the cyber shark Archives - Page 13 of 18

WhatsApp DP ‘cloned’, Rs 50 lakh lost to fraud, Police arrest six people behind scam

WhatsApp DP ‘cloned’ are being used by cybercriminals in Kolkata to dupe businessmen, with one case involving a ₹50 lakh fraud. Police arrested six suspects and recovered over ₹24 lakh. Police added that a new trend among some of the city’s cybercriminals with ties outside the state is using phoney WhatsApp DP to defraud businessmen. Six persons, including three from the Mumbai suburb of Nallasopara, have been taken into custody on suspicion of copying a city merchant’s WhatsApp DP picture (DP) and using it to defraud the trader’s buddy out of ₹50 lakh, according to police. The retailer sells plywood under a well-known brand. A new trend among some of the city’s cybercriminals with ties outside the state is using phoney WhatsApp DP to defraud businessmen, according to police. According to the police, they have taken more than ₹24 lakh from the defendant. After a complaint was filed with the Park Street police station on March 4, an investigation was started. The last arrest was made on Pollock Street on 15 March 2025, according to the police, and the others had been made throughout the past few days. On March 1, the six-person group allegedly called a buddy of the merchant and requested him to set up ₹50 lakh after cloning his WhatsApp DP, according to the police. The caller said that he had an emergency and required the money in cash. “The gang asked the trader’s friend, who lived on Park Street, to arrange the money over the phone. The acquaintance obtained the sum from various sources and gave it to two of the six defendants who pretended to be the plywood merchant’s agents, according to a senior Park Street police station officer. The officer stated that the transaction happened on Park Street. The fraud was discovered within the following three days, and the merchant discovered that his DP had been used to defraud his friend. Following the pertinent parts of the Bharatiya Nyaya Sanhita, including 338 (forgery), 336 (cheating someone by modifying electronic data or papers), and 340 (passing forged electronic documents as real), a case was prepared at Park Street police station after the businessman filed a complaint. Investigators started looking into local CCTV videos. They focused on a few of the defendants. All of the city’s police stations, as well as those throughout Bengal and even outside the state, received scanned copies of their (WhatsApp DP) photos. Three men, Waqab Mohammad, 28, Riya Razi Sayed, 36, and Sachin Manohar Prasad, 32, were taken into custody on March 13 by a Kolkata Police team that had travelled to Mumbai with the assistance of their counterparts in Nallasopara, the officer said. Along with the clothing the three were wearing on the day the money was turned up, a backpack that was used to hold the cash was found. They were also found to have five pre-activated SIM cards,” he stated. The authorities discovered during questioning that the three had committed the crime by using their contacts in Calcutta. Pawan Shaw, 36, was taken into custody in Phool Bagan on March 14. Mahendra Pal Singh, 39, and Chetan Singh Dahiya, 40, were taken into custody by the police on Pollock Street in the heart of Calcutta after they confessed. “A currency counting machine and more than ₹24 lakh were found on them,” the officer stated. “The entire plot has not yet been revealed.” A central Calcutta businessman lost over ₹2 crore in a similar scam last week. He was allegedly duped by scammers into utilizing internet payments to purchase expensive cameras from them. Fake WhatsApp DP for well-known camera vendors in the nation were used by the scammers. Following an investigation by the cyber wing, Kolkata Police assisted the dealer in recovering around ₹1.6 crore.

