Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Cyberfraud. Show all posts

The Business Consequences of Believing ID Verification Myths

 


With the advent of cybercrime, a highly lucrative industry has emerged, which in turn has drawn the attention of malicious actors eager to exploit the growing digital landscape. Cyber-attacks have become increasingly sophisticated and frequent and have made the news worldwide, marking one of the most significant shifts in economic power in history. In the wake of these incidents, many vulnerabilities are evident in digital business operations, highlighting the fact that no organization is completely safe from the growing threat of cyberattacks.

For this reason, cybersecurity has become a crucial strategic priority, as organizations understand that data breaches can cause severe financial and reputational damage. Despite increased awareness of cyber threats, businesses persist with a wide variety of misconceptions, fostering a dangerous sense of complacency that leaves them vulnerable to cyberattacks. Misconceptions often result in inadequate security measures leaving businesses vulnerable to cyberattacks, which makes it imperative to dispel these myths to strengthen cybersecurity defences and mitigate risks.

The Growing Threat of Fraud and the Need for Modern Identity Verification 


As a result of the sophistication of identity verification methods currently employed by fraudsters, they are rapidly outpacing traditional methods, utilizing sophisticated tools such as artificial intelligence-generated fake identifications, deepfake facial alterations, and synthetic identities to easily bypass weak security measures. 

The problem can become even more complex when the verification process is not well designed, as many legitimate customers do not wish to undergo cumbersome or overly complex authentication processes. Businesses have begun to recognize the importance of Know Your Customer (KYC) compliance and are increasingly adopting advanced frameworks to ensure compliance. Photo ID verification is becoming a popular solution. 

When implemented effectively, this approach significantly improves both the speed and security of identity verification, reducing friction and bolstering fraud prevention at the same time. The Consequences of Ineffective ID Verification In many organizations, verification processes that rely on manual document reviews or legacy scanning technologies are still outdated, and are not up to the challenge of dealing with modern fraud tactics, as they are proving inadequate in the face of contemporary fraud attacks.

Businesses are at substantial risk due to outdated systems that aren't able to detect sophisticated forgeries. There is a particular threat called synthetic identity fraud, which has become increasingly common in the banking and fintech industries in recent years. By combining fake and genuine data into an identity, fraudsters can circumvent basic verification protocols. They can fraudulently open bank accounts, secure loans, and build credit histories as a result. Synthetic identity fraud has been on the rise at alarming rates for over a decade now. 

The number of cases from the latter half of 2023 to the first half of 2024 has increased by 153%. The risk of stolen and falsified identities to retailers and online e-commerce platforms is also escalating. In addition to exploiting stolen driver's licenses and passports, fraudsters can also utilize stolen driver's licenses to establish fraudulent accounts, make unauthorized purchases, and manipulate return policies to create fraudulent accounts. 

A recent report from MasterCard suggests that merchants will suffer a $20 billion chargeback fraud cost by 2026, which is projected to increase to $28.1 billion by 2026, according to predictions. In addition to the immediate financial losses, businesses may also suffer severe operational, legal, and reputational repercussions as well. For example, regulatory authorities fined the cryptocurrency exchange Binance an unbelievable $4.3 billion in 2023 for regulatory violations. As a result, Changpeng Zhao, the exchange's CEO, resigned. 

The Path Forward 


Businesses can mitigate these risks only by implementing modern, technology-driven identity verification frameworks. By using advanced authentication methods, such as artificial intelligence-powered photo ID verification, biometric analysis, and real-time fraud detection, organizations can strengthen their security posture and deliver a seamless user experience while protecting themselves from fraud as fraud techniques continue to evolve. Proactive adaptation will be crucial for businesses to protect themselves against the latest fraud threats. 

Dispelling the Top Five Cybersecurity Misconceptions


All organizations across a wide range of industries remain concerned about the vulnerability of their networks to cyber-attacks. The security efforts of many organizations are undermined by persistent misconceptions, leaving them vulnerable to sophisticated cyber threats. Addressing these myths is vital to strengthening the security posture of an organization. In the following paragraphs, we will examine five of the most prevalent misconceptions about cybersecurity that can expose organizations to serious risks. 

Myth 1: Cybersecurity is Exclusively the Responsibility of the IT Department 


In many organizations, it is assumed that cyber security falls solely under the purview of IT departments, which is a common but mistaken assumption. It is well known that the IT departments play a key role in implementing security protocols and making sure technological defences are updated. However, cybersecurity is a collective responsibility that extends to all levels within an organization as a whole. As cybercriminals continue to exploit human vulnerabilities, they are often targeting employees via sophisticated phishing schemes that closely resemble official corporate communications to trick them into responding to the scam. 

As a result, even the most advanced security systems can be rendered ineffective if employees are not adequately informed or trained regarding cyber threats. Creating a culture of cyber awareness is essential for mitigating these risks, and senior leadership must foster this culture. To strengthen vigilance against potential threats, senior executives must take responsibility for security initiatives, establish comprehensive policies, and ensure that the whole organization is trained to deal with them. 

Myth 2: Cybercriminals Primarily Target Large Corporations 


Most people believe that cybercriminals exclusively target large corporations. The truth is, that cybercriminals target companies of all sizes, and small and midsized businesses, particularly SMEs, are more at risk than they realize due to their limited cybersecurity capabilities. 

Cybercriminals often adopt an opportunistic approach to their attacks, and they often target companies with weaker security systems. According to a Ponemon Institute study, 61% of small and mid-sized businesses (SMBs) experienced cyber-attacks during the last year. In most cases, malicious actors prefer to attack multiple smaller businesses in a single day with very little effort than attempt to penetrate well-fortified corporate entities in the first place. A key factor SMEs should consider to protect themselves from cyber threats is allocating adequate resources to cybersecurity, implementing robust security measures, and updating their defences continuously to stay abreast of evolving threats. 

Myth 3: Firewalls and Antivirus Software Provide Comprehensive Protection 


Even though firewalls and antivirus software are essential security tools, relying solely on them is a critical error that should be corrected. Cybercriminals continually develop sophisticated techniques to circumvent traditional defences by exploitation both technological and human vulnerabilities, as well as exploiting technological advances as well. Social engineering is a very prevalent attack vector, where adversaries manipulate employees into unwittingly granting access to sensitive information. 

Despite the most sophisticated security measures in place in the network, it can still be compromised if an attacker succeeds in luring an employee into divulging confidential information or clicking on a malicious link. In addition, software vulnerabilities represent an ongoing threat as well. 

Some security flaws are frequently fixed by developers through updates, however, organizations that do not apply these patches promptly will remain at risk of being exploited. Because 230,000 new variants of malware emerge every day, enterprises need to develop a multilayered security plan that encompasses regular software updates, employee education, and the use of advanced threat detection systems. 

Myth 4: Organizational Data Holds No Value to Cybercriminals 


Cybercriminals have long believed that an organization's data is worthless, but this belief is erroneous. In reality, data is regarded as one of the most highly sought-after commodities in the cybercrime community. Stolen information is frequently used to conduct fraudulent transactions, steal identities, and engage in illicit trade on underground markets. It is widely believed that identity theft is the primary driver of cybercrime, accounting for over 65% of breaches and compromising more than 3.9 billion records in 2018. 

With the advent of Cybercrime-as-a-Services (CaaS), the issue has been further exacerbated, as a result of which large-scale cyberattacks have been performed and a proliferation of stolen information on the dark web has emerged. As a means of preventing unauthorized data breaches, organizations need to implement stringent data protection measures, enforce robust access controls, and use encryption protocols to protect sensitive information. 

