the cyber shark

Department of Telecommunications Orders Telecom Operators to Play Cybercrime Awareness Caller Tune Daily

The telecom department has ordered operators to play cyber-crime awareness caller tune 8-10 times per day to telephone subscribers for three months. According to the order copy sent to the telecom operators, the caller tunes will be provided by the Indian Cybercrime Coordination Centre (I4C) — a cyber-crime wing under the Home Ministry. “To make the public aware of cybercrime through the caller tune campaign, it has been decided to play caller tune audios through pre-call announcement/ring back tone arrangement, which will be provided to TSPs by nodal officers of I4C. Caller tunes to a subscriber may be played about 8-10 times a day,” the order dated December 18 said. The order asked telecom service providers (TSPs) to take action on the order immediately. “Different caller tunes related to cybercrime will be provided every week for three months,” the order said. There has been a rise in the incidence of financial fraud through new scams like digital arrest, where cybercriminals pose as police, judges etc. to extort money from victims. The Centre and Telecom Service Providers (TSPs) have devised a system to identify and block incoming international spoofed calls displaying Indian mobile numbers that appear to be originating within India. According to the centre, such international spoofed calls have been made by cyber-criminals in recent cases of fake digital arrests, FedEx scams, impersonation of government and police officials, etc. Till November 15, more than 6.69 lakh SIM cards and 1,32,000 IMEIs, as reported by Police authorities, have been blocked by the Centre.

CBI unravels Rs 260 crore international cyber fraud syndicate operating from Delhi-NCR

An investigation by CBI into a massive cyber-enabled fraud syndicate revealed that the con, which originated from Delhi-NCR, allegedly defrauded foreign nationals of the US, Canada and other countries to the tune of Rs 260 crore through a fake call center. The syndicate, led by accused Tushar Kharbanda, a Noida resident, employed advanced techniques to commit cybercrime and launder the money by converting bitcoin into US dollars and vice-versa. The agency filed a charge sheet against three accused — Kharbanda, Gaurav Malik and Ankit Jain — under various sections of IPC and the Information Technology Act. “The accused were involved in running a fraudulent call center in Delhi and Noida that targeted elderly citizens in the US and Canada,” the CBI said. The supposed call center, a probe revealed, employed over 150 tele-callers, who posed as representatives from foreign law enforcement agencies, Amazon support, Microsoft tech support and other services to deceive victims. The accused used advanced techniques, including scripts for several fraud schemes and impersonation of US Social Security Administration officers. The CBI investigation revealed that the accused received over 316 bitcoins, equivalent to Rs 260 crore, in their bitcoin wallets, which were proceeds of crime. The money was then withdrawn by the members of the organized gang in Dubai. CBI also seized digital devices and incriminating evidence from the accused, including credentials of US victims and scripts for several fraud schemes. “The investigation uncovered an organized cyber-enabled fraud syndicate with international ramifications. Further investigation is on to nab their foreign-based conduits,” an officer said. The charge sheet was filed under sections of cheating and criminal conspiracy of the IPC besides section 66D of the IT Act. CBI started the investigation following a tip by Royal Canadian Mounted Police (RCMP) through the National Central Bureau of India. The FIR alleged that Tushar Kharbanda, claiming to be an RCMP officer, convinced the victim that his identity was being used for fraudulent purposes. Under duress, the victim was coerced into transferring over 93,000 Canadian dollars into cryptocurrency via bitcoin ATMs in Canada, all of which were linked to Kharbanda and his associate’s cryptocurrency wallets. As the investigation progressed, links to other key figures in the fraud network were revealed, including Ankit Jain, who played a role in managing crypto wallets and assisting the primary accused, Kharbanda, in converting the bitcoin obtained from foreign victims into US dollars.

