Achive.php thecybershark - The Cyber Shark - Page 9 of 14
Contributor

Author: thecybershark

Tamil Nadu Cyber Crime Wing Warns of Online Firecracker Sale Scams Ahead of Diwali

Untitled design (14)

  As the festive season approaches, the Tamil Nadu Cyber Crime Wing has warned the public about a surge in online firecracker sale scams. According to the police, scammers are targeting buyers by exploiting Diwali enthusiasm, with 17 complaints reported between September and October through the National Cyber Crime Reporting Portal. The cybercrime police explained that scammers are using social media platforms to post attractive advertisements offering significant discounts on firecrackers. Victims, eager to capitalise on these deals, contact the fraudsters via WhatsApp or phone calls. Scammers then share links to fake websites, such as www.kannancrackers.in and www.sunrisecrackers.com, designed to appear legitimate but intended to steal money. “These sites often display genuine-looking product catalogues, prices, and payment options,” said the police. “Once payment is made, the victims never receive their ordered products, and the scammers vanish with the money.” The public is also at risk of having their personal and financial information compromised. In response, the police have issued an advisory urging people to verify the authenticity of online sellers, ensuring they have legitimate physical addresses and contact information before making any payments. The advisory also warns against ads that promote unrealistic deals, unusually low prices, or limited-time offers. To stay safe, the public is advised to purchase firecrackers from well-known brands, official websites, or established e-commerce platforms. Additionally, the police have encouraged users to report suspicious ads on social media platforms like Facebook, Instagram, and YouTube to prevent others from falling victim to these scams. Victims of such cyber fraud, or those observing suspicious activities, can report incidents through the helpline number 1930 or via the National Cyber Crime Reporting Portal at www.cybercrime.gov.in.

Navigating the Investment Minefield: How to Spot and Avoid Scams in India

Untitled design (21)

In this blog, we aim to raise awareness about how these scams work and what precautions you can take to protect yourself. As India transforms from a saving nation to an investing nation, the promise of easy money is becoming more tempting than ever. Fraudsters are capitalising on this hope of making quick money by offering fake investment opportunities that promise high returns with minimal risk. Investment fraud has become a major concern among Indians. Whether through phone calls, social media or fake online trading platforms, these scams can drain your savings before you even realise something is wrong. What is investment fraud? Investment fraud occurs when scammers promise unrealistically high returns with little or no risk, with the aim of tricking people into investing their money. These fraudsters often claim to be financial experts, using fake documents and testimonials to build trust. They create professional-looking websites, display false performance reports, and use familiar financial terminology to appear legitimate. Although the methods may vary, the goal remains the same: to steal your money. Scammers rely on the fact that many investors are unaware of common red flags. As these scams evolve, it is important for investors to stay informed and vigilant. How scammers operate: Investment scammers use a variety of tactics to make their schemes appear legitimate. A common scheme prevalent today involves the following events: Initial contact through various channels: Scammers usually make contact via phone calls, social media platforms, email, text messages, or instant messaging apps. They may also use fake investment websites, fake news articles, or deep fake videos of celebrities endorsing their schemes. They attempt to attract attention by offering free events, content, or videos that claim to teach how to get rich. Group manipulation on messaging apps: Victims are often added to groups on platforms such as WhatsApp or Telegram, where they are directed to open trading accounts through fraudulent apps. In these groups, fraudsters create a sense of excitement and urgency, thus leading victims to invest as much money as possible. Incentives to invest more: After a small initial investment, scammers send them fake reports showing large profits. Imagine you invest Rs 10,000 and you receive a message telling you that your account balance has grown to Rs 15,000 overnight. This tactic builds trust and encourages the victim to invest larger amounts, believing that they are making significant profits. Sudden loss of access and communication: When the victim tries to withdraw their money, they discover that access to the funds is blocked. At this point, communication with the scammers ends abruptly, leaving the victim unable to recover their investment. These can easily fool people who are new to investing or who want to make quick profits. Protection to prevent investment fraud To protect yourself from investment fraud, it is important to follow these precautionary steps: Be suspicious of unrealistic claims: Stay away from any offer that guarantees high returns without any risk. Legitimate investments are always associated with a level of risk, and any claim to the contrary should immediately raise suspicion. Verify the investment: Always confirm whether the entity is registered with SEBI or any other regulatory body before investing. You can visit the official website of SEBI to check the registration details of the investment firm or platform. Do not respond to unsolicited messages: Avoid unsolicited investment offers received via phone, email or social media. Fraudsters use these to initiate fraud, and once you respond, they may pressure you to make hasty decisions. Keep your personal information safe: Never share sensitive information such as bank account details, OTPs or passwords. Scammers often ask for these details to steal your identity or money. If an investment platform asks for this information, it is likely to be a scam. Report suspicious activity: If you notice an investment scam or fall victim to it, report it immediately. You can contact the National Cyber ​​Crime Helpline by dialing 1930 or report the matter on cybercrime.gov.in. If you have made any unauthorized transactions, immediately inform your bank for assistance. Conclusion:- Investment frauds are becoming increasingly complex, making it necessary for investors in India to remain vigilant. By understanding how these scams work, recognizing the red flags, and following precautionary measures, you can save your hard-earned money.  