Myth 5: Annual Cybersecurity Awareness Training is Sufficient 


Considering how rapidly cyber threats are evolving, one-time security training sessions are no longer sufficient. In cyber-attacks, psychological manipulation is still used to deceive employees into giving out sensitive data or engaging with malicious content, a tactic known as social engineering. 

It is one of the most commonly used tactics in cyber-attacks. People's human error has become an increasingly serious security vulnerability, as individuals may find themselves inadvertently falling victim to increasingly sophisticated cyber scams as a result. In the absence of ongoing security education, employees will be less likely to recognize emerging threats and thus increase their chances of being successfully exploited. 

The organization's cyber security training should be based on a continuous learning model, with interactive modules, simulated phishing exercises, and periodic assessments to reinforce the company's best practices. To improve employees' ability to detect and mitigate cyber threats, organizations need to use a variety of training methodologies, including real-world scenarios, quizzes, and hands-on simulations. 

Cybersecurity Enhancement Through Awareness and Proactive Measures 


To establish a resilient security framework, it is imperative to debunk cybersecurity myths. Cyber threats are constantly changing, making it essential for organizations to implement comprehensive, multilayered security strategies that integrate technological defences, continuous employee education, and executive leadership support to combat them. A culture of cyber-awareness in businesses can minimize risks, safeguard digital assets, and strengthen their overall security posture by cultivating a sense of cyber-awareness in the organization. 

Conclusion: Strengthening Security Through Awareness and Innovation 


It is not uncommon for companies to be dangerously exposed to cyber threats because outdated security perceptions can continue to persist over time. The perseverance of ID verification myths and cybersecurity misconceptions can define weaknesses that fraudsters are swift to exploit in an increasingly automated world. There are several measures an organization can take to reduce these risks: adopting a proactive stance and using modern, technology-driven verification frameworks, educating its employees continuously about cybersecurity, and developing multilayered cybersecurity defences. 

Companies can stay ahead of emerging threats by utilizing artificial intelligence, biometric authentication, and real-time fraud detection, all while maintaining a seamless user experience. Keeping your company safe and secure is more than a static concept; it's about being vigilant, adapting, and making informed decisions constantly. 

There will always be a need for robust security measures on the digital landscape as it continues to evolve, but those who recognize the need to take these measures will be better prepared to protect their reputation, assets, and customers in the face of increasing sophistication of threats.

Emerging Allegations of Chinese Espionage Targeting US Treasury

 


An alleged hacker named Yin Kecheng and a cybersecurity company called Sichuan Juxinhe Network Technology Co were sanctioned on Friday by the US Treasury Department for involvement in a string of hacks against American telecom companies.

Kecheng is a Shanghai-based cybercriminal with an affiliation with the PRC Ministry of State Security who has been associated with the recent breach of the Department of Treasury's network. An organization called Sichuan Juxinhe, a cybersecurity company based in Sichuan, was directly involved with Salt Typhoon's cyber-attacks. 

PRC-linked Salt Typhoon cyber-espionage activities have resulted in numerous compromises of US telecommunications and internet service provider companies as part of a broad cyber espionage campaign, that has been carried out for several years. As a result of these intrusions, which are known as the Salt Typhoon, a massive number of American call logs have been exposed to Chinese spies, raising alarms in the US intelligence community. 

As far as some lawmakers are concerned, there have been instances where hackers have intercepted conversations with prominent politicians and government officials in the United States. Some lawmakers have described them as the worst hack on a telecom company in American history.

An agency within the U.S. Treasury Department (OFAC) has imposed sanctions on a Chinese cybersecurity firm and a Shanghai-based cyber actor in the wake of the recent compromise of a federal agency that appears to be connected to an organized criminal group known as Salt Typhoon. After the attack, it was revealed that the attackers had targeted the Office of Foreign Assets Control (OFAC) in addition to the Treasury Secretary's Office. 

According to a Washington Post report that cited unidentified US officials, China has been targeting the tools that the US uses to achieve its national security objectives, such as economic sanctions against adversaries, to do so. The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued an update that supports the notion that the attack directly targeted the US's structure that controls foreign economic affairs, supported by an update provided by CISA this week that further supports this theory. 

It has been reported that malicious cyber actors linked to the People's Republic of China (PRC) continue to target U.S. government systems, including the recent cyberattacks on Treasury's information technology (IT) systems, as well as sensitive US critical infrastructure," according to the Treasury. Also, Salt Typhoon, a group that is believed to be linked to the People's Republic of China, has recently allegedly breached nine major telecommunications firms in a huge attack on US critical infrastructure, according to reports. 

As a result of this, Verizon, AT&T, and Lumen Technologies were among the many victims, where threat actors had lurked in their networks for months. The Treasury's announcement is just one in a series of similar actions against Chinese threat actors. The company Integrity Technology Group, based in Beijing, was sanctioned on January 3 for its involvement in a Chinese state hacking group known as Flax Typhoon, which allegedly participated in the hacking. 

It has been reported that in December, another Chinese hacking contractor, Sichuan Silence Information Technology, was subjected to U.S. sanctions after being blacklisted along with an arrest warrant against a Chinese national who is accused of developing a zero-day exploit for Sophos firewalls while employed at Sichuan Silence. 

Aside from the designations, there have been several other steps taken by the Treasury to combat malicious cyber activity originating from Chinese hackers. The agency has previously sanctioned Integrity Technology Group (Flax Typhoon), Sichuan Silence Information Technology Company (Pacific Rim), and Wuhan Xiaoruizhi Science and Technology Company (APT31). A new executive order signed by the Biden administration on Thursday would allow Treasury to extend its authority to sanction anyone complicit in hacking crimes under the extortion laws, indicating the administration's intention to prosecute them more aggressively going forward. 

Treasury is empowered to sanction anyone who, directly or indirectly, enabled hacking, as well as anyone who knowingly uses hacked data for financial gain, under the executive order of January 15, 2011. The director of CISA, in a blog post dated January 15, 2009, wrote that Beijing’s cyber program is very sophisticated and well-resourced, which poses a threat to the critical infrastructure in the United States. 

As Easterly pointed out, the administration has managed to eradicate some Chinese intrusions, however, there is a need for further strengthening cyber security and vigilance across the public and private sectors to reduce threats from these groups. CISA has in response, she said, developed three "lines of effort" aimed at addressing persistent threats and reducing the risk to American citizens. The first step is to exterminate Chinese cyber actors from the victims' networks. There is also the possibility of collaborating on cyber defence with key industry partners in the fields of information technology, communication, and cybersecurity. 

As a final step, cybersecurity services such as CyberSentry, a threat detection capability managed by CISA, can be utilized to reduce the risk of Chinesecybercriminalss posing a threat. In addition to attack surface management, CISA also provides a form of cyber defence that involves identifying and mitigating the technology defects that allow cyber threats to gain an edge, and 7,000 critical service organizations have already used CISA's services. 

Easterly noted that the CISA service was already offered to more than 7,000 organizations that rely on critical services. The attackers are reported to have broken into no less than 400 computers owned by the Treasury, as reported in a recent Bloomberg report and stolen more than 3,500 files. These include documents such as policies and travels, organizational charts, sanctions, and foreign investment materials as well as 'Law Enforcement Sensitive' materials. Additionally, they were able to gain access unauthorized to the computers of Secretary Janet Yellen, Deputy Secretary Adewale Adeyemo, and Acting Under Secretary Bradley T Smith, as well as materials relating to investigations conducted by the Committee on Foreign Investment in the United States. 