How to Protect Yourself from Unified Payments Interface (UPI) Frauds

In India, UPI (Unified Payments Interface) has become the go-to method for digital transactions, but with this rise in usage, UPI frauds are also increasing. Over 95,000 UPI fraud cases were reported in the 2022-23 financial year. Understanding how these scams work is your first step toward staying safe. Here’s everything you need to know about UPI frauds and how to protect yourself from falling victim to them. UPI (Unified Payments Interface) was launched on April 11, 2016, by the National Payments Corporation of India (NPCI). It was introduced to make digital payments easier and faster in India. Key figures in its creation included Dr. Raghuram Rajan, the RBI Governor at the time, and Nandan Nilekani, former chairman of UIDAI. Multiple UPI payment app’s Google Pay is a widely used app that offers seamless UPI payments and integration with multiple banks: – Phone Pay – One of the leading UPI apps with features like bill payments, recharges, and money transfers. Paytm – Known for various services beyond UPI, such as mobile recharges, shopping, and financial products. Amazon Pay – Amazon’s payment platform also supports UPI for easy transactions. BHIM (Bharat Interface for Money) – An app developed by the Indian government to promote UPI adoption, specifically aimed at simplifying digital payments. Know About UPI Fraud? UPI fraud happens when someone tries to trick you into revealing your UPI PIN or personal information, so they can steal money from your bank account. Fraudsters use a variety of tricks to gain access to your UPI details and carry out unauthorized transactions. Multiple Types of UPI Frauds Vishing (Voice Phishing) Vishing (Voice Phishing) is when scammers trick people over the phone to steal personal information, like bank details or passwords. The scammer might pretend to be someone trustworthy, like a bank employee or a government official, and try to get you to share sensitive information. For example, they might call you saying there’s an issue with your bank account and ask for your account number, or claim they need to fix a problem with your computer and ask for remote access. Always be cautious about unsolicited calls and never give out personal details over the phone unless you’re sure of the caller’s identity. Fake UPI Payments or Transfers Fake UPI payments refer to scams that fraudsters use to trick people into believing that they have received money or manipulate them into transferring money. Scammers use fake payment links, screenshots, and misleading payment requests to steal money. The fake UPI payment is a concern for UPI users. Fake UPI QR Codes Fraudsters create fake QR codes that lead to phishing sites or malicious apps. When you scan these codes, they steal your UPI details. Impersonation Scammers pose as bank staff or customer service agents to trick you into sharing your OTP or UPI PIN. The penalty for identity theft is imprisonment for up to three years and a fine of up to one lakh rupees. Impersonation: Impersonation is an offence under Section 416 of the IPC. Fraud Sellers Seller fraud happens when a seller tricks or deceives a buyer to make money unfairly. This could include things like: Taking payment but not delivering the product. Selling fake or damaged items while claiming they’re real or in good condition. Providing false or misleading information about the product to get a sale. Screen Monitoring Apps Some scammers use apps that secretly monitor your screen to capture sensitive information like your UPI PIN or OTP. They’re often used by parents to monitor kids, employers to watch employees, or for security purposes. They can capture screenshots, track apps, and even log keystrokes. SIM Cloning SIM cloning is when someone makes an exact copy of another person’s SIM card. A SIM card is a small chip in your phone that stores important information, like your phone number and contacts. Cloning a SIM card means creating a duplicate of that information, so someone else can use your phone number and access your calls, texts, and other services, usually without your permission. It’s a form of identity theft or fraud, and it can lead to privacy violations or financial loss. Malware Malware is short for “malicious software.” It’s a type of harmful software designed to damage, disrupt, or steal information from your computer, phone, or other devices. Think of it like a virus or a sneaky bug that gets into your device without you knowing and causes problems. Malware can steal your data, like passwords or credit card numbers, or it can slow down your device and make it stop working properly. Money Mule A “money mule” is someone who is used by criminals to transfer stolen money or illegal funds. In simple terms, it’s like being a middleman who helps criminals move money, often without knowing that it’s illegal. Here’s how it works: A criminal might trick someone into accepting money in their bank account or through other methods, then ask them to send that money to someone else, often overseas. The person doing this is called a “money mule.” They might think they are helping with a legitimate job or transaction, but in reality, they are unknowingly part of a crime. Deceiving UPI Handles “Deceiving UPI handles” refers to fake UPI (Unified Payments Interface) IDs that are designed to trick people into sending money to the wrong account. In simple terms, scammers create UPI IDs that look very similar to the ones of trusted people or organizations, like a friend or a well-known business. When someone tries to send money to the correct person, they accidentally send it to the scammer’s fake account instead. So, “deceiving UPI handles” are essentially fake payment IDs that are made to deceive and steal money from people. Collect Request Fraud “Collect Request Fraud” is a type of scam where a fraudster tricks someone into paying money by sending them a “collect request” through a payment platform, like UPI or other apps. Here’s how it works: The scammer sends

