cyber crime news Archives - Page 12 of 12

Mahakumbh 2025: Cyber fraudsters dupe elderly man of Rs 1 lakh while booking tickets

MahaKumbh 2025: With over 40 crore pilgrims expected to arrive in Prayagraj, the authorities have extensive preparations for the mega-religious event. The MahaKumbh will be held here in Prayagraj between January 13 and February 26. The Mumbai police have registered a case against an unidentified person for allegedly duping a senior citizen to the tune of Rs 1 lakh on the pretext of booking a flight ticket to Prayagraj for the upcoming Maha Kumbha Mela, an official said on 07-01-2025. If you plan to visit the holy city Prayagraj to attend the Maha Kumbh Mela, you must stay alert for online fraudsters. An eye-opener case registered in Mumbai in which a cybercriminal targeted an elderly man. According to the Mumbai police, a case has been registered against an unidentified person for allegedly duping a senior citizen to the tune of Rs 1 lakh on the pretext of booking a flight ticket to Prayagraj for the MahaKumbh Mela. “The senior citizen, a businessman from Andheri, wished to attend the MahaKumbh in Prayagraj in Uttar Pradesh. While searching for booking options online, he came across a website. He called the number mentioned there and told the person about his travel requirements,” a Versova police station official said. The fraudsters asked him to pay Rs 14,000 for the accommodation arrangements for three people. Believing the offer, the victim transferred the amount. Soon afterward, the scammers asked if the complainant wanted flight tickets from Mumbai to Prayagraj and back, he said. They quoted an additional Rs 87,000 for flight bookings. Trusting them again, the victim’s son transferred the money online. However, they did not give the flight tickets to the victims, he said. Realizing that they had been duped, the complainant approached the police and filed a complaint. The police have registered a case against unidentified persons and are investigating the matter, an official added. The Maha Kumbh Mela 2025 will begin on January 13 and is set to conclude on February 26.

BSF Inspector duped of over Rs 70 Lakh after making ‘digital arrest’ in Gwalior

Bhopal: A Border Security Force (BSF) official in Gwalior was held in the longest digital arrest for 32 days before his son came to his rescue. The victim identified as Absar Ahmed, posted as an inspector in the BSF Training Centre, Tekanpur, was under digital arrest from December 2, 2024, and was duped of Rs 71.25 lakh in 34 transactions during the period, police said. “We have received the complaint regarding the digital arrest of a BSF official. The crime branch has registered a case and the probe is on,” Gwalior district superintendent of police (SP) Dharamveer Singh said. According to the police, the BSF official, a resident of Uttar Pradesh, had received a WhatsApp call at 11.29 am on December 2, 2024. The identified Mumbai cyber and crime branch officer told the victim that an arrest warrant had been issued against him and his family members in connection with a money laundering case. The BSF official was told that he was being interrogated virtually and he and his family members would be arrested if he informed other people. He was asked to transfer money to particular accounts as part of the probe and the money would be returned if he was found innocent. Under psychological pressure, Ahmed sold his flat in Delhi exhausted all his savings, and transferred Rs 71.25 lakh to the accounts mentioned. His son rushed to Gwalior on January 2 after learning about it and asked him to file a police complaint.