Silk Typhoon has been linked to a cluster of Chinese espionage actors known for using Ivanti zero-day vulnerabilities extensively, which has been tracked by Google's Mandiant under the moniker UNC5221 by Mandiant, which is an espionage network owned by Mandiant. Throughout the last year, there have been an increased number of court actions, which led to the arrest of hacking suspect Yin Kecheng in Shanghai and the imposing of sanctions against Sichuan Juxinhe Network Technology Co., LTD, as well as their ability to conduct business in the United States. 

In the first instance, the Treasury Department sanctioned a Beijing-based cybersecurity company that is suspected of being involved in multiple cyberattacks targeting vital infrastructures in the United States earlier this month. U.S. accusations of hacking have been repeatedly denied by the Chinese government, including last month's dispute about the Treasury Department hacking allegations. 

The sanctions announced on Friday do not provide any new details regarding the scope of the hack into the Treasury Department, which the agency said was discovered on December 8. Thus, a third-party software provider, BeyondTrust, has pointed out that hackers were stealing a key that was used by the vendor to secure a cloud-based service that provides remote technical support to workers. This key facilitated the hackers in overriding the security measures of the service and gaining remote access to several employee workstations as a result.

India Launches New Initiatives to Combat Spam and Cyber Fraud

 


There is a renewed effort underway in the fight against spam and unsolicited commercial communication as the Department of Telecom (DoT), the telecom regulator Trai, and private telecommunication companies are launching new programs to combat cyber fraud and phishing attacks that are on the rise. 

Several regulatory agencies have been working hard to crack down on spammers and block the numbers of individuals who are engaging in fraudulent activities as detected by Trai and the DoT. It has been reported that the Trai and DoT have been targeting spammers and blocking numbers that seem suspicious. 

Additionally, they have met with representatives from telecom companies to establish new rules regarding vigilance and curbing unwanted activities to control them more effectively. The company has developed an AI-driven tool that helps identify spam and sends an alert to customers if it detects it. A blockchain-based spam control system has been rolled out by Vodafone Idea as part of its SMS spam control program. 

As part of Bharti Airtel's campaign to handle the issue of spam for customers, the company launched India's first network-based, AI-powered spam detection solution on Wednesday. It has been a long time since they met with top representatives from telecom companies and asked them to be vigilant against these criminal activities as well as stipulating new rules to counter them in the future. 

A report issued by the Telecom Regulatory Authority of India and the Department of Telecommunications has indicated that over a crore fraudulent mobile connections have been disconnected, as well as 2.27 lakh handsets that are subject to financial fraud and cybercrime. According to Trai, mobile operators have been encouraged to disconnect telecom resources that are used for bulk spam calls and they have stated that such entities could be blacklisted for up to two years if they are not disconnected. 

Furthermore, telecom companies will be required to check all SMS transmissions containing non-whitelisted URLs, to reduce the misuse of SMS headers and templates and, as a result, ensuring that standard SMS protocols are followed. Trai has mandated as of November 1, all telecommunications operators shall ensure the traceability of messages from the point of origin to the point of destination. 

 According to Airtel CEO Gopal Vittal, spam has become a menace for its customers. It is believed that the entire industry needs to work together to resolve this problem comprehensively... (and) to shield our customers from the continuous onslaught of intrusive and unwanted communications. The Vodafone Idea announced that it will launch soon a URL whitelisting platform, stating, "Vi is participating actively on the topic along with the TRAI, COAI, and other relevant groups.". 

Airtel's data scientists are using a proprietary algorithm to identify and classify calls and SMSs as 'suspected SPAM' through the AI-powered solution developed in-house by Airtel's data scientists. A network powered by artificial intelligence analyzes, in real-time, several parameters including the usage patterns of the caller or sender, the frequency of calls and SMS, and the duration of the calls, among other factors. 

As a result of comparing the information you provide with this information with known spam patterns, the system can flag suspicious calls and SMSs. Further, Airtel has developed a system that notifies customers when malicious links are sent via SMS. To achieve this, Airtel has built a centralized database of blacklisted URLs, and every SMS is scanned in real-time by an AI algorithm to alert users in order not to click on those links accidentally.

Cyber Heist: Rs 40 Crore Taken from IndusInd Bank

 


According to Maharashtra Cyber, which reported the recovery of 31.89 crores out of 40 crores allegedly fraudulently transferred from IndusInd Bank to 20 different mule accounts on Friday, the agency said. As a result of the fraud, more than $4.2 million were stolen from ATMs around the country, while police are still looking for the remaining $2.87 million. 

It has been reported that IndusInd Bank in Mumbai has reported a loss of Rs 40 crore as a result of an unauthorized transaction which took place on their network. Maharashtra Cyber Police, responsible for detecting and responding to cyber frauds in the state, has managed to recoup Rs 32 crore as a major achievement in one of the state's largest cases of cyber fraud. According to the bank's Hyderabad branch manager, he is being held responsible for making unauthorized transactions on behalf of the bank. 

By improving the reporting process through the National Cybercrime Reporting Portal (NCCRP), the Maharashtra Cyber Police were able to take swift action on the report of the cybercrime within a short period. With such a prompt response, the authorities were able to track down and freeze the fraudulent accounts in a short period. In addition to the fraudulent transactions, the Hyderabad branch manager also made two significant transfers of Rs 15 crore and Rs 25 crore with no authorization from the Mumbai head office on whether these transfers should be carried out. 

A total of nearly 20 accounts were involved in the disbursement of the funds. Even though the Hyderabad police department registered the FIR, it was Mumbai that originally made the complaint. The team’s efforts and process continued, resulting in blocking a total of ₹32.89 crore till July 25 in 11 bank accounts in India. The fraud managed to withdraw ₹4.24 crore from different ATMs of the bank, said Shintre. Efforts are still on to recover the remaining money,” he added. 

The amount was transferred to different banks from the Hyderabad branch, so an FIR has been registered there, and the Hyderabad police are investigating the case. After the Maharashtra Cyber Police team got wind of the complaint on July 19, one of its officers explained that the team immediately started pursuing the matter. In coordination with all finance intermediaries responsible for the processing of the money, they were able to place a hold on approximately Rs 31 crore by 6 PM on the same day. 

IndusInd Bank's Bandra Kurla Complex branch, which is located at the Bandra Kurla Complex (BKC), was alerted to the fraud through their helpline number after informing the cyber police about the fraudulent transactions. It was only after the cyber police took action that they were able to freeze the accounts worth 312.890 crores, which were held in various banks. According to the report, the team noticed on July 19 that there has been significant fraud involving transactions amounting to approximately $40 crore that have been reported. 

Following the realisation of the urgency of the situation, a team was immediately formed, and the following morning a follow-up process was initiated and immediate coordination was initiated with the appropriate financial intermediaries involved in the transactions. This resulted in an approximate saving of approximately 31 crores by 6 pm that day," said Shintre. A total of 31.89 crores of currency worth 32.89 crores were blocked from 11 bank accounts in India as a result of the team's work and process up until July 25. 

Shintre informed the press that the fraudster was able to withdraw a total of Rs.4.24 crore from ATMs across the bank. The team is constantly working on recovering the remaining money to get it back," he stated. It is believed that the money from the Hyderabad branch was transferred to different banks, which is why an FIR was filed there, and the Hyderabad police are presently investigating the situation. 