Amid ongoing digital law reforms, govt proposes new central cybercrime forensics agency

According to a draft law seen by Dawn.com on 12/12/2024, the government has proposed the National Forensics and Cybercrime Agency (NFCA) to tackle cyber and digital crimes and investigations related to them amid ongoing efforts to change the country’s digital laws. The development comes amid ongoing efforts to reform the country’s cybercrime laws. A day earlier, newly surfaced proposed changes to the country’s cybercrime laws specified that violations could result in a seven-year prison term, with fines hiked up to Rs2 million. Last week, Dawn reported that the government was planning ‘wholesale’ changes to the Prevention of Electronic Crimes Act 2016 (Peca). These changes would see the formation of a new authority with powers to block online content and access to social media and prosecute those propagating ‘fake news’. State minister for IT and Telecom Shaza Fatima Khawaja had confirmed the plan to “address concerns regarding misinformation”, saying that the amendments were under review. Meanwhile, the draft for the NFCA Act, 2024, said it would apply to the whole country and placed the proposed agency under the interior ministry in Islamabad, adding that it could set up its offices in other places in the country. The draft explained that the NFCA comes as an upgrade to the existing National Forensic Science Authority from a project to a regular department that would act as a central coordinating agency for conventional, digital and cyber forensics across the country. It defined cybercrime as criminal activities conducted over the internet or using digital technologies that involved the use of computers, networks and electronic devices to commit offences. “Main branches include cyber fraud, hacking, cyber espionage, terrorism, online harassment and cyberbullying, cyber extortion and cyber warfare etc,” the draft said. The draft also defined deepfakes as audio, video, picture or any other form of fabricated digital media using artificial intelligence deep learning algorithms to impersonate or malign any real or imaginary person It further said that the NFCA would be the “supreme agency providing intimate conventional, digital and cyber forensics support to Islamabad Capital Territory, Azad Jammu and Kashmir and Gilgit-Baltistan as first-tier and to act as a second-tier re-examination agency for all forensics agencies/ labs in the country, including law enforcing agencies”. It would also establish a law department to “ascertain weakness in the legal system affecting conventional, digital and cyber forensics and propose amendments in laws/devise new laws”. Another main task of the agency would be to collect conventional, digital and cyber forensics material from crime scenes for examination and to provide opinions to the courts or other authorities. The draft said the agency would be headed by a director general who must be a citizen with a qualification in cyber security, artificial intelligence, information security, forensics and information technology. It outlined the proposed agency’s board of governors as the interior minister in the role of chairperson, the interior secretary as vice chairperson, the NFCA director general or director as the secretary and the other members being the chairman of the also proposed Digital Rights Protection Authority; the directors general of the National Cyber Crime & Investigation Authority (which has now been disbanded), Inter-Services Intelligence, Military Intelligence and Intelligence Bureau; the police chiefs of Islamabad, AJK and GBl; the law and justice secretary and the additional secretaries of the establishment and finance divisions. The draft said that no action taken under the proposed act would be called into question in any court and no civil or criminal proceedings would be instituted against anyone, including the government, any provincial government or any local authority, for anything done in good faith or purported to have been done under the act.

