Companies require a Valid license for the Import of laptops & tablets

Introduction

Over the past few months, cybercriminals have upped the ante with highly complex methods targeting innocent users. One such scam is a new one that exploits WhatsApp users in India and globally. A seemingly harmless picture message is the entry point to stealing money and data. Downloading seemingly harmless images via WhatsApp can unknowingly install malware on your smartphone. This malicious software can compromise your banking applications, steal passwords, and expose your personal identity. With such malware-laced instant messages now making headlines, it is advised for netizens to exercise extreme caution while handling media received on messaging platforms.

How Does the WhatsApp Photo Scam Work?

Cybercriminals began embedding malicious code in images being shared on WhatsApp. Here is how the attack typically works:

1.  The user receives a WhatsApp message from an unknown number with an image.
2. The image may appear harmless—a greeting, meme, or holiday card—but it's packed with hidden malware.
3. When the user taps to download the image, the malware gets installed on the phone in silent mode.
4. Once installed, the malware is able to capture keystrokes, read messages, swipe banking applications, swipe credentials, and even hijack device functionality.
5. Allegedly, in its advanced versions, it can exploit two-factor authentication (2FA) and make unauthorised transactions.

Who Is Being Targeted?

This scam targets both Android and iPhone users, with a focus on vulnerable groups like senior citizens, busy workers during peak seasons, and members of WhatsApp groups flooded with forwarded messages. Experts warn that a single careless click is enough to compromise an entire device.

What Can the Malware Do?

Upon installation, the malware grants hackers a terrifying level of access:

• Track user activity via keylogging or screen capture.
• Pilfer banking credentials and initiate fund transfers automatically.
• Obtain SMS or app-based 2FA codes, evading security layers.
• Clone identity information, such as Aadhaar details, digital wallets, and email access.
• Control device operations, including the camera and microphone.

This level of intrusion can result in not just financial loss but long-term digital impersonation or blackmail.

Safety Measures for WhatsApp Users

1. Never Download Media from Suspicious Numbers

Do not download any files or pictures, even if the content appears to be familiar, unless you have faith in the source. Spread this advice among family members, particularly the older generation.

2. Turn off Auto-Download in WhatsApp Settings

Navigate to Settings > Storage and Data > Media Auto-Download. Switch off auto-download for mobile data, Wi-Fi, and roaming.

3. Install and Update Mobile Security Apps

Ensure your phone is equipped with a good antivirus or mobile security app that is updated from time to time.

4. Block and Report Potential Scammers

WhatsApp offers the ability to block and report senders in a straightforward manner. This ensures that it notifies the platform and others as well.

5. Educate Your Community

Share your knowledge on cyber hygiene with family, friends, and colleagues. Many people fall victim simply because they aren't aware of the risks, staying informed and spreading the word can make a big difference.

Advisories and Response

The Indian Cybercrime Coordination Centre (I4C) and other state cyber cells have released several alerts on increasing fraud via messaging platforms. Law enforcement agencies are appealing to the public not only to be vigilant but also to report any incident at once through the National Cybercrime Reporting Portal (cybercrime.gov.in).

Conclusion

The WhatsApp photo scam is a stark reminder that not all dangers come with a warning. A picture can now be a Trojan horse, propagating silently from device to device and draining personal money. Do not engage with unwanted media, refresh and update your privacy and security settings. Cyber criminals survive on neglect and ignorance, but through digital hygiene and vigilance, we can fight against these types of emerging threats.

References

• https://www.opswat.com/blog/how-emerging-image-based-malware-attacks-threaten-enterprise-defenses
• https://www.indiatvnews.com/technology/news/whatsapp-photo-scam-alert-downloading-random-images-could-cost-you-big-2025-05-06-988855
• https://www.hindustantimes.com/india-news/what-is-the-whatsapp-image-scam-and-how-can-you-stay-safe-from-it-101744353412848.html
• https://faq.whatsapp.com/898107234497196/?helpref=uf_share
• https://www.welivesecurity.com/en/malware/malware-hiding-in-pictures-more-likely-than-you-think/
• https://faq.whatsapp.com/573786218075805
• https://www.reversinglabs.com/blog/malware-in-images

‍

Introduction

On May 21st, 2025, the Department of Telecommunications (DoT) launched the Financial Risk Indicator (FRI) feature, marking an important step towards safeguarding mobile phone users from the risks of financial fraud. This was developed as a part of the Digital Intelligence Platform (DIP), which facilitates coordination between stakeholders to curb the misuse of telecom services for conducting cyber crimes.

What is the Financial Risk Indicator (FRI)?

The FRI is a risk-based metric feature that categorises phone numbers into risk, medium risk, and high risk based on their association with financial fraud in the past. The data pool enabling this intelligence sharing includes the Digital Intelligence Unit (DIU) of the DoT, which engages and sends a list of Mobile Numbers that were disconnected (Mobile Number Revocation List - MNRL) to the following stakeholders, creating a network of checks and balances. They are:

1. Intelligence from Non-Banking Finance Companies, and UPI (Unified Payment Interface) gateways.
2. The Chakshu facility- a feature on the Sanchar Saathi portal that enables users to report suspected fraudulent communication (Calls, SMS, WhatsApp messages), which has also been roped in.
3. Complaints from the National Cybercrime Reporting Portal (NCRP) through the I4C (Indian Cyber Coordination Center).

Some other initiatives taken up concerning securing against digital financial fraud are the Citizen Financial Cyber Fraud Reporting and Management System, the International Incoming Spoofed Calls Prevention System, among others.

A United Stance

The ease of payment and increasing digitisation might have enabled the increasing usage of UPI platforms. However, post-adoption, the responsibility of securing the digital payments infrastructure becomes essential. As per a report by CNBC TV18, UPI fraud cases surged by 85% in FY24. The number of incidents have increased from 7.25 lakh in FY23 to 13.42 lakh in FY24. These cases involved a total value of ₹1,087 crore, compared to ₹573 crore in the previous year, and the number continues to increase. 

Nevertheless, UPI platforms are taking their own initiative to combat such crimes. PhonePe, one of the most used digital payment interface as of January 2025 (Statista) has already incorporated the FRI into its PhonePe Protect feature; this blocks transactions with high-risk numbers and issues a warning prior to engaging with numbers that are categorised to be of medium risk. 

CyberPeace Insights

The launch of a feature addressing the growing threat of financial fraud is crucial for creating a network of stakeholders to coordinate with law enforcement to better track and prevent crimes. Publicity of these measures will raise public awareness and keep end-users informed. A secure infrastructure for digital payments is necessary in this age, with a robust base mechanism that can adapt to both current and future threats.

References

• https://www.thehawk.in/news/economy-and-business/centre-launches-financial-fraud-risk-indicator-to-safeguard-mobile-users
• https://telanganatoday.com/government-launches-financial-fraud-risk-indicator-to-safeguard-mobile-users
• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2130249#:~:text=What%20is%20the%20%E2%80%9CFinancial%20Fraud,High%20risk%20of%20financial%20fraud
• https://www.business-standard.com/industry/news/dot-launches-financial-fraud-risk-indicator-to-aid-cybercrime-detection-125052101912_1.html 
• https://www.cnbctv18.com/business/finance/upi-fraud-cases-rise-85