CERT-In and Master Card India sign MoU for collaboration in cyber security to enhance India’s cyber-resilience in Financial Sector

Untitled design (19)

Two entities will leverage their shared expertise to strengthen financial sector cyber security incident response Indian Computer Emergency Response Team (CERT-In) is a Government organization under the Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In has joined hands with Master Card to promote cooperation and information sharing in the area of Cyber security related to the financial sector. The two entities have signed a Memorandum of Understanding (MoU) under which they will leverage their shared expertise with regards to financial sector in the fields of cyber security incident response, capacity building, sharing cyber threat intelligence specific to financial sector and advanced malware analysis. As part of the mutual understanding, Master Card and CERT-In will hold training programs and workshops  for cyber capacity building, latest market trends and best practices to enhance cyber security of financial sector organizations. The two entities will also share relevant cyber threat trends, technical information, threat intelligence, and vulnerability reports to strengthen the financial sector information security of India. “Cyber security is the need of the hour and Prime Minister Shri Narendra Modi government is committed to ensuring that people on digital platforms are secure, as this warfare is not on the ground but in cyberspace. I am confident that this is an important milestone that will benefit not only both entities but also the public at large,” said Shri Jitin Prasada, Minister of State in the Ministry of Commerce & industry; and Electronics and Information Technology. “Master Card’s comprehensive approach to security gives its partners and customers deeper visibility into cyber risk and greater adaptability and resilience, protecting their systems through the latest AI technology. The company is delighted to collaborate with CERT-In to fortify India’s financial digital ecosystem, which has powered unprecedented growth in the country,” said Shri Gautam Aggarwal, Division President, South Asia at Master Card. About CERT-In: www.cert-in.org.in The Indian Computer Emergency Response Team (CERT-In) is a Government organization under Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In operates 24×7 incident response Help Desk for providing timely response to reported cyber security incidents. CERT-In provides Incident Prevention and Response services as well as Security Quality Management Services. About Master Card (NYSE: MA) Master Card is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Cybercriminals Exploiting Docker API Servers for SRB Miner Crypto Mining Attacks

Untitled design (20)

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. “In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining operations on the Docker host,” researchers Abdelrahman Esmail and Sunil Bharti said in a technical report published today. “The attacker first checked the availability and version of the Docker API, then proceeds with requests for gRPC/h2c upgrades and gRPC methods to manipulate Docker functionalities.” It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption). The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding. Once the server processes the connection upgrade request, a “/moby.buildkit.v1.Control/Solve” gRPC request is sent to create a container and then use it to mine the XRP crypto currency using the SRBMiner payload hosted on GitHub. It all starts with the attacker conducting a discovery process to check for public-facing Docker API hosts and the availability of HTTP/2 protocol upgrades in order to follow up with a connection upgrade request to the h2c protocol (i.e., HTTP/2 sans TLS encryption). The adversary also proceeds to check for gRPC methods that are designed to carry out various tasks pertaining to managing and operating Docker environments, including those related to health checks, file synchronization, authentication, secrets management, and SSH forwarding. Once the server processes the connection upgrade request, a “/moby.buildkit.v1.Control/Solve” gRPC request is sent to create a container and then use it to mine the XRP crypto currency using the SRBMiner payload hosted on GitHub. The shell script, besides checking and terminating duplicate instances of itself, creates a bash script that, in turn, contains another Base64-encoded payload responsible for downloading a malicious binary that masquerades as a PHP file (“avatar.php”) and delivers a payload named httpd, echoing a report from Aqua earlier this month. Users are recommended to secure Docker remote API servers by implementing strong access controls and authentication mechanisms to prevent unauthorized access, monitor them for any unusual activities, and implement container security best practices.