Cyber-crimes, climate change new threats to human rights: President Murmu

In her address at an event hosted by the (NHRC) National Human Rights Commission here to mark Human Rights Day, the President also underlined that cyber-crimes and climate change are new threats to human rights The human rights discourse so far has been centred on the “human agency” as the violator is assumed to be a human but with AI entering our lives, the “culprit could be a non-human” but an intelligent agent, President Droupadi Murmu said on 10/12/2024. In her address at an event hosted by the NHRC here to mark Human Rights Day, the President also underlined that cyber-crimes and climate change are “new threats” to human rights. Human Rights Day is observed on December 10 every year to commemorate the Universal Declaration of Human Rights Universal Declaration of Human Rights (UDHR), which was adopted and proclaimed by the United Nations General Assembly in 1948. As we progress into the future, we are confronted with emerging challenges. Cybercrimes and climate change are new threats to human rights. The digital era, while transformative, has brought with it complex issues such as cyberbullying, deep fake, privacy concerns, and the spread… pic.twitter.com/9iLGjCLHM6 — President of India (@rashtrapatibhvn) December 10, 2024 The UDHR serves as a global benchmark for the protection and promotion of human rights. “As we progress into the future, we are confronted with emerging challenges. Cyber-crimes and climate change are new threats to human rights,” Murmu said. She added that while the digital era was transformative, it also brought with it complex issues such as cyberbullying, deep fakery, privacy concerns, and the spread of misinformation. “These challenges underscore the importance of fostering a safe, secure and equitable digital environment that protects every individual’s rights and dignity,” the President said. In her address, she also touched upon the aspect of AI and its impact on human lives. “Artificial intelligence has now entered our day-to-day life, solving many problems, and creating several new ones too,” Murmu said. The human rights discourse so far has been “centred on the human agency”, that is the violator is assumed to be a human being, who would have a “range of human emotions such as compassion and guilt,” she said. “With AI, however, the culprit could be a non-human but intelligent agent. I leave the matter for you to ponder over,” the President said. She said in her address that climate change also forces us to review human rights thinking at a global level.

Beware of Digital Arrests: PIB Uncovers Fake Cybercrime Letters Used To Trap Victims

Recently, a fake letter claiming to be from the Indian Cyber Crime Coordination Centre (I4C) has been making the rounds. To raise awareness about “digital arrest,” the Press Information Bureau (PIB) fact-checked and exposed the modus operandi of the digital arrest gang that uses fake cybercrime letters to arrest people digitally. Digital crimes are rapidly increasing across the country. The gang, suspected to be operating from outside India, frames individuals in false cases such as child pornography, money laundering, and drug use to digitally arrest them. Reports indicate that the gang contacts people via WhatsApp, posing as representatives of a courier company. They then transfer the call to someone pretending to be a police officer. Subsequently, they put the victim under digital arrest by presenting a fake “letter of arrest” allegedly issued by higher authorities. To expose this scam, the PIB fact-check team uploaded a copy of the fake letter on the X platform on 09/12/2024. “A #fake letter allegedly issued by the Indian Cyber Crime Coordination Centre (I4C) has been received by people with several allegations leveled against them, and a reply is sought to avoid arrest. No such letter has been issued by I4C or any organization under the Government of India,” the PIB said in a tweet. What Should You Do If You Receive This Letter? If you receive a letter like this, it is important to stay calm and take the following steps: Do Not Respond – Ignore any instructions in the letter, especially if it asks for personal details, money, or immediate action. Check the Source – Official letters from the Indian government or any legitimate agencies do not demand urgent responses or personal information without prior communication. Report It – If you receive such a letter, report it to your local police or the Cyber Crime Cell. This helps authorities track and stop these scams from spreading further. Verify with Authorities – If you are unsure whether the letter is real, contact the Indian Cyber Crime Coordination Centre directly. You can visit their official website or call the official helpline for clarification. Recently, former Femina Miss India winner Shivankita Dixit was allegedly digitally arrested for around two hours and duped out of Rs 99,000 in Agra, according to the police. Shivankita Dixit, who won Femina Miss India 2017, resides with her family in Agra, Uttar Pradesh.

