech' frauds, such as hacking devices or stealing money without the user's knowledge, have not been prominently seen. Here, fraud is occurring primarily because people themselves share their confidential information (OTP, password) out of trust or fear.

• Are these fraudulent activities originating from within Nepal or from outside?

It appears that the operation (execution) of scams originates from across the border, but the money transactions are found to be happening within Nepal. For example, if someone uses Hundi (informal money transfer) to send money to relatives in Australia or Dubai, that money might be being used by the scammer here in Nepal. Scammers are also using such money for purchasing goods or in unauthorized crypto transactions.

The money is circulating internally through digital means rather than being withdrawn from ATMs as we might imagine. Therefore, accepting money from unknown sources or using Hundi carries the risk of ordinary citizens unknowingly becoming part of a crime.

• What is your advice to financial service users and the general public?

In conclusion, I would say that fraud is occurring not due to weaknesses in any system, but because individuals themselves share their confidential information (username, password, OTP). Do not give OTP codes received via email, Messenger, or WhatsApp to anyone. Do not click on unknown links or apps. It is crucial to understand that the key to your digital security is in your own hands.