In the past three and a half years, Maharashtra Cyber has received 281,019 reports of cyber fraud, resulting in a staggering loss of approximately ₹3,325 crore to complainants across the state. During this period, efforts by the Cyber Police have successfully blocked and safeguarded around ₹358.77 crore in transactions through banking channels. 

The scale of the issue is reflected in the daily volume of calls received by Maharashtra Cyber's helpline number, 1930, which averages between 4,000 and 5,000 calls. To manage this influx, the organization operates 20 functional lines manned by a dedicated workforce of over 110 individuals working round-the-clock. A specialized team of 10 personnel focuses exclusively on follow-up procedures, liaising directly with banks and law enforcement agencies to expedite the resolution of complaints. 

Additionally, Maharashtra Cyber has implemented dedicated Artificial Intelligence (AI) units across various branches. These units facilitate data analysis, pattern recognition, digital forensics, and behavioural analysis, significantly aiding investigators in their efforts. From 2021 to July 26, 2024, the helpline recorded a total of 281,019 complaints, resulting in the recovery of ₹3,324.90 crore from fraudulent transactions, with an additional ₹358.77 crore placed on hold. This underscores the effectiveness and commitment of Maharashtra Cyber in addressing and mitigating cybercrime incidents. Ongoing investigations are aimed at ensuring compliance with RBI regulations and enhancing internal banking checks to prevent future occurrences.

Government Shuts Down Two Telemarketing Giants for 5.5 Million Fraudulent Calls

 


Several telemarketing entities, notably V-Con Intelligent Security and OneXtel Media, have been suspended by the Department of Telecommunications (DoT) for disseminating malicious messages through their services. According to a report by the Economic Times (ET), these two telemarketers alone were responsible for sending a record 55.5 million spam messages since January of this year. 

In light of the escalating incidence of SMS fraud within the country, the DoT has taken decisive action to suspend these two telemarketing companies, aiming to mitigate the risks associated with such scams. The DoT's directive, issued on July 15, identified V-Con Intelligent Security and OneXtel Media as platforms for sending customers malicious and phishing SMSes. Reports submitted to the Sanchar Saathi portal, particularly from the 'Chakshu' facility listed under the 'Services' section, highlighted these malicious activities. 

Comprehensive analysis of information provided by citizens enabled the DoT to make significant discoveries and undertake specific interventions. In its efforts to combat the proliferation of malicious SMS activities, the DoT has issued orders for the suspension and blacklisting of 131 Principal Entities (PEs), as well as approximately 5,000 SMS templates and 700 SMS headers linked to these activities. Despite these measures, new headers emerge, allowing fraudulent SMSes to be sent to citizens and raising ongoing concerns. 

Investigations have revealed that Onextel Media Pvt Ltd and V-Con Intelligent Security Pvt Ltd were responsible for a substantial portion of these malicious SMSes, accounting for 5.55 crore out of the 5.66 crore reported incidents. The DoT directive also mandates telecom companies to file police complaints against these telemarketers for circumventing the Distributed Ledger Technology (DLT) platform and distributing phishing messages.

The DLT platform is utilized to authenticate registered telemarketers and their messaging components, preventing unregistered entities from sending promotional messages. The DoT's actions were prompted by numerous complaints from telecom users regarding malicious SMSes. In response, the DoT employed facial recognition technology to block 6.76 lakh SIM cards and 10,296 mobile phones in Gujarat that were linked to cybercrime activities. 

Further investigations revealed financial connections between the identified companies and various organized transnational crimes, including fraudulent stock investments, prompting the Gujarat Police to launch inquiries. Despite the collaborative efforts involving telecom companies and regulatory bodies such as the Telecom Regulatory Authority of India (TRAI), the Reserve Bank of India (RBI), the Securities and Exchange Board of India (SEBI), and the Insurance Regulatory and Development Authority of India (IRDAI), significant challenges persist in curtailing spam and scam activities. The continuous evolution of spamming techniques poses a formidable challenge, necessitating ongoing adaptation and enhancement of countermeasures to effectively mitigate such threats.

New Online Scam: Fraudsters Pose as Police Officers to Extort Money



Cyber fraudsters have developed a new method to deceive unsuspecting individuals by posing as police officers and claiming that a relative has been arrested in a narcotics case. They demand a bribe to drop the charges, preying on the victims' fear and urgency to help their loved ones.

This tactic is a variation of the well-known courier scam, where fraudsters call individuals, claiming that a package in their name containing narcotics was intercepted by customs officials. They then demand money to resolve the issue. The new approach involves impersonating police officers and alleging that a family member has been detained for drug-related offences.

Recent Incidents Highlight the Threat

Several cases of this scam have been reported recently. On Wednesday, the North Division Cyber Crime Police registered a case against an unidentified person who, posing as a Delhi police officer, extorted ₹7,000 from a private firm employee named Srinivas Nageshwara Rao. The fraudster claimed Rao’s daughter was arrested for drug consumption and was being taken to Delhi. The scammer promised to drop the charges if Rao paid ₹15,000. Rao transferred ₹7,000 online but later grew suspicious and confirmed with his daughter that she was safe at college.

Another victim, an 18-year-old student, was swindled out of ₹65,000. The fraudster, posing as a police officer, told her that her father had been arrested for drug peddling and demanded money to release him and drop the charges. The student transferred the money but later realised she had been scammed.

In a similar case, a software engineer from Kasavanahalli, Utkarsh Srivatsastav, reported to the Bellandur police that he was cheated out of ₹40,000. The scammer, pretending to be a police officer, claimed that Srivatsastav's son was involved in illegal activities and would be arrested unless a bribe was paid. Srivatsastav transferred the money online before discovering the fraud.

Police Action and Legal Measures

Based on these complaints, the police have charged the fraudsters under Section 66C (identity theft) of the IT Act, 2000, and are conducting further investigations. Authorities are urging the public to be vigilant and sceptical of unsolicited calls demanding money, especially those involving legal or police matters.

Protecting Yourself from Scams

To avoid falling victim to such scams, individuals should:

1. Verify the identity of the caller by contacting the relevant authorities directly.

2. Never transfer money based on a phone call alone.

3. Report suspicious calls to the police immediately.

By staying informed and cautious, the public can protect themselves from these deceptive tactics and help authorities catch the perpetrators.


USSD Call Forwarding Deactivation: India's Move to Safeguard Against Cyber Fraud

 


The Department of Telecommunications (DoT) has recently taken a step to tackle the surge in online fraud cases across the country. To counter various incidents of fraud resulting from illegal call forwarding, the authorities have required all telecom operators in the country to allow their USSD-based call forwarding services to be deactivated from April 15, 2024.  

In other words, USSD (Unstructured Supplementary Service Data) is a technology that makes it possible for mobile users to gain access to a wide variety of services provided by phone networks by dialling shortcodes such as *401#. Criminals impersonate customer support to trick users into dialing this code followed by their number and into being tricked by them. 

As a result, the fraudster will usually be able to receive all phone calls and forward them to him. The USSD (Unstructured Supplementary Service Data) is commonly used by users to check balances, block numbers, and other information with the option of dialling simple codes. As a result, such social engineering attacks are vulnerable to this particular system by the DoT. 

Several services can assist users with this, including call forwarding, as well as phone number rerouting. In addition to checking mobile phone balances and IMEI numbers, the service is also commonly used to check the health of mobile phones. An order has been issued as a result of an ongoing investigation into frauds involving mobile phones and online crimes that have been committed. 