CERT-In Designated as Cyber Forensic Laboratory Authorized as an ‘Examiner of Electronic Evidence’

The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology (MeitY), has been notified as the country’s first Cyber Forensic Laboratory under the Information Technology (IT) Act, 2000. This recognition, granted under Section 79A of the IT Act (Amendment 2008), establishes CERT-In as an Examiner of Electronic Evidence, marking a pivotal moment in the nation’s journey towards robust digital forensics. Role of CERT-In as a Cyber Forensic Lab The notification designates CERT-In as a key authority to examine and provide expert opinions on electronic evidence, a crucial component in addressing: Legal disputes Criminal investigations Digital fraud cases By integrating state-of-the-art forensic tools and methodologies, CERT-In will play a vital role in supporting law enforcement agencies and judicial systems to resolve complex cases involving electronic evidence. Scope of Forensic Expertise CERT-In’s expanded role as a cyber forensic lab allows it to handle a wide range of digital evidence, including: Computer Forensics: Analyzing data stored in computers and storage devices. Drone Forensics: Extracting and examining data from drone storage systems. Mobile Forensics: Recovering and analyzing evidence from smartphones and other mobile devices. CCTV Forensics: Investigating video footage from surveillance systems. Cloud Forensics: Handling evidence stored or transmitted through cloud environments. Media Recovery: Retrieving deleted or corrupted files from digital storage. Importance of the Recognition This recognition is expected to significantly strengthen: Credibility of electronic evidence in courts, ensuring legal admissibility. Prosecution of cybercrimes, including financial fraud, data breaches, and hacking. Confidence of law enforcement agencies in resolving digital crime cases. Significance of Section 79A of the IT Act Section 79A empowers the government to notify agencies to act as examiners of electronic evidence. This ensures that electronic records, such as computer data, videos, and mobile evidence, meet the necessary standards of legal admissibility. A Step Towards a Cyber-Secure Future The designation of CERT-In as India’s first cyber forensic lab aligns with the government’s broader goal of building a resilient cybersecurity ecosystem. With its enhanced capabilities, CERT-In is equipped to: Handle the rising complexities of cyber incidents. Provide swift and precise analysis of electronic evidence. Strengthen the rule of law in the digital age.

CA arrested with 16 others for alleged involvement in Rs 1.13 crore investment fraud

Accused include a private bank official in the Nagerbazar branch who allegedly helped the racketeers open mule accounts. A chartered accountant (CA) from Siliguri who had recently shifted to Dubai and was allegedly running an investment fraud from there has been arrested with 16 others, police said. The accused include a private bank official in the Nagerbazar branch who allegedly helped the racketeers open mule accounts. The chartered accountant (CA) and six others were arrested at a star hotel in the city, another six at an office in south Calcutta and two others in Bihar, said officers in the state cyber-crime wing. Additional director-general of police, cyber-crime, H.K. Kusumakar, said 17 persons were arrested in Calcutta and Muzaffarpur as part of an investigation into a ₹1.13 crore investment fraud reported by a city doctor to the Bidhannangar commissionerate. The complainant was persuaded to download a fake app from a phishing website replicating the site of a wealth management company. The police said the swindlers would lure people through phishing emails and convince them to invest in “lucrative” schemes. “The money would be transferred through multiple bank accounts opened across the country using fake documents. So far, we have obtained details of more than 700 mule accounts used by the gang in 1,530 cases reported from 29 states involving a fraud amount of ₹250 crore,” said an officer.