How to Protect Yourself Social Engineering Cyber Fraud

The biggest weakness for cyber fraud in cybersecurity strategy is humans, and social engineering takes advantage of a targeted user’s inability to detect an attack. In a social engineering threat, an attacker uses human emotion (usually fear and urgency) to trick the target into acting, such as sending the attacker money, divulging sensitive customer information, or disclosing authentication credentials. What is Social Engineering? Social engineering is the technique where unscrupulous actors manipulate, deceive, or influence an individual into divulging confidential information like personal or financial information. These include bank account information, passwords, transaction history, social security numbers, etc. These techniques can also manipulate individuals into performing specific actions that “help” the fraudster. For example, if someone tells you to download a particular app or software or share an OTP you received. Social engineering, by itself, isn’t an attack. It is the art of using psychological tactics to build trust and then using that information to commit crimes like theft, money laundering, account takeovers, remote takeovers, etc. The Global Impact of Social Engineering Social engineering has become a key element in the landscape of cyber fraud. It has become the primary technique behind many attacks targeting individuals, businesses, and government organizations. A report by the Association of Certified Fraud Examiners (ACFE) revealed that businesses lose up to 5% of their revenue every year due to fraud, and a significant portion of these frauds can be attributed to social engineering tactics. In India alone, the Reserve Bank of India (RBI) reported an alarming increase in fraud, with digital frauds rising by over 700% in recent years. Social engineering is not limited to the financial sector, although that is where the majority of its consequences are felt. Cyber-attacks based on social engineering techniques have far-reaching consequences: In India, bank frauds increased by nearly 300% over the last two years, with a major surge in digital frauds. A LexisNexis survey found that digital channels were responsible for 52% of overall fraud losses across the EMEA region. Social engineering attacks affect both businesses and individuals. Not only do victims suffer financial losses, but they also face emotional distress, feelings of guilt, and a lack of trust. Victims often hold themselves accountable, particularly in lower-income households, where such attacks can have a devastating impact on family dynamics. For businesses, the consequences go beyond financial losses; the erosion of consumer trust and the potential for high customer churn are significant challenges. For instance, the LexisNexis survey highlighted that 96% of companies in the Middle East reported a drop in customer conversion rates after incidents of fraud. Social Engineering Examples Social engineering attacks can take many forms, targeting both individuals and organizations: On an Individual Level: A retired Indian Administrative Service (IAS) officer fell victim to a scam where he was tricked into investing in a fake forex trading scheme. He ended up losing nearly Rs. 1.89 crore to the cyber fraud. On a Corporate Level: The CEO of OCBC Bank, Helen Wong, described how her company battled against sophisticated phishing attacks, resulting in fraudulent transfers amounting to millions of dollars. National Security Level: Russian hacking groups have reportedly targeted Ukraine with multiple spear-phishing campaigns aimed at disrupting national security. The ripple effect of social engineering is significant. Victims may unwittingly become money mules, transferring illicit funds to further criminal activities. The emotional toll, combined with the financial impact, can be long-lasting. Common Social Engineering Tactics Fraudsters employ a variety of social engineering tactics to manipulate their victims for cyber fraud. Some of the most common methods include: 1. Phishing Phishing is one of the most prevalent social engineering techniques. Fraudsters send fraudulent emails that appear to be from legitimate sources. These cyber fraud emails often contain malicious links designed to: Direct victims to fake websites to steal login credentials. Download malware onto the victim’s device, leading to account takeovers. Phishing is not limited to emails; it also manifests in other forms, such as smishing (SMS phishing) and vishing (voice phishing). In India, where literacy and email usage are lower, vishing is particularly dangerous. 2. Whaling Whaling is a form of phishing that specifically targets high-profile individuals, such as CEOs or other executives. The emails are often meticulously crafted to appear as if they come from trusted sources within the company. The goal is to steal sensitive information or request financial transfers. 3. CEO Scam This cyber fraud involves fraudsters impersonating high-level executives of a company, often through email or text messages. Employees of the targeted company may be tricked into following directives from the supposed CEO, such as transferring funds or sharing sensitive data, under the belief that the request is legitimate. 4. Baiting Baiting involves offering something enticing, like free software, services, or rewards, to lure the victim into a trap. The “bait” might include malicious files, which when opened, compromise the victim’s device. Physical baiting involves leaving infected USB drives in public places, hoping someone will pick them up and plug them into a device, unwittingly exposing themselves to cyber fraud threats. 5. Quid Pro Quo This tactic involves offering a service or benefit in exchange for personal or confidential information. For example, attackers may pose as IT support personnel, offering to help resolve technical issues in exchange for login credentials or other sensitive data. 6. Pretexting Pretexting involves creating a fabricated scenario to persuade the victim to share confidential information. This can involve impersonating trusted figures like police officers, bank officials, or colleagues. Over time, attackers build trust with the victim before executing their fraudulent schemes. Who are the Most Likely Targets of Social Engineering? While anyone can fall victim to social engineering attacks, certain groups are more vulnerable: The Elderly: Older adults are often less familiar with digital technologies , cyber fraud and cybersecurity practices, making them more susceptible to fraud. Common scams targeting seniors include fake government agent impersonations and investment scams. Young Adults and Teenagers: While they may be more tech-savvy, younger individuals often lack experience and may fail to