In making this decision, they do so in response to a rising number of concerns about fraud, and misuse, as well as the increasing number of online scams occurring in the wake of the call forwarding feature. Once users suspend the service for their number, users will need to reactivate any call forwarding that has been set up on it. If they already have it enabled, they will have to reactivate it. 

There have been rumours, however, that users may have to use alternative methods of activating call forwarding, which has yet to be specified, to perform this functionality. The traditional ways for users to manage the forwarding of their calls will now need to be replaced by alternative ways for providers to do so. The suspension of USSD-based call forwarding services comes amid concerns about the susceptibility of such services to fraudulent activities within the telecommunications sector. 

While the request does not imply a permanent removal of the service, there are speculations that it may be reintroduced in the future with enhanced security measures to prevent misuse and fraud. Telecommunications fraud often involves cybercriminals exploiting vulnerabilities within call forwarding systems to unlawfully access sensitive information. 

One prevalent tactic utilized by fraudsters involves persuading unsuspecting users to enable call forwarding to alternative phone numbers via USSD commands. Once activated, these diverted calls serve as a conduit for intercepting confidential data, such as one-time passwords (OTPs), intended for authentication purposes. 

The USSD service, accessed by inputting specific codes on mobile keypads, offers various functionalities including prepaid balance checks and IMEI retrieval. Among these functions is the activation of unconditional call forwarding, a feature now under scrutiny due to reported instances of misuse. 

The DoT's directive to deactivate USSD-based call forwarding represents a proactive measure aimed at disrupting fraudulent schemes. By eliminating this option, telecom operators can thwart fraudsters from exploiting the feature for illicit activities. This action not only protects mobile phone users but also bolsters the integrity of the telecommunications infrastructure.

In summary, the mandated suspension of USSD-based call forwarding services marks a significant stride in combating fraudulent practices in the telecommunications realm. By depriving fraudsters of a crucial tool, the DoT's initiative contributes to the advancement of cybersecurity and fosters a safer digital landscape for both consumers and businesses.

Digital Arrest Scam: Woman Doctor Duped for 40 Lakhs, Loses Her Entire Savings

Digital Arrest Scam

In today’s digital world, our lives are interconnected through the internet. From shopping on the web and managing finances to connecting with our loved ones, everything is done online these days. 

But the comfort also comes with some risks. 

Professor scammed with Rs 40 Lakhs 

In a recent online scam, a government medical university professor fell victim to a “digital arrest” scam and was tricked into paying a heavy amount of Rs 40 lakhs. The scam technique is called “digital arrest” where a scammer fools the victim under the disguise of law enforcement agencies. 

“An arrest warrant has been issued in your name. All your financial accounts will be frozen and they will be investigated. Till then you are put under ‘digital arrest’. After that they called me on Skype and showed me many documents which included my phone number, Aadhaar number, and which also included my arrest warrant,” she said.

The Attack: What happened?

On March 11, the professor received a call purportedly from Maharashtra. The caller alleged that a phone number issued under her ID in July 2023 was involved in illegal activities, including text message scams, phishing, and money laundering.

The call was then transferred to another individual claiming to be from the Maharashtra police headquarters. This person accused her of opening a fraudulent account in Canara Bank, Mumbai, leading to money laundering activities. The caller even spoke about an arrest warrant issued in her name.

The scammer threatened her, stating that all her financial cards, PAN, and Aadhaar had been blocked. They claimed she was under ‘digital arrest’.

To add to her distress, the scammers showed her documents via Skype, including her phone number, Aadhaar number, and the alleged arrest warrant.

The professor was coerced into transferring a staggering amount of Rs 31.31 lakh on March 11, followed by Rs 9 lakh from another account the next day.

The scammers instructed her to maintain constant communication, provide personal information, and refrain from contacting anyone else, citing national security concerns and the purported involvement of police and bank officials in the scam.

Realizing she had fallen victim to cyber fraud, she promptly reported the incident to the cybercrime police station and filed a formal complaint.

Impact of the attack

According to police, “A staggering amount of Rs 31.31 lakh was transferred by her on March 11, followed by Rs 9 lakh from another account the next day.” 

The stolen money was the professor’s entire savings, which she had kept for her kids’ studies and her future.

Triveni Singh, a former SP in the Cyber Cell and a cyber expert said that no reputable agency will request a Skype chat for reasons of investigation or arrest. There's nothing like a 'digital arrest'.


Decoding Cybercriminals' Motives for Crafting Fake Data Leaks

 

Companies worldwide are facing an increasingly daunting challenge posed by data leaks, particularly due to the rise in ransomware and sophisticated cyberattacks. This predicament is further complicated by the emergence of fabricated data leaks. Instead of genuine breaches, threat actors are now resorting to creating fake leaks, aiming to exploit the situation.

The consequences of such falsified leaks are extensive, potentially tarnishing the reputation of the affected organizations. Even if the leaked data is eventually proven false, the initial spread of misinformation can lead to negative publicity.

The complexity of fake leaks warrants a closer examination, shedding light on how businesses can effectively tackle associated risks.

What Drives Cybercriminals to Fabricate Data Leaks?

Certain cybercriminal groups, like LockBit, Conti, Cl0p, and others, have gained significant attention, akin to celebrities or social media influencers. These groups operate on platforms like the Dark Web and other shadowy websites, and some even have their own presence on the X platform (formerly Twitter). Here, malicious actors publish details about victimized companies, attempting to extort ransom and setting deadlines for sensitive data release. This may include private business communications, corporate account login credentials, employee and client information. Moreover, cybercriminals may offer this data for sale, enticing other threat actors interested in using it for subsequent attacks.

Lesser-known cybercriminals also seek the spotlight, driving them to create fake leaks. These fabricated leaks generate hype, inducing a concerned reaction from targeted businesses, and also serve as a means to deceive fellow cybercriminals on the black market. Novice criminals are especially vulnerable to falling for this ploy.

Manipulating Databases for Deception: The Anatomy of Fake Leaks

Fake data leaks often materialize as parsed databases, involving the extraction of information from open sources without sensitive data. This process, known as internet parsing or web scraping, entails pulling text, images, links, and other data from websites. Threat actors employ parsing to gather data for malicious intent, including the creation of fake leaks.

In 2021, a prominent business networking platform encountered a similar case. Alleged user data was offered for sale on the Dark Web, but subsequent investigations revealed it was an aggregation of publicly accessible user profiles and website data, rather than a data breach. This incident garnered media attention and interest within the Dark Web community.

When offers arise on the Dark Web, claiming to provide leaked databases from popular social networks like LinkedIn, Facebook, or X, they are likely to be fake leaks containing information already publicly available. These databases may circulate for extended periods, occasionally sparking new publications and causing alarm among targeted firms.

According to Kaspersky Digital Footprint Intelligence, the Dark Web saw an average of 17 monthly posts about social media leaks from 2019 to mid-2021. However, this figure surged to an average of 65 monthly posts after a significant case in the summer of 2021. Many of these posts, as per their findings, may be reposts of the same database.

Old leaks, even genuine ones, can serve as the foundation for fake leaks. Presenting outdated data leaks as new creates the illusion of widespread cybercriminal access to sensitive information and ongoing cyberattacks. This strategy helps cybercriminals establish credibility among potential buyers and other actors within underground markets.