Shocking Cyber Slavery Expose Shakes India, Govt Vows To Crack Down

The ground-breaking investigation has uncovered a chilling web of cyber-crime syndicates operating out of Southeast Asia, exploiting thousands of Indian men and women. Lured by fake job offers, these victims are trafficked, tortured, and coerced into committing cybercrimes under duress. The report revealed the harrowing accounts of individuals who were enslaved and forced to target fellow citizens, deceiving them through fraudulent activities on platforms like WhatsApp. Operating from remote locations in Cambodia, Myanmar, and Laos, the syndicates use isolated beachside casinos and gated complexes to carry out their illegal operations. Victims, including Pradeep Kushwaha, were subjected to severe torture, including electric shocks and beatings, leaving them with no option but to comply. The investigation has sparked a swift response from the Indian government. The Home Ministry’s Cyber Security Wing (I4C) has initiated a nationwide effort to gather information on cyber slavery victims, while the Ministry of External Affairs has promised to take-action by collaborating with authorities in Cambodia and other countries involved. The Centre has also advised Indian citizens seeking overseas employment to avoid non-credible agents and only use those registered in the government portal. The hard-hitting expose has not only raised awareness about this dangerous global crime but also pushed the Modi government to take immediate action to protect India’s digital safety and curb the growing menace of cyber slavery.

Indians Are Loosing Rs 41 Crore Every Day To Cyber Crimes

As per the data from the Indian Cyber Crime Coordination Centre (I4C), a division of the Ministry of Home Affairs, India suffered cyber fraud losses amounting to Rs 11,333 crore in the first nine months of 2024. India Faces Rising Cyber Fraud Losses – Stock Trading and Investment Scams Lead the Way With Rs 4,636 crore reported across 2,28,094 complaints, stock trading scams accounted for the highest losses among all. Second to that is the investment-related scams, which amount to Rs 3,216 crore from 1,00,360 cases, while “digital arrest” frauds led to losses of Rs 1,616 crore from 63,481 complaints. According to Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) data, there were nearly 12 lakh cyber fraud complaints in 2024. Of these, 45% originated from Southeast Asian countries, including Cambodia, Myanmar, and Laos. Since its inception in 2021, it has recorded 30.05 lakh complaints, with total losses reaching Rs 27,914 crore. The yearly breakdown shows 11,31,221 complaints in 2023, 5,14,741 in 2022, and 1,35,242 in 2021. PM Modi Addresses ‘Digital Arrest’ Frauds and Urges Vigilance Amid Rising Cybercrime Prime Minister Narendra Modi recently addressed the issue of “digital arrest” frauds during the 115th episode of his Mann Ki Baat radio program, wherein he emphasized that no government agency contacts individuals via phone or video calls for investigations and clarified, “There is no system like digital arrest under the law.” He later urged the citizens to remain vigilant against such scams, after Indians lost Rs 120.3 crore in digital arrest frauds in the first quarter of this year. As per the analysis of such fraud cases, the stolen funds are often withdrawn via methods such as cheques, central bank digital currencies (CBDCs), fintech crypto platforms, ATMs, merchant payments, and e-wallets. The I4C has frozen approximately 4.5 lakh mule bank accounts in the past year to disrupt the laundering of cybercrime proceeds. I4C, at an anti-terror conference, also highlighted key challenges in investigating cyber fraud cases. These included the anonymity offered by digital wallets, foreign money exchanges, insufficient KYC protocols, VPN access, and cryptocurrency-related fraud originating from abroad. As many as 17,000 WhatsApp accounts linked to cybercriminals operating out of Southeast Asia have been blocked by I4C, in collaboration with the Ministry of Telecommunications. This move aims to disrupt offshore criminal networks, even as social engineering, deepfakes, ransomware, zero-day exploits, and supply chain attacks emerge as new forms of cybercrime.