Digital arrests, cyber crimes tripled during 2022-24, govt tells Parliament

Digital arrest scams in India tripled from 2022 to 2024, with losses soaring 21 times to Rs 19,35.51 crore. The government blocked suspicious accounts and launched awareness campaigns to curb cybercrime. The Rajya Sabha was notified on March 12, 2025, that the number of digital arrest scams and associated cybercrimes in the nation nearly tripled in the middle of 2022 and 2024, with the amount of money deceived increasing by 21 times during that time. The Minister of State for Home Affairs, Bandi Sanjay Kumar, answered a question by giving details about digital arrest frauds and related cybercrimes that have been reported on the National Cybercrime Reporting Portal (NCRP) during the previous three years. 39,925 of these occurrences were recorded in 2022, with the total proceeds of the fraud amounting to Rs 91.14 crore. The overall amount of cheated money recorded on the portal increased by an astounding 21 times to Rs 19,35.51 crore in 2024, while the number of such cases nearly tripled to 1,23,672. Data shows that 17,718 incidents totalling Rs 210.21 crore in fraud were reported up to February 28 in the first two months of 2025. “Cybercrime incidents reported for digital arrest on this portal, their conversion into FIRs and subsequent action thereon are handled by the state/UT law enforcement agencies concerned, as per the provisions of the law,” Kumar said. The Union Home Ministry’s Indian Cyber Crime Coordination Centre (I4C) has proactively detected and blocked around 3,962 Skype IDs and 83,668 WhatsApp accounts that are used for digital arrest, the minister stated. In 2021, the Citizen Financial Cyber Fraud Reporting and Management System was introduced under I4C to prevent financial fraudsters from stealing money and to enable prompt reporting of financial frauds. “nearly 13.36 lakh complaints have resulted in savings of nearly Rs 4,386 crore to date. For assistance in filing online cyber complaints, a toll-free helpline number, 1930, has been operationalized, according to Kimar. According to the minister, I4C and the Department of Telecommunications (DoT) have started a caller tone campaign to increase awareness of cybercrime and promote the NCRP and helpline number 1930 to combat the threat. “The caller tune is also being played in regional languages, delivered 7-8 times a day by the telecom service providers (TSPs),” the minister said. The Central government and the TSPs have developed a method to detect and reject incoming overseas spoof calls that display Indian mobile numbers and seem to be coming from within India, Kumar said in response to a second inquiry about the matter. “TSPs have received instructions to block these inbound international fake calls. According to police officials, the Indian government has blocked 2,08,469 IMEIs and about 7.81 lakh SIM cards as of February 28, 2025,” Kumar stated. The minister responded to a follow-up question by stating that on September 10, 2024, 14C, in partnership with banks and financial organizations, established a suspect registry of cyber criminals for digital arrest. “So far, more than eight lakh suspect records and over 20 lakh mule accounts have been shared with the participating entities of the suspect registry, saving more than Rs 2,889 crore,” Kumar said.

I4C’s ‘Pratibimb’ Module Revolutionizes Cybercrime Investigations with 6,000+ Arrests

The ‘Pratibimb’ module provides jurisdictional officials with visibility into the locations of offenders and crime infrastructure. The Lok Sabha received notice on March 11, 2025, that the Indian Cyber Crime Coordination Centre (I4C) of the Union Home Ministry had introduced the ‘Pratibimb’ module, which tracks the whereabouts of criminals and has led to 36,296 requests for help with cyber investigations, 17,185 linkages, and 6,046 accused arrests. Bandi Sanjay Kumar, Minister of State for Home Affairs, responded to a query by stating that ‘Samanvaya‘, a platform for information sharing and analysis on cybercrimes, has been introduced for Law Enforcement Agencies (LEAs). According to him, it offers data on the perpetrators and crimes linked to interstate connections in cybercrime complaints from different States and UTs. The ‘Pratibimb’ module maps the locations of offenders and crime infrastructure, giving jurisdictional officials visibility. Law Enforcement Agencies can more easily request and receive techno-legal support from I4C and other SMEs thanks to this module. 36,296 requests for assistance with cyber investigations, 17,185 links, and 6,046 accused people have been arrested as a result,” the Minister stated. He went on to say that I4C is an affiliated office established by the Ministry to coordinate and fully address all forms of cybercrimes in the nation. The state-of-the-art ‘National Cyber Forensic Laboratory (Investigation)’ was established as part of the I4C in New Delhi to provide early-stage cyber forensic support to State/UT Police Investigating Officers (IOs). According to him, the National Cyber Forensics Laboratory (Investigation) has so far assisted State/UT LEAs in about 11,835 cybercrime cases.

