Their calls and messages were routed via Singapore, China, Hong Kong and Dubai with the help of these VPNs.
“We have written letters to various internet service providers seeking their help in establishing the trail of such VPNs,” senior cyber police inspector Meenal Patil told TOI.
The investigation also revealed that the crooks have been using bank accounts held by poor and illiterate people in Noida, Delhi and other parts of the country by promising a commission to the account holders.
Since March 15, the cyber police alone have registered 20 FIRs and are verifying 45 complaint applications related to online task frauds, while 12 other FIRs have been registered at police stations.
Experts point out that it is extremely difficult to trace the identity and location of the caller or message sender when they use VPNs.
Retired Lt Col Santosh Khadsare, e-Sec Forte Technologies vice president (digital forensics and incident response), told TOI: “Typically, emails and messages are routed through various servers across the world. In many cases, there are five to six servers that relay the message globally before it reaches the end user. In cases where one server is not functional, data is routed through other servers. So, it is not easy for a receiver to identify the place of origin of the message.”
“VPNs, however, also offer privacy and security from online surveillance and tracking,” he said. “Tracking and identifying such messages is made more difficult when VPN hopping is used, which is an encryption process. The fraudsters may also be using onion routing through Tor to send messages that enable anonymous web browsing.”
Last year, the Indian Computer Emergency Response Team (CERT-IN) had issued regulations requiring VPN providers to keep records of their customers for a period of five years. But several VPN providers chose to move their operations out of India instead.