Tech wrap Jan 6: OnePlus 13 launch, Samsung Vision AI for TVs, Redmi 14C

This January brings exciting launches from top brands. On January 7, OnePlus unveils its flagship 13 series at a live event. Samsung introduces Vision AI for smarter TVs, while Xiaomi rolls out the budget-friendly Redmi 14C 5G. Realme teases its 14 Pro series 5G, launching on January 16. LG also showcases its OLED EVO TVs with built-in AI and new lifestyle projectors. Stay tuned for these groundbreaking tech releases! What to expect from the OnePlus 13 series launch on Jan 7 OnePlus, the Chinese smartphone maker, is gearing up to reveal its latest flagship smartphones in the OnePlus 13 series at the Winter Launch Event on January 7. The event will be held in person, starting at 9 PM IST, and will also be streamed live on the official OnePlus India YouTube channel. Samsung brings on-device AI features to TVs with ‘Vision AI’ At CES 2025, Samsung unveiled advanced AI technology for its 2025 TV line-up, introduced under the name “Vision AI.” These features were revealed at Samsung’s CES 2025 First Look event. The company also highlighted collaborative efforts with Microsoft and Google, integrating new functionality into its entertainment devices, including speakers and soundbars. Xiaomi has introduced the Redmi 14C 5G, a budget-friendly smartphone, in India. Powered by the Qualcomm Snapdragon 4 Gen 2 processor, the device supports dual 5G SIMs. With prices starting at Rs 9,999, the phone boasts a “Premium Starlight Design” and a glass back panel for a refined look. Realme 14 Pro series 5G launching on Jan 16 in India-inspired colorways Realme has announced the launch of its 14 Pro series 5G smartphones in India on January 16. The company also unveiled the first glimpse of the smartphones, showcasing new colors inspired by India – Bikaner Purple and Jaipur Pink. Samsung unveils AI-powered Neo QLED TVs, The Frame Pro, and more Samsung showcased a range of new entertainment devices at CES 2025 in Las Vegas, USA. Alongside its “Vision AI” features, the company introduced Neo QLED, OLED, and QLED TVs, as well as “The Frame Pro.” A new interactive triple-laser ultra-short-throw projector also made its debut. LG brings OLED EVO TVs with built-in AI, new lifestyle projectors LG unveiled its 2025 OLED Evo TV series at CES 2025, featuring innovations like the wireless OLED Evo M5 and OLED Evo G5 models. The new TVs are equipped with AI-driven personalization features designed to create customized viewing experiences. LG also introduced lifestyle projectors, adding versatility to its product line-up.

Youtuber Ankush Bahuguna shares 40-hour digital arrest scam ordeal urges vigilance

January 6, 2025: Popular content creator Ankush Bahuguna recently revealed a harrowing 40-hour ordeal in which he was held in a “digital arrest” by cybercriminals. In a deeply emotional video shared on Instagram, Ankush recounted how scammers isolated him from friends and family, coerced him into performing suspicious financial transactions, and manipulated him through fear and threats. The ordeal began with a seemingly harmless automated call about a suspicious package linked to his name. Following instructions, he pressed a button for customer support, unknowingly falling into an elaborate scam trap. A fake official on the call claimed the package contained illegal substances bound for China and an digital arrest warrant had been issued in his name. Isolation and Manipulation Panicked, Ankush was connected to someone posing as a law enforcement officer. This person accused him of money laundering, drug trafficking, and being involved in serious crimes. He was then placed under so-called “self-custody,” isolating him entirely from the outside world. For 40 hours, Ankush was kept on a continuous video call, and forbidden from answering messages, picking up calls, or contacting anyone. Under duress, he was forced to share sensitive information, perform bank transactions, and follow every instruction the scammers gave. “I was crying and begging, but they kept me on the call. They convinced me my career would be destroyed, my family was in danger, and I would face abuse if I didn’t comply,” Ankush shared, visibly shaken. Friends and Family Intervene Ankush’s family and friends grew suspicious of his erratic behavior throughout the ordeal. His sister’s persistent messages finally reached him, revealing that such “digital arrests” are a common scam. Realizing the truth, Ankush broke free from the scammers’ grip and reconnected with his family. “I’m so grateful for my friends’ instincts. If they hadn’t acted quickly, I might still be trapped in that nightmare,” he admitted. A Warning to All Ankush urged his followers to be cautious of such scams and never engage with suspicious calls or share sensitive information online. “The thing with these digital arrest is, if you believe one lie, they tell ten more, each scarier than the last. Please be vigilant and report such incidents immediately,” he concluded. This incident highlights the growing sophistication of cyber scams and serves as a stark warning about individuals’ vulnerabilities in an increasingly digital world.