Cyber fraud losses in India have surged nearly 10-fold in a decade: finance ministry

Losses from Cyber fraud have more than doubled in just ten years, said Pankaj Chaudhary, Minister of State in the Union Finance Ministry, who made this announcement on 10 March 2025. Responding to a question in the Lok Sabha, Mr Chaudhary said losses due to cyber frauds would increase from ₹18.46 crore in 2014-15 to around ₹177.05 crore in 2023-24. Last year, the cost of cyber scams during the first nine months of 2025 (April-December 2024) was ₹107.21 crore. He noted that the number of cyberfrauds involving ₹1 lakh or more increased from 815 in FY15 to 29,082 in FY24. This figure was 13,384 during the first nine months of FY25. Chaudhary stated, “Incidences of fraudulent practices, including digital payment frauds, have also increased in the last few years due to the country’s growing number of digital payment transactions.” The Indian Cyber Crime Coordination Centre (I4C) of the Union Ministry of Home Affairs estimates that over ₹1.2 trillion will be lost by Indians due to cyber fraud in the coming year. The National Cybercrime Reporting Portal and the National Cybercrime Helpline Number (1930) have been established by the Union Home Ministry to assist victims of cybercrime, Chaudhary stated. According to him, the Department of Telecommunications has also launched the Digital Intelligence Platform and the “Chakshu” feature on the Sanchar Saathi website to allow people to report alleged fraudulent communications they have received through WhatsApp, SMS, or phone calls, including messages about bank account updates or KYC expiration. However, Chaudhary assigned the responsibility of preventing, detecting, investigating, and prosecuting crimes—including cybercrime—to states and union territories. “Through financial assistance and advisory services under various schemes for the capacity building of their LEAs (law enforcement agencies), the Central government complements the initiatives of the states/UTs,” he stated. By issuing alerts and advisories and conducting cybersecurity mock drills to enable evaluation of an organization’s readiness and cyber security posture, the Indian Computer Emergency Response Team (CERT-In) takes a number of steps to ensure the safe use of digital technologies and prevent cyber frauds, he continued.

Beware of Romance Scams: Protect Yourself from Online Fraud and Heartbreak

Online romance scams involve fraudsters using fake profiles to deceive victims into sending money, leading to financial and emotional harm. Stay cautious, verify profiles, and report suspicious activities to avoid falling victim. In the current digital times, where even intimate relationships can be formed online, people must accept that all that meets the eye cannot be real in an online world. Instances of a prospective life partner you meet online turning out to be a fraudster and a seemingly reliable online friend becoming an offender abound. It is therefore essential that digital users exercise care and caution as well as become aware and alert while interacting online, to save themselves from a broken heart and hole in the purse. When a fraudster uses a phoney profile to trick a victim into parting with their hard-earned money under false pretences, it’s known as an online romance scam. Dangers Trapped in fake online relations Loss of Money Blackmail Heartbreak Depression Probable causes (of online romance scams) Relying on online dating ( platforms like Tinder, bumble etc., for partners. Fake profiles on matrimonial sites A rise in the use of extramarital dating apps like Gleeden and online social meeting apps like Facebook dating Loneliness or anxiety due to isolation, especially in COVID times Potential Victims Although anyone could become a victim of this fraud (Romance Scams), the following people are frequently seen as victims: Women * Middle-aged people * Widowers People with romantic idealization (Romance Scams). People with impulsiveness and relational addiction Modus Operandi A fraudster operating with a fake profile makes contact with a potential victim (and establishes a fake relation/bond.) Before registration, make sure the dating app (Romance Scams) or matrimonial website is legitimate, and create a new email address. The fraudster convinces or makes the victims obliged to send them money online using means like gift cards, UPI payment, bank transfer, reloadable debit cards etc., on some pretext. They may seek money due to emergencies like accidents, hospitalization etc., They may ask them to invest money in bogus schemes They may convince you about good investment schemes like cryptocurrencies etc., Over time after extracting the money, they may avoid the victim completely and dump them. (Intimate pictures shared during interaction may also be used by fraudsters to extort money from victims) Warning Signs Friend requests from unknown people Expressing feelings of affection and love too soon in an online relation Being very empathetic and obliging Avoiding meeting in person Mismatch in the details shared when verified closely Seeking financial help and making requests for money/gifts on some pretext. Hypothetical Case Study In her 30s, Lata worked as a professional software developer in Hyderabad. She had registered on a popular marriage website to find a decent and attractive mate. After Rohan contacted her, Latha checked his online profile and discovered that he was a senior official at a government organization with a wealthy and well-respected family. Impressed with the profile she pursued the match with the approval of her family. After some time Rohan requested Latha to help him with some money as he was in dire need of it. Trusting him, Latha helped him out with a lot of money. It was later on when suddenly Rohan went untraceable and had switched off his mobile totally, that she identified something was wrong. After approaching the police department, she came to know that ‘Raghuveer’ alias ‘Rohan’ was a fraudster who trapped women for money and committed crimes. Safety Tips Before registration, make sure the dating app (Romance Scams) or matrimonial website is legitimate, and create a new email address. It is preferable that you do not share your details like mobile no., residential address on matrimonial sites (Romance Scams) or dating sites openly/publicly. Never share any private picture bank account or other financial details with people you have met recently. Have a thorough end-to-end background check taking ample time before you decide to proceed in relation. You can also consider taking the help of an investigation agency. Be very cautious while considering a prospective groom with an NRI profile on a matrimonial site (Romance Scams). Always personally meet the person you have known online at a public place and ask them enough questions. Never accept money requests from strangers you meet online. Do not invest in schemes etc., as per the advice received by someone you only met online; be cautious of claims/requests of exclusive investment opportunities with urgency to act fast. Always keep a neutral person informed who can gauge and assess the interaction and advise logically. Never give your bank account details, passport or identification copies, or any other private information to an unknown online person or website. Enable required privacy and security features on social media platforms and keep your information private mostly. Ensure that you do not accept friend requests by strangers at face value without proper verification. Terminate the relationship and report it if you believe it to be a scam. File a complaint about the scam at your nearest cyber crime cell and online on www.cybercrime.gov.in portal. Report or Notify the scammer on the social media site, app, or service where the scam (Romance Scams) occurred, this may help others from being victims. In case you have shared any banking-related details, follow the rules and approach the bank for necessary action. Go easy on yourself, learn the lesson and move on