Similar instances occur frequently within the shadowy community, where old or unverified leaks resurface. Data that's several years old is repeatedly uploaded onto Dark Web forums, sometimes offered for free or a fee, masquerading as new leaks. This not only poses reputation risks but also compromises customer security.

Mitigating Fake Leaks: Business Guidelines

Faced with a fake leak, panic is a common response due to the ensuing public attention. Swift identification and response are paramount. Initial steps should include refraining from engaging with attackers and conducting a thorough investigation into the reported leak. Verification of the source, cross-referencing with internal data, and assessing information credibility are essential. Collecting evidence to confirm the attack and compromise is crucial.

For large businesses, including fake leaks, data breaches are a matter of "when," not "if." Transparency and preparation are key in addressing such substantial challenges. Developing a communication plan beforehand for interactions with clients, journalists, and government agencies is beneficial. 

Additionally, constant monitoring of the Dark Web enables detection of new posts about both fake and real leaks, as well as spikes in malicious activity. Due to the automation required for Dark Web monitoring and the potential lack of internal resources, external experts often manage this task.

Furthermore, comprehensive incident response plans, complete with designated teams, communication channels, and protocols, facilitate swift action if such cases arise.

In an era where data leaks continuously threaten businesses, proactive and swift measures are vital. By promptly identifying and addressing these incidents, conducting meticulous investigations, collaborating with cybersecurity experts, and working with law enforcement, companies can minimize risks, safeguard their reputation, and uphold customer trust.

Fines for Facebook Privacy Breaches in Norway Crack Down on Meta

 


A fine of 1 million crowns ($98,500) will be imposed on the owner of Facebook, Meta Platforms, by the Norwegian Data Protection Authority (Datatilsynet) starting August 14 due to a privacy breach that occurred before that date. A significant penalty of this magnitude could have major implications for other countries in Europe as well since it may set a precedent.

In a court filing, Meta Platforms has requested that a court in Norway stay a fine imposed by the Nordic country's information regulator on the company that owns Facebook and Instagram. It argued that the company breached users' privacy via Facebook and Instagram. 

It appears that Meta Platforms has filed a court filing requesting a temporary injunction against the order to prevent execution. During a two-day hearing to be held on August 22, the petition will be presented by the company. Media inquiries should be directed to Meta company's Norwegian lawyer, according to company's Norwegian lawyer. An inquiry for comment was not responded to by Meta Platforms. 

According to Datatilsynet, Meta Platforms have been instructed not to collect any personal data related to users in Norway, including their physical locations as part of behavioral advertising, i.e. advertising that is targeted at specific user groups. 

Big Tech companies tend to do this type of thing a lot. Tobias Judin, Head of Datatilsynet's international section, said that the company will be fined 1 million crowns per day as of next Monday if the company does not comply with the court order. 

Meta Platforms have filed a court protest against the imposition of the fine, according to Norway's data regulator, Datatilsynet. Datatilsynet will be able to make the fine permanent by referring the decision to the European Data Protection Board, which also holds the authority to endorse the Norwegian regulator's decision, after which the fine will be effective until November 3 at which point it could be made permanent by the Norwegian regulator. 

Successful adoption of this decision would have an impact on the entire European region if it were to be approved. Currently, Datatilsynet has not taken any further steps in implementing these measures. In a recent announcement, Meta announced that it intends to seek consent from users in the European Union before allowing businesses to use targeted advertisements based on how they interact with Meta's services like Instagram and Facebook. 

Judin pointed out that Meta's proposed method of seeking consent from users was insufficient and that such a step would not be wise. As a result, he required Meta to immediately cease all data processing, and not to resume it until a fully functional consent mechanism had been established. There is a violation of people's rights with the implementation of Monday, even though many people are unaware of this violation. 

A Meta spokesperson explained that the decision to modify their approach was prompted by regulatory obligations in the European region, which came as a result of an order issued in January by the Irish Data Protection Commissioner regarding EU-wide data protection regulations. 

According to the Irish authority, which acts as Meta's primary regulator within the European Union, the company is now required to review the legal basis of the methods that it uses to target customers with advertisements. While Norway may not be a member of the European Union, it remains a member of the European Single Market, even though it is not a member of the EU.

Elevated Cybercrime Risks in Metro Cities: Understanding Urban Vulnerabilities

 


In metropolitan cities, cyber fraudsters understand how people think. It is not surprising that they provide certain services so quickly and efficiently to people with busy lives. Experts have found that this puts them at a higher risk of scams. With the help of cyber security pundits and regular victims of this problem, CNBC-TV18 gets to the bottom of the problem. 

Major metropolitan cities are seen as prime targets for cybercriminals as cybercrime becomes more common. They set up more operations to achieve their goals.  It is possible to estimate the gravity of the situation by looking at Chennai, which has been the victim of nearly 8 million malware-related attacks in its history alone.  

Metropolitan cities are more vulnerable to cybercrimes as they have a lot of digital infrastructure and online services available to them. However, they lack strong data protection policies for their customers. The rise in cybercrime focuses cybercriminals' attention on the major metropolitan areas of the country. 

By simply looking at Chennai's condition, which received nearly 8 million malware-related attacks last year, one can determine the gravity of the situation, which can be calculated by looking at the condition there.

It has been announced by QuickHeal that more than 80,000 malware threats are detected and blocked every hour of the day, according to their official report. It has been estimated that there have been more than 1.91 million ransomware attacks to date. There have been numerous attacks resulting from the pandemic that have been used to benefit attackers. Arogya Setu is an app that you need to install on your smartphone if you want to attend Arogya Setu classes. 

People and organizations needed to track Covid-19-related information on the internet and social media regularly. Due to this, attackers were able to take advantage of it and created fake COVID-19 links to spread these links. 

Users clicked on the links in these messages, and malicious files were loaded onto their systems. Many of these files were detected and blocked by antivirus software. It was not only covid-19 that was included in the phishing links, but also other things like offers for jobs, free internet, online money, and other interesting things as well.  

Among the services QuickHeal provides, it has been reported that people are starting to become more familiar with the use of digital tools and antivirus software to protect their computers. Despite all this, there is still a long way to go since Internet usage is not considered a healthy activity by most people.  

In the order of most detected malware, the following were the most detected malware types: Trojans, Infectors, Worms, and Potentially Unwanted Applications (PUAs). The threat landscape still has its place for ransomware as it continues to encrypt sensitive user information, which is then sold on the dark web by attackers in exchange for money. 

Cybersecurity experts do not take data security very seriously and rely on third parties to maintain their data. According to these experts, many of these companies outsource their data maintenance to third parties. These third parties then sell the data to cyber criminals and cyber criminals get easy access to the data. Having more data means more opportunities for cyber fraudsters to commit fraud.

In 2019, according to the National Crime Record Bureau, there were 18,500 cases of cyber fraud reported in 19 metropolitan cities of the country, which accounted for 41 percent of the total cases of cyber fraud detected in the country. This number increased marginally in 2020 as 18,657 cases were reported in the metropolises of India - 37 percent of India's total number of cases that year. 

In contrast, cyber fraud cases in metropolitan cities have decreased since 2021, according to statistics - there were 17,115 reported cases - accounting for 32 percent of the total cases relating to cyber fraud in India. It is estimated that there are many more cases than reported, according to experts. 

As a result of the high number of cybercrime incidents targeting metropolitan cities, the authorities are aware of this problem. Several states and cities have created specialized cyber cells to combat such frauds, and they work together. Although, these authorities allege that operation hurdles have made it difficult to eradicate such crimes, which makes bringing them down difficult. 