Cyber Fraud: UP Police shares must-watch video ahead of Mahakumbh

Ahead of the Mahakumbh Mela, which is scheduled to begin on January 13, the Uttar Pradesh Police released an awareness video on its social media account on 05/01/2025, urging people to stay cautious of cyber fraud related to any kind of online booking for the Mahakumbh. Mahakumbh Mela The Mahakumbh in Sangam Nagari Prayagraj is likely to be attended by 40 crore people. In light of the rising incidents of cyber fraud in recent times, this video has been created to create awareness among people about digital fraud. The Video’s Message: The short film portrays the experience of a family who falls victim to cyber fraud while booking a hotel online. Tempted by attractive offers, the family makes a booking through a fake website. However, upon reaching the given location in Prayagraj, they find an empty plot instead of the promised hotel. In another instance, the family scans a QR code displayed on the street to book a stay, but instead of securing their booking, their money gets deducted fraudulently. Towards the end, Bollywood actor Sanjay Mishra appears in the video, cautioning people about such scams and advising them to avoid fake links and websites. Safety Advice: Sanjay Mishra urges devotees to use the official Maha Kumbh website Kumbh.gov.in to check the list of verified accommodations and make bookings. The video has been shared across all social media platforms of the Uttar Pradesh Police. Additionally, a link to the list of available accommodations in Prayagraj has been provided to assist devotees in making safe and informed decisions. Important Information for Devotees: Devotees planning to visit Prayagraj during the Maha Kumbh 2025 are encouraged to use the verified list or official website for their bookings. This initiative by the Uttar Pradesh Police aims to safeguard devotees from cyber fraud while ensuring a secure and smooth pilgrimage experience during the Maha Kumbh 2025.