Odisha Crime Branch’s Discover Rs. 87 Lakh Investment Fraud; Delhi Arrests Key Accused

The Odisha Crime Branch’s Criminal Investigation Department (CID) Cyber Crime Unit has successfully solved an investment fraud case, leading to the arrest of a major suspect in the Rs. 87 lakh scam. The victim, who worked for a private company, was added to the “101 Stock Discussion Group” WhatsApp group, where scammers pretended to be professors and other colleagues. By offering phoney stock trading advice, initial public offering (IPO) advice, and investment plans, they deceived the victim into making many deposits totalling about Rs. 87 lakh into different bank accounts. Mrs Vandana Bawa was captured in South Delhi by the CID Cyber Odisha Crime Unit following a comprehensive investigation that included the analysis of digital evidence and transaction data. An investigative team under the direction of Additional SP Ritesh Kumar Mohapatra made the arrest feasible. The accused would be transported to Odisha Crime on transit remand after appearing in the local court in Saket, New Delhi. The investigation team confiscated some incriminating items, such as a PAN card, an Aadhar card, an Indian SIM card, and a cell phone. After several bank accounts were closed, the complainant received a return of Rs. 10 lakh. The accused’s bank account was connected to two further cyber incidents in Gujarat and Kerala, according to an additional investigation of Odisha Crime. The CID is pursuing the money trail, other accomplices, and the crime’s trans-Indian repercussions. People are advised to exercise caution when they see unsolicited investment proposals on messaging applications and social media. To prevent being a victim of cyber scams, always confirm before investing. Report such issues to the local police station or the 1930 Cyber helpdesk. Protect Yourself Against Fraud Be wary of unsolicited messages and groups. Verify the authenticity of investment opportunities. Report suspicious activities immediately.