When a person has realized that they have been scammed by a scammer, experts recommend that they log onto the cybercrime portal or call 1930 immediately. The experts suggest that any request for personal information, such as debit or credit card pins, or a one-time password should raise red flags and should be reported as soon as possible. 

Furthermore, these experts urge that all online transactions should only be carried out through secure, verified portals, and individuals should not upload sensitive documents or information to unverified or unknown portals without prior confirmation from the portal's owner.

Cybersecurity experts recommend that people avoid answering video calls from unknown numbers and not fall for lucrative offers. Anything that appears too unbelievable to be true is a scam. Thus, the best method of preventing cybercrime remains precaution and awareness. 

As per the findings of the National Crime Records Bureau (NCRB), 962 cybercrime cases were reported in India in 2014, 11592 cases were investigated in 2015, and 12,317 cases were reported in 2016. I believe that cybercrime incidents in India are increasing. 

Business is moving online, which means organizations have to ensure the network that their customers are using is safe and secure. As well as upgrading their technology, they should also hire employees with good management and security skills, who are trained in the protocols of security management, and who are adept at managing and securing sensitive customer data. 

The protection of adults' data is of paramount importance, especially for those over the age of 75. These people have an insufficient understanding of how technology works at the moment. As a result, companies and individuals both must understand how to tackle cyberattacks and educate the public about their detection. 

A Major Public Pension Fund Suffered a Massive Data Breach

 

It was reported Wednesday that hackers stole the names and social security numbers of around 769,000 retirees and beneficiaries of the California Public Employees' Retirement System. In addition, hackers stole their birth dates and other personal information. During the attack, the attackers exploited vulnerabilities in a contractor's cybersecurity system. In a data breach caused by a third party, some CalPERS members' personal information was exposed. 

According to the California Public Employees Retirement System, PBI Research Services/Berwyn Group was informed on June 6 that its database had a security breach. The hack was carried out using a popular application that allows file transfers between devices.

There are more than 2 million CalPERS members throughout the country, making it the largest pension fund in the country. In addition to covering the health needs of over 1.5 million members and their families, this organization also provides medical insurance. A spokesperson for CalSTRS, the second-largest public pension plan in the country, told reporters Thursday that it had also been hacked by the same vendor. However, no details were provided about the victims. CalSTRS has reported that 415,000 members and beneficiaries have been affected.  

To support accuracy in payments to retirees and beneficiaries, CalPERS uses the MOVEit Transfer Application. This application encrypts data as part of its process to prevent overpayments or other errors when processing payments to retirees or beneficiaries. CalPERS uses PBI's MOVEit Transfer services to transfer. A benefit information verification process is also carried out by this department. Millions of people all over the world use the MOVEit Transfer app, which was also impacted by the data breach as the app is used by thousands of organizations. 

CalPERS retirees and their survivors were exposed to the vulnerability that PBI has since identified and resolved. Law enforcement has also been notified of the incident. 

There are 17,000 teachers enrolled in the CalSTRS system. This is the largest teachers' retirement system in the United States and the second-most comprehensive pension fund in the world after Social Security. With more than 947,000 members, it is one of the largest mutual insurers in the world. 

As reported in CalPERS' latest release, the agency has not yet identified the vulnerability in its MOVEit Transfer Application that was reported to the agency on June 6 by its third-party vendor, PBI Research Services. This vulnerability has since been fixed. 

PBI allows CalPERS to identify death cases among its members and ensure proper payments are made to beneficiaries and retirees alike. 

CALPERS said that due to the app's vulnerability, third parties could download information such as first and last names, date of birth, and Social Security numbers by downloading the app, the organization said. There was also the possibility of accessing the names of family members. 

According to CalPERS, the breach affected neither CalPERS's information systems nor my CalPERS, which provides access to active members. Members' monthly benefit payments will also not be affected by this change.

This breach did not affect CalPERS' information security systems. Although this is true, CalPERS has incorporated new security protocols for its website, call centers, and office locations. Members will be able to continue receiving monthly pension payments as per their personal preferences in the future. 

The CalPERS Retirement System has joined forces with Experian to offer members whose personal information has been stolen a two-year credit monitoring service and an identity restoration service. Members affected by the policy change received letters outlining how to access these services and how to do so.  

It was reported on CalPERS' website earlier this week that all affected members are eligible for two years of free credit monitoring and identity restoration through Experian through an online Q&A posted there. 

The CalPERS agency mailed letters Thursday with an agency logo and a message signed by the CEO. The letters explain what options are available and how to enroll in them.

As reported by Brett Callow, threat analyst at the cybersecurity firm Emsisoft, the hackers behind the attack claim that they have hit hundreds of businesses, government agencies, and other entities throughout the world that did not protect themselves from the attack. 

Approximately 100 companies have reported personal data theft so far, Callow said, and about 30 more are expected to do so soon. In an official report issued last week, the U.S. The Health and Human Services Department announced that the flu outbreak affected millions of Americans. 

Those who have not received this letter and believe they have impacted personal information may contact 833-919-4735 to file a complaint. As for the center's operations hours, they are Monday through Friday, 6:00 a.m. up until 8:00 p.m. Pacific Time, while on Saturdays and Sundays, from 8:00 a.m. up until 5:00 p.m. 

The California Public Employees' Retirement System also encourages its members to regularly review and monitor their accounts and credit history for unauthorized transactions or activity. It also encourages them to notify local police if fraud or identity theft occurred.

Fraudsters Target Kolkatans With Message-Forwarding Software

 


As online financial transactions became simpler and easier to conduct, the number of fraudulent transactions involving digital financial transactions also increased. Taking advantage of the increased sophistication of the fraudsters does not seem to be a problem. Cybercriminals, especially those inexperienced with financial transactions, have slowly begun using other platforms to dupe naive and gullible people after phishing and lottery scams.

Another way fraudulent activity is being carried out by fraudsters is by sending links via text messages to Kolkatans who are being targeted by them. The links on the website are the ones that notify users that a substantial amount has been credited into the accounts of these players. 

The police said that if one clicks on such a link to claim the money, the entire amount of funds may be transferred from the victim's account to the fraudsters' account and they will not even require them to share any OTP as part of the fraud. 

The UPI platform is used for several fraud types. Neither of these is a result of UPI problems but rather a consequence of deceptions by criminals. 

Analysts call it APK fraud as victims are tricked into downloading APK files that compromise their phones. This is done by clicking links sent by fraudulent parties to download APK files.  

An APK file download will result in an SMS-forwarding application being installed on the device and it will divert all incoming text messages to another number, so the victim isn't alerted when the money is debited from his or her account because the SMS will be forwarded to another number. According to an officer at the Lalbazar cyber cell, an SMS alert isn't received by the victim. 

There is a new method of gaining remote access to the phones of their victims that has become a weapon of choice for fraudsters. According to the officer, the scammers are claiming in their fake message to have received a large amount credited to their gaming account. 

It was reported by the Calcutta Telegraph that some Calcuttans who have been contacted had received messages saying: "Hi 9830xxxxx9 (mobile number of the recipient), The transaction of Rs 96793 has been completed to your (the name of the online gaming app). "

According to the police, victims of fraud never realize how they were cheated because they had never given their personal identification number to anyone else before being duped. 

According to a senior police officer, unlike other fraud attacks that are sent from random phones and do not address the recipient directly, the messages sent as part of the APK scam target specific individuals and are customized to them. 