10 the Top News Stories and Cybersecurity of 2024

The ransomware juggernaut rolled inexorably in 2024, yet again, leaving more devastated Cybersecurity in its wake. This year, the UK’s NHS found itself at the receiving end of some particularly nasty attacks, but there were other high-profile victims as well. Meanwhile, state-backed cyber intrusions from China and Russia continued apace, driven by global geopolitical uncertainty. Many long-running Cybersecurity espionage campaigns were exposed. But if 2024 proved one thing only, it was that shining a light on the cyber underworld is working. The British are coming for the bad guys, as new attributions from the National Cybersecurity Centre (NCSC), takedowns led by the National Crime Agency (NCA), and proposed legislation highlighting ransomware threats to critical sectors is proving. If 2024 is remembered for anything in the cyber community, it may just be the year in which the good guys took the gloves off and fought back properly. Here are Computer Weekly’s Top 10 Cyber Crime stories of 2024. British Library ransomware attack could cost up to £7m The effects of the British Library ransomware attack at the end of 2023 continued to be felt into 2024 as the venerable institution continued to struggle to bring its crippled systems back online. In January 2024, it emerged that the scale of the ransomware attack was so immense and its effects so devastating, that it could end up costing the British Library up to £7m, dwarfing the £650,000 ransom demand. Later in the year, in a remarkable display of transparency, the British Library’s leadership published a detailed breakdown of their experience at the hands of the Rhysida ransomware crew, to help others learn and understand. SolarWinds hackers attack Microsoft in apparent recon mission Also in January, Cosy Bear, the Russia-backed hacking outfit behind the SolarWinds Sunburst incident, was back in action, breaking into Microsoft’s systems with a brute force, password spraying attack and from there accessing corporate accounts belonging to leadership and Cybersecurity employees. Microsoft is one of some suppliers that finds itself at the receiving end of such intrusions, thanks in part to its global reach and scale, and its in-depth relationships with Western governments, and has faced tough questions over its Cybersecurity posture in recent years as a result. Lock Bit locked out in NCA-led takedown One of the biggest stories of the year unfolded dramatically on a dull February day when the infamous Lock Bit ransomware gang was taken down and its infrastructure hacked and compromised in Operation Cronos, led by the UK’s National Crime Agency (NCA). In the immediate aftermath of the takedown, Computer Weekly took the temperature of the Cybersecurity community, finding upbeat sentiment, but also tempered by the knowledge that one swallow does not make a summer. Throughout the year, the NCA has been sharing a trove of information it gathered during the exercise, as well as taking time to mock and troll Lock Bit’s leader since named as Dmitry Khoroshev, who at one time boasted of his luxury lifestyle as he toyed with law enforcement. Mandiant formally pins Sandworm cyber-attacks on APT44 group In April, threat intel leaders Mandiant formally “upgraded” the malicious activity cluster known as Sandworm to a full-blown, standalone advanced persistent threat (APT) actor to be tracked as APT44 – other companies have different taxonomies, Mandiant’s is alphanumeric. APT44 is run out of Russia’s Main Intelligence Directorate (GRU) within Unit 74455 of the Main Centre for Special Technologies (GTsST) and is described as one of the most brazen threat actors around. Although it confines its activities to those in service of the Russian state rather than financially motivated criminality, the links between cybercrime and cyber espionage continued to blur during 2024, with some nation-state APTs even acting as initial access brokers (IABs) for ransomware gangs. NHS services at major London hospitals disrupted by cyber attack In early June, a major cyber-attack on Synovia, a pathology lab services provider that works with Guys and St Thomas’ and King’s College hospitals in London, as well as other NHS sites in the nation’s capital, was laid low by a Qulin ransomware attack. This intrusion resulted in a major incident being declared in the NHS, with patient appointments and surgeries cancelled, and blood supplies running dangerously low. The ramifications of this truly callous cyber-attack are still being felt six months on. UK Cyber Bill teases mandatory ransomware reporting All eyes were on Westminster in July for the first King’s Speech held under a Labour government in over a decade , and for the Cybersecurity community, there was plenty to pick over as Keir Starmer’s administration proposed implementing compulsory cyber incident reporting – including ransomware – for operators of critical national infrastructure (CNI), in a new Cybersecurity and Resilience Bill. According to the government for Cybersecurity , the law will expand the remit of existing regulation give regulators a more solid footing when it comes to protecting digital services and supply chains, and improve reporting requirements to help build a better picture of Cybersecurity . The Bill will likely be introduced to Parliament in 2025. NCSC and allies call out Russia’s Unit 29155 over cyber-warfare In September, the UK and its Five Eyes allies joined forces with the European Union (EU) and Ukrainian cyber authorities to highlight a dastardly campaign of cyber espionage conducted by Unit 29155, another Russian APT. Unit 29155 targets victims to collect information for espionage purposes, sabotages websites and daily operational capabilities and tries to cause reputational damages by selectively leaking important data. It has conducted thousands of exercises across NATO and the EU with a notable focus on CNI, government, financial services, transport, energy, and healthcare. It is also particularly notable for its involvement in the Whisper Gate campaign of destructive malware attacks against Cybersecurity to Ukraine in advance of the 2022 invasion. Money transfer firm MoneyGram rushes to contain cyber attack US-based financial services and money transfer outfit MoneyGram was another high-profile cyber attack victim to emerge in 2024, with its systems taken down in an apparent ransomware attack in September 2024.