Tamil Nadu DGP’s Shreya Ghoshal Warning To Netizens

DGP Sandeep Mittal Alerts Public About Scams Involving Fake Advertisements and Compromised Celebrity Accounts on X Social media users on X (previously Twitter) have received a warning from Sandeep Mittal, the Additional Director General of Police for the Cyber Crime Wing in Tamil Nadu. He warned that false advertisements and news clips showcasing singer Shreya Ghoshal appeared on the network with dramatic headlines and deceptive connections to websites. In addition, the logos of prominent news outlets are displayed in these posts, which might easily fool readers. Sandeep Mittal, the ADGP, used X to spread the word about the problem. “Scam traps to lure the public into cyber scams are verified @X handles with 10 to 15 followers that promote Shreya Ghoshal ads,” he said. Stay vigilant and stay safe. @X ought to have a system in place to identify and stop handles that are overtly engaging in illegal activity. In the past, well-known singer Shreya Ghoshal alerted fans on Instagram that her X account had been compromised. “Hello friends and fans,” she wrote. Since February 13th, my Twitter/X account has been compromised. I have made every effort to get in touch with the X team. However, except for a few automatically created texts, there has been no response. I can’t log in anymore, so I can’t even deactivate my account.” People are urged to exercise caution and stay away from bogus links or messages from her hijacked account, as per her statement and the ADGP’s warning. Other celebrities have also been impacted by computer attacks, in addition to Shreya Ghoshal. Actor Swara Bhasker and comedian Tanmay Bhat both cited instances earlier this year in which their X accounts were compromised and used to disseminate fraudulent links.

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft cautions that the Chinese cyber-espionage threat organization “Silk Typhoon” has changed its strategy and is now attacking cloud services and remote management tools in supply chain attacks that allow it to reach downstream clients. The tech giant has verified breaches in some sectors, including energy, government, IT services, healthcare, defence, education, and non-governmental organizations. “They [Silk Typhoon] exploit unpatched applications that allow them to elevate their access in targeted organizations and conduct further malicious activities,” says the study from Microsoft. “After successfully compromising a victim, Silk Typhoon uses the stolen keys and credentials to infiltrate customer networks where they can then abuse a variety of deployed applications, including Microsoft services and others, to achieve their espionage objectives.” Silk Typhoon storms IT supply chains In early December 2024, a Chinese state-sponsored espionage outfit called Silk Typhoon gained notoriety for breaking into the U.S. Office of Foreign Assets Control (OFAC) and collecting information from the Committee on Foreign Investment in the United States (CFIUS). Around that time, according to Microsoft, Silk Typhoon changed its strategy and began misusing credentials for identity management, privileged access management, IT providers, and RMM solutions that were stolen and compromised. These credentials were then used to get access to downstream client networks and data. According to Microsoft, the hackers look through GitHub repositories and other open sources to find credentials or authentication keys that have been released, then exploit them to compromise systems. Password spray attacks are another well-known tactic used by threat actors to obtain legitimate credentials. In the past, threat actors mostly used n-day and zero-day vulnerabilities in edge devices that were visible to the public to obtain initial access, plant web shells, and then migrate laterally via compromised RDPs and VPNs. The attackers can roam around cloud environments, steal Active Directory sync credentials (AADConnect), and abuse OAuth applications for a far more covert attack when they shift from organization-level intrusions to MSP-level compromises. Threat actors no longer use web shells and malware; instead, Silk Typhoon uses cloud apps to take data and then delete records, leaving very little evidence behind. Microsoft has noted that Silk Typhoon still uses vulnerabilities, commonly known as zero days, to gain early access in addition to its new strategies. As a zero-day penetration of corporate networks, the threat organization was most recently seen taking use of a major Ivanti Pulse Connect VPN privilege escalation issue (CVE-2025-0282). Earlier in 2024, Silk Typhoon took advantage of CVE-2023-3519, a remote code execution vulnerability in Citrix NetScaler ADC and NetScaler Gateway, and CVE-2024-3400, a command injection vulnerability in Palo Alto Networks GlobalProtect. Microsoft claims that to conduct attacks and hide malicious activity, the threat actors have established a “CovertNetwork” made up of compromised Cyberoam appliances, Zyxel routers, and QNAP devices. At the bottom of its report, Microsoft has included updated indications of compromise and detection criteria that take into account Silk Typhoon’s most recent change in strategy. Defenders are advised to incorporate the information into their security tools to promptly identify and stop any attacks.

