Financial & Economic Exploitation
Your money is the end goal of most digital attacks. This section covers how it is taken through payment fraud, account takeover, and the quieter extraction of your attention for commercial profit.
The Call That Looked Like Help
Meera was at her desk when her phone buzzed.
A transaction alert: Rs 12,400 debited from her savings account. She had not made any payment.
Ten seconds later, her phone rang. The caller ID showed her bank's name.
The man on the line knew her account number, her last three transactions, and her registered address. He sounded calm, professional, and urgent.
"We've detected a fraudulent transaction. To reverse it and freeze your account before more money leaves, I need you to verify your identity with the OTP that will arrive now."
The OTP arrived. She read it out.
Within 90 seconds, Rs 87,000 more was gone.
The caller was not her bank. The fraudster had already accessed her account through a breach. The first small debit was bait designed to trigger panic and make her trust a call she should never have answered.
The OTP she read aloud gave the attacker access to transfer everything.
What Is Actually Happening: Financial Exploitation at Scale
$10.2B
lost to financial fraud reported to the FBI in 2022 - the highest figure ever recorded. The 2024 figure is expected to be significantly higher.
Most losses involve a victim who believed they were talking to someone legitimate.
Source: FBI Internet Crime Complaint Center (IC3) Annual Report, 2023Irreversible in Minutes
Wire transfers cannot be recalled once processed. Victims recover less than 4% of wire fraud losses. The average loss per victim in 2024 was over $50,000.
2FA Defeated
SIM swap attacks bypass SMS-based 2FA entirely. The FTC received over 15,000 SIM swap reports in 2023, with losses averaging $11,000 per victim.
6-7 Hours Daily
The average person spends 6 hours 37 minutes online daily. Each minute is tracked, profiled, and sold. The global digital ad market generated $667 billion from this in 2024.
40% Rise in 2024
UPI fraud in India rose 40% in 2024, with over 1.3 million cases reported. Payment app fraud now accounts for 35% of all digital financial crime globally.
The 10-Minute Window
The simulation below puts you in the scenario Meera faced. You receive an alert and a call simultaneously. Six decisions. The correct sequence is shown after.
What That Just Showed You
1. The call and the transaction are the same attack. A real bank fraud team does not call you while a fraud is in progress and ask for an OTP. They freeze the account. If someone calls you during a suspicious transaction, assume the caller is the attacker.
2. Urgency is the mechanism, not the message. The pressure to act within minutes is engineered to stop you from pausing to verify. Real financial security never requires you to act in under two minutes.
3. Your attention itself has a price tag. Beyond direct theft, every platform you use turns your time and behaviour into revenue. The monetisation is quieter, but it is constant.
Three Things Worth Doing
1. Never read an OTP aloud to anyone who called you. Your bank will never ask for it. No legitimate business will either. An OTP is yours alone.
2. Call back on the number printed on your card. If you receive a fraud alert call, hang up and call the number on the back of your card. Do not use any number the caller gave you.
3. Know what your attention earns for others. Check your ad settings on Google, Meta, and your phone. See what profile has been built. Limit what you can.
One Question Before You Continue
Meera received a call from someone who knew her account number, recent transactions, and address. Why did this make the call more dangerous, not less?