OTP Fraud: Protecting Yourself in this Digital Era

Untitled design (11)

Whether ordering food in a few clicks, paying bills while sipping your morning tea or buying your favourite dress on any E-Commerce Website and app, online transactions have made our lives more Comfortable than ever. However, this Comfortability comes with a risk. While one-time passwords (OTPs) provide an extra layer of security for your online transactions, scammers have found ways to exploit this system. What is an OTP scam? An One Time Password is a unique code that is sent to our mobile phone or email address to authenticate various transactions, such as logging into an account or making a payment. Fraudsters take advantage of this security feature to force people to share these OTPs. Cybercriminals obtain a person’s personal information, such as banking details or mobile numbers. They call up legitimate entities such as banks, e-commerce platforms, logistics or service providers. Experts at pretending to be genuine, these scammers ask you to share the OTP. Once they get the OTP, they carry out unauthorized transactions such as withdrawing money from the bank account. What kind of scenarios indicate an OTP scam? OTP scam scenarios can vary but are often similar. For example, you may receive a text message urging you to share the OTP you just received, claiming to reactivate your account or verify a payment. Sounds reasonable, right? These scammers often take advantage of our curiosity or readiness. Here are some scenarios: – Fake bank call: You may receive a call purportedly from your bank. The caller, posing as a bank representative, will alert you about suspicious activity in your bank account. They may claim that sharing your OTP is necessary to stop that transaction and protect your funds. – Fake prize notifications: Another popular tactic involves receiving messages or calls claiming that you have won a lottery, prize or a very lucrative offer. To cash in on this alleged prize, scammers insist on receiving your OTP. – Misdirected OTP: Scammers may contact you, claiming that they have mistakenly entered your mobile number for their transaction and that the OTP for their transaction has been sent to you. They will then request you to share this code with them. – SMS Spam: spam refers to unsolicited and irrelevant text messages sent to mobile users. While not directly financially harmful, SMS spam is a nuisance, wasting users’ time and potentially exposing them to fraudulent schemes.  It is not just our phones that are being targeted, these scammers are getting smarter in their tricks. They may also ask for your OTP to avail interest-free loans, get your income tax refund or increase your credit card limit and many more advices. How do we identify a scam? The key lies in suspicion and vigilance. Stop and think before acting on any such request. Legitimate entities never ask for your OTP. This is a red flag, indicating a potential scam. Ask yourself: Did I initiate this action? Is the request coming from a trusted source? Does the message sound urgent or compulsory? Also, look at the message or call carefully. Notice any spelling errors or unusual language? Trust your instincts; if something looks fishy, ​​it probably is. How do we keep ourselves and our families safe? As it happens, it’s best to be forewarned. Here are some tips to educate yourself and your loved ones: Keep your OTP safe: It never goes out of date. Never share your OTP with anyone. Legitimate companies, banks or government agencies will not ask for these codes. They are like a secret password for your transactions; keep it to yourself. Be cautious: Be vigilant and question anything suspicious. Train yourself and your family to have a healthy dose of scepticism when dealing with requests for personal information. Verify before trusting: Before sharing any personal information or OTP, take a moment to verify the source. Contact the official website or company directly using trusted contact details. Don’t rush; taking this extra step can help you avoid potential fraud. Stay cautious of suspicious links: Fraudsters send malware-infested links under various pretexts like declaring a cash price, offering discounts, etc. Some attackers also impersonate service providers. You should never click on any of these links as they are used to read your device and capture OTPs. Always manually search for apps or websites instead of clicking on suspicious links. Clicking with caution: Be extremely wary of random links, emails, or messages promising lucrative offers or instant financial alerts. Clicking on unknown links can lead to trouble in the form of malware or phishing attacks. Secure network transactions: Make financial transactions or share sensitive information only through secure networks. Scammers may have used public Wi-Fi networks, and using these for such activities could expose your data. Monitor and take action: Keep a close eye on your account activities. Check your bank statements regularly and monitor for any unexpected transactions. If you notice anything suspicious, report it to your bank immediately. Avoid unknown/non-verified apps: Upon downloading an app, you often need to grant permissions to access your device’s camera, photo gallery, etc. Sometimes, approving these permissions becomes necessary for KYC formalities and SMS alerts. But if a suspicious app asks for access to these functions, it can easily steal your OTP and much more. Hence, you should only download legitimate apps and grant only the necessary permissions. Change you account passwords rendomly so no one share your and monitor activity. 2 fector authentification on net bankoing: Two-factor authentication ensures that only authorized individuals’ access their sensitive information or do online transaction. It provides substantially better security and makes it much more difficult for an attacker to impersonate the User and access his account. Future Trends in OTP SMS Security As technology advances and fraud techniques evolve, the landscape of OTP SMS security will continue to evolve. Several future trends are expected to shape the field: Biometric Authentication: Biometric authentication methods, such as facial recognition and voice recognition, are becoming more prevalent in OTP SMS systems. These methods offer a higher

Empowering Students Against Cyber Threats: GCOE Hosts Awareness Program

Srinagar, 17 October: An awareness programme on cyber threats, focusing on cybercrime and cyber security, was organised today by the NSS Unit of Government College of Education (GCOE) at MA Road, Srinagar. The event featured Mohd Yaseen Kichloo (IPS), Senior Superintendent of Police at the Cyber Crime Investigation Centre for Excellence, Jammu and Kashmir, as the guest speaker. He was accompanied by Faisal Ahmad, Station House Officer of the Crime Branch, Srinagar. The program aimed to educate students about the various forms of cyber threats and the importance of cyber security in today’s digital age. Attendees engaged in discussions about prevention strategies and the significance of reporting cybercrime incidents. This initiative reflects the college’s commitment to raising awareness about critical issues affecting the community and empowering students with knowledge to navigate the digital landscape safely. SSP Kichloo delivered an enlightening presentation that covered a wide array of cyber threats and crimes, including hacking and cracking techniques, phishing and its various forms, whisking and pharming attacks, email bombing and its implications, the intricacies of salami attacks, steganography and its uses in cybercrime, skimming and its impact on financial security, vishing (voice phishing) tactics, and the dangers of pornography in the digital space. The guest speaker also highlighted essential preventive measures for each of these cyber threats, equipping students with practical strategies to protect their digital presence effectively. The awareness program was skilfully moderated by Professor Lateef, ensuring a smooth flow of information and engaging dialogue between the speakers and the audience. Dr. Nazir Ahmad Bhat delivered a warm welcome address that set the tone for the importance of the day’s topic. Students and faculty actively participated in the session, asking pertinent questions and sharing their concerns about cyber security. The program’s interactive nature fostered a deeper understanding of the subject matter. Professor Abdul Gani Kumar delivered the vote of thanks, expressing gratitude to the esteemed guests for their valuable time and insights. He also thanked the NSS Units for organizing such an important event in today’s digital world.

Bengaluru Cyber Fraud Unveiled: Bank Officials Arrested in Rs 97 Crore Scam

The investigation into the online share trading fraud in Bengaluru, in which a man was cheated of Rs 1.52 crore, has led to the discovery of six bank accounts linked to 254 similar cyber-crimes registered with the National Cybercrime Reporting Portal (NCRP) and involving Rs 97 crore of fund transfers. The probe into the cybercrime case, which was registered by the Bengaluru police on July 1 this year, has also led to the arrest of four officials of an Axis Bank branch in Bengaluru, including a manager, on charges of facilitating the opening of six current accounts without verifications and checks for the facilitation of the fraud. This is the first time bank officials have been arrested for a cybercrime in Bengaluru. The arrested bank officials have been identified as Kishore Sahu, a manager of the Axis Bank Nagarbhavi branch, B Manohar, a sales manager, and sales executives Karthik and Rakesh. The police have also arrested Lakshmikanth, Raghu Raj, Kengegowda, and Mala, who opened mule accounts at the Axis Bank branch for ten transfer of funds defrauded from victims who wanted to make big money through online share trading. Short article insert the main operators of the cyber fraud who contacted victims online and received money defrauded from the victims are still at large and efforts are underway to track them down, police sources said. Some of the accused are suspected to be in a foreign country, the sources added. Online share trading fraud case On July 1, the 52-year-old man filed a complaint with the cyber-crime police station in Bengaluru stating that he had been cheated of Rs 1.52 crore between March 2024 and June 2024 by cyber fraudsters who promised to provide big returns through a VIP online share trading tips and management application. The victim said he was contacted on WhatsApp by a woman who claimed that her associate was a professor and had good knowledge about share trading and analysis and that he could help him make money. The victim was included in a group with over 110 members. He also downloaded a trading app indicated on the online group. According to the police complaint, the victim transferred Rs 1.52 crore from multiple accounts to the trading account created at the instance of online acquaintances between April and May 2024. In June, his account showed returns of Rs 28 crore and the victim sought to encase the returns but was told to pay Rs 75 lakh to access the money and this led to suspicion of cheating and the filing of the police complaint. Suspicious bank accounts When the police began their probe into the case, they found the money given by the victim was primarily transferred to two Axis Bank accounts in Bengaluru. “When we conducted investigations at the bank, we found that apart from the two accounts linked to the crime, four other similar accounts were opened at the bank on the same day,” said a police source. The police found that the suspicious bank accounts at the Axis Bank branch were opened by those who lived in Chikamagalur, which is nearly 300 km away from Bengaluru. “The business accounts were allowed to be opened at the bank without proper verification. The bank accounts used for the frauds were possibly allowed to be opened by the bank officials on the basis of commissions promised by the operators of the scam,” said B Dayananda, Commissioner, Bengaluru police, after the arrest of the bank officials and the mule account holders this week. The police have also found that the bank executives travelled to a resort outside Bengaluru under the pretext of verification of the biometrics of the account holders even though accounts could have been referred to be opened in the region where the account holders lived. “All the accounts that were opened were current accounts. Several crores of funds travelled through these accounts but no intimation was given to law enforcement agencies. There was a possibility of freezing over Rs 40 crore after being alerted of the accounts being used for fraudulent activities,” a cybercrime official said.