There was a time when text messages were sent randomly, but that has changed. There is one thing though, the officer said, that makes it look authentic and trustworthy to be sending these messages to someone, and that is the phone number of the person to whom the message is addressed. 

In the immediate aftermath of clicking the link in the message, the recipient will see two attachments appear on his or her screen.

If the first attachment is clicked, a screen-sharing application will be silently installed on the phone and will allow fraudsters to gain direct access to the phone. A second attachment, if clicked, triggers the installation of an SMS forwarding product in the person's phone so that if fraudsters are using this software to carry out transactions on our bank account, the person will not receive any text messages from their bank, the officer explained.

According to Assistant Commissioner Atul V., their top priority area is creating awareness among their officers about the APK fraud, which has been a major problem for some time. 

Moreover, a cyber expert told that the APK fraud program is designed to make it difficult for the police to track down the fraudsters through the link in the message if a victim reports such a matter to the authorities. This is because the link in the message is active for a short period. 

Several people have been scammed in this way by sending text messages with spurious links. The sender then asks them to click on the link. A browser on the computer after a certain period will only be redirected to a popular search engine if you click on the link after that time. This means that the links remain active for only a few hours, if that long, then even the law-enforcement agencies will have no way to track the APK files or the transactions that have taken place after that explained a cyber expert in Kolkata.

AI: the cause of the metaverse's demise?

 


In a dramatic change from its past plans to create a virtual world known as "the metaverse," Facebook has taken a completely different direction that has not been seen before. It was a project that consumed billions of dollars and resulted in a cumulative loss of $26 billion, despite spending billions on it. As a result, Facebook and other companies were forced to die in the metaverse due to investor pressure, forcing them to pursue the latest trend: artificial intelligence.

After being abandoned by the business world, the Metaverse, a once-hot technology that promised to give users a disorienting video-game-like virtual world in which to interact awkwardly, has died years after being touted as a future new era in communication technology. It had been around for three years at that time. 

As CEO of Meta Platforms, Mark Zuckerberg abandoned his ambitious project, Metaverse, to focus on Artificial Intelligence (AI) and the AI industry. Zuckerberg was planning to launch the Metaverse as his next big thing, but he chose to quietly shelve the project indefinitely. 

Facebook's CEO Mark Zuckerberg announced in a post on Monday, 27 February, that Meta would establish an artificial intelligence product group dedicated to generative artificial intelligence. 

There was a time when the advent of the Metaverse was touted as the dawn of a dynamic, remote interactive environment. It was regarded as a turning point in technology. Despite its success, it faced severe criticism and backlash when it became the talk of the town. This was when it became a phenomenon. In recent years, people's interest in these topics has rapidly declined. Mark Zuckerberg reintroduced the metaverse concept, he is no longer pitching it to advertisers for the same reason. 

The virtual estate is becoming more popular. The price of Ethereum, the cryptocurrency that powers so much of this activity has a direct impact on the value of virtual land in this metaverse. While Ethereum prices have been volatile recently, many buyers and sellers struggle to keep up with the market. 

WeMeta also reports that virtual land parcel average sale prices have plummeted from over US$11,000 over the past year to under US$2,000, a significant drop compared to physical land parcel average sales prices. 

There has also been a remarkable 85% decline in virtual land sales in 2022. Ethereum-based metaverse projects, such as Decentraland and Sandbox, are seeing significant reductions in their valuations and other significant metrics as a result. 

In February 2022, some of the highest prices for land sold across Decentraland ever reached, at the time of this writing, an average of US$37,200 per acre. As a result, by August, their average value had fallen to US$5,100, a decrease of approximately 25 percent. Furthermore, Sandbox's average sale price dropped between US$35,500 in January and US$2,800 in August. This was with the same price falling from around US$35,500 in January. 

A substantial level of uncertainty has been introduced to the market by the volatility of cryptocurrency prices, specifically Ethereum. This has left investors uncertain about virtual investments. Furthermore, there is a lack of proper infrastructure, governance, and collaboration within this version of the metaverse at present. In that regard, it may be that some people believe the metaverse is nothing more than a marketing gimmick at the moment. 

The Metaverse has now joined the list of failed tech ideas buried at the deep end of the graveyard. The fact that the Metaverse was born and died in a way that angers the tech world shows the extent to which the industry was influenced by technology. 

As technology advances through AI, there is a real possibility of revolutionizing how consumers and businesses run their businesses. This is evidenced by the shift to AI. A chatbot powered by artificial intelligence can help automate repetitive tasks efficiently. A search engine powered by AI, such as ChatGPT, can interact with queries in a human-like fashion. As Reality Labs places more emphasis on AI, it may reduce company losses and open new possibilities for the company to tap into in the future.

AI, one of the fastest-developing fields, continues to make rapid advances in many industries today. These industries include marketing, media, and even healthcare, as the sector develops rapidly. According to Gartner, a leading research company, generative AI in these fields is predicted to grow dramatically shortly. By 2025, large organizations will create more outbound marketing messages from less than 2 percent to 30%. This is a dramatic increase from outbound marketing messages in 2022. However, generative AI won't be the only impact on society. 

In the transition from text to video, 90% of the content could be handled by AI by 2030, according to Gartner's projections. This would be possible because 90% of the content would come from AI and the rest from human input. 

Generative artificial intelligence has vast possibilities, but its access is not as wide as it could be. As an example, ChatGPT, as well as its mechanisms, are not open-sourced, meaning it is not available to the public in any way. Other companies would find it difficult to replicate this model because of this limitation. While Facebook intends to make these types of AI models smaller, this will, in turn, make them more accessible and easier to use for companies. This will enable generative AI to become more widespread and widely available in the future. 

There have been some reports suggesting that this is the end of the metaverse. However, other reports have suggested that we shouldn't think of Meta's redirection as a rejection of the metaverse at large. As an example, computer scientist Roy Amara developed Amara's Law. This states that humans often misjudge technology's timing and potential, overestimating or underestimating their short-term impact, and drastically underestimating their lasting impact in the long run. Skepticism and hype surrounding emerging technologies, such as self-driving cars, virtual reality (VR), and augmented reality (AR) are examples of this tendency. This is evident in the skepticism and hype surrounding these systems. It was once considered a fad to think that the internet would be a thing of the past. 

It may also be that AI, especially generative AI, can lead to more convincing environments and characters in the metaverse. This could lead to significant advancements in the metaverse as a whole.  

The fact is that some deny the metaverse's death and even its waning popularity. This is especially true for women. It is predicted that the metaverse will succeed in the future as many companies employ it. 

Nevertheless, for this to happen, it will be necessary to implement some structural changes within the organization. For VR headsets to be affordable and more private, they will need to be sold at a significantly lower price. 

In the beginning, all inventions were just ideas—ones that had the potential to be terrifying, despite this, as time goes on, these small technological innovations become increasingly integrated into our daily lives to such a degree that we cannot imagine a world without them any longer. It may be that the metaverse tends toward this fate. Perhaps another immersive technological invention will replace it as soon as possible, so it must be discussed whether or not it will emerge again.

A metaverse can be described as a virtual platform that creates a social network of sorts. There is potential here. Nonetheless, it should be remembered that a fully functional system should be able to integrate interactive technologies such as VR, AR, and AI. It should however be noted that generative AI does not necessarily spell the end of the metaverse itself. However, they could benefit each other's development by promoting each other's success.