Bank official among four held for siphoning Rs 12 crore from Bengaluru firm’s accounts

Investigations revealed the gang was transferring Rs 12.30 crore across multiple cyber criminals accounts, with similar cases filed against them in 12 police stations across eight states. Bapatla police have arrested two cyber criminals who transferred over Rs 74 lakh into fraudulent accounts, with two main suspects still at large. The arrests were announced by Bapatla District Superintendent of Police (SP) Tushar Dudi during a press conference on 02-01-2025. The victim, G Sri Lakshmi Vara Prasad Rao, a retired professor from Chundur, reported the cyber criminals after unknown individuals falsely accused him of money laundering and siphoned Rs 74 lakh from his bank account. Police promptly froze the accounts and launched an investigation. Amid rising cybercrime cases, SP Dudi formed special teams led by IT Core Sub-Inspector (SP) Naib Rasool and Chundur Circle Inspector (CI) Srikanth. The teams traced the suspects to Rajasthan and Mumbai, arresting Ramesh (A3) and Shrawan Kumar (A4), both from Rajasthan, while the primary accused, Akash Kulhari and Sriva Prasad, remain at large. Investigations revealed the gang was involved in transferring Rs 12.30 crore across multiple fraudulent accounts, with similar cases filed against them in 12 police stations across eight States, including Andhra Pradesh, Karnataka, Maharashtra, Odisha, West Bengal, Gujarat, Telangana, and Rajasthan. Ramesh and Shrawan are accused of transferring Rs 15 lakh and Rs 35 lakh, respectively, across several cases. Police seized Rs 7 lakh in cash, 24 ATM cards, and 11 checkbooks, and froze Rs 17.90 lakh in accounts linked to the suspects. The gang is believed to have defrauded victims of Rs 10 crore in 43 cases across 39 districts in 18 States, as recorded on the National Crime Records Bureau (NCRB) portal. The SP warned the public about such cyber scams, clarifying that ‘cyber criminals’ do not exist. He urged victims to immediately report cybercrimes by calling 1930. The SP commended the efforts of the IT core team, special squads, and police personnel in cracking the case, emphasizing ongoing efforts to apprehend the remaining suspects.

WhatsApp, the biggest social media platform misused by cyber criminals in India

14,746 complaints file for cyber criminals were related to WhatsApp, 7,651 against Telegram, 7,152 against Instagram, 7,051 against Facebook, and 1,135 against YouTube till March 2024, says MHA report WhatsApp remains the biggest social media platform that is possibly misused by cyber criminals in India, according to the latest annual report of the Union Home Ministry. The data published in the report on “cybercrime complaints where Big Tech platforms have been misused” shows that 14,746 complaints were related to WhatsApp, 7,651 against Telegram, 7,152 against Instagram, 7,051 against Facebook, and 1,135 against YouTube till March 2024. “Big techs play an important role in proactive identification and action on cyber criminals. I4C has partnered with Google and Facebook for sharing intelligence and signals for proactive actions,” the report said. National Cybercrime Threat Analytical Unit (NCTAU) of I4C analyses the complaints reported on the portal and prepares analysis reports on the latest trends of cybercrime and misuse of services provided by service providers, it said. “These reports are shared with all the concerned stakeholders, i.e., banks, wallets, merchants, payments aggregators, payment gateways, e-commerce, and other departments to take preventive measures and mitigate the misuse of their platforms/services,” the report said. The Ministry has also rolled out a Cyber Volunteer Framework, which enables citizens to enroll as cyber volunteers for reporting unlawful content on the Internet, dissemination of cyber hygiene, and as cyber experts to aid law enforcement under which 54,833 volunteers had registered by March 31, 2024, according to the report. The Ministry’s integrated platform Citizen Financial Cyber cyber criminals Reporting and Management System (CFCFRMS), where all stakeholders, including law enforcement agencies of States/Union Territories, all major banks and financial intermediaries, payment wallets, crypto exchanges, and e-commerce companies, work in tandem. The platform ensures quick, decisive, and system-based effective action to prevent the flow of money from the victim’s account to the cyber fraudster’s account, and the seized money is restored to the victim following due legal process, it said. “Since its launch in April 2021, so far this platform has been able to save more than Rs 16 billion from going into the hands of fraudsters, and thus benefiting more than 5,75,000 victims,” it said.

cyber crime news