Gurugram: 7 people held for duping people over ₹87 crore in cyber frauds

Seven Cybercriminals Arrested in Gurugram for Defrauding Over ₹87 Crores in Nationwide Scam The accused were implicated in some cybercrimes, according to the police, including impersonation, cyberbullying, stalking, and fraudulent investment schemes. According to officials on 05 March 2025, seven cybercriminals who were apprehended by the Gurugram cyber police in the past two months allegedly defrauded hundreds of individuals nationwide out of over ₹87 crores. Police said they found three SIM cards, seven mobile phones, and ₹7.60 lakh in cash in their possession. The accused were implicated in some cybercrimes, according to the police, including impersonation, cyberbullying, stalking, and fraudulent investment schemes. According to Assistant Commissioner of Police (Cyber) Priyanshu Dewan, 399 cases and 10,956 complaints have been filed against the accused nationwide. Six of these instances are in Gurugram, out of the 22 cases reported in Haryana. In the past two months, all of the defendants have been taken into custody. Sonu Kumar, Ishwar, Sunil Kumar, Pawan Kumar Sharma, Neeraj, Salim, and Priya Mishra were their names, he said. Police examined data from the Indian Cyber Crime Coordination Center (I4C) and discovered that the seven cybercriminals had scammed victims nationwide out of ₹87.06 crores. The ACP stated that more research is being done on the subject.

Department of Telecommunications Issues Strong Warning Against Telecom Fraud, Enforces Harsh Penalties Under 2023 Act

The Department of Telecommunications (DoT) has issued a warning against the misuse of telecom resources, stressing penalties under the Telecommunications Act of 2023. The Act targets fraud, including SIM card tampering and identifier spoofing, with severe legal consequences. The misuse of telecom resources, such as altering or spoofing IP addresses, IMEI numbers, SMS headers, and mobile numbers, has been strongly warned against by the Department of Telecommunications (DoT). The Telecommunications Act of 2023, which stipulates severe penalties for violators, is violated by such actions, the DoT stressed. Growing Threat of Department of Telecommunications Fraud Telecom resources are increasingly being used by scammers for financial fraud and cybercrime. Illicitly obtained Subscriber Identity Module (SIM) cards and SMS headers have been used by criminals to transmit large quantities of bogus texts. To help hackers, some people also purchase SIM cards in their names and provide them to others, frequently without realizing it. SIM cards obtained through fraud, impersonation, or forged documents have also been reported. In certain cases, Points of Sale (PoS), which are in charge of issuing SIM cards, have allowed these unlawful purchases, thereby aiding and abetting the crime. Tampering with Telecom Identifiers: A Serious Crime Cybercriminals have also been seen changing telecommunication identifiers, such as the Calling Line Identity (CLI), sometimes referred to as a phone number, using mobile apps and other tools. Other crucial telecom identifiers, like IP addresses, IMEI numbers, and SMS headers, have also been changed to deliver fake messages and evade detection. Department of Telecommunications Act of 2023: Strict Legal Provisions The Telecommunications Act of 2023 imposes harsh penalties for offences related to telecommunications: Tampering with telecommunication identifiers is prohibited by Section 42(3)(c). Section 42(3)(e): Makes it illegal to obtain SIM cards or other telecom identifiers by deception, fraud, or impersonation. Section 42(7) overrides the 1973 Code of Criminal Procedure by declaring certain offences to be cognizable and non-bailable. Penalties: Violators may be fined up to Rs 50 lakh, imprisoned for up to three years, or both. Section 42(6): Those who aid or abet such offences face similar punishments. DoT’s Commitment to a Secure Telecom Ecosystem The Department of Telecommunications ( DoT ) reiterated its dedication to stopping telecom fraud through the use of cutting-edge security measures and guidelines. The department warned of harsh penalties for violators under the Department of Telecommunications Act of 2023 and asked citizens to be on guard. A safe and secure telecom ecosystem for all users is the goal of the strict legal framework, which also attempts to discourage fraudulent operations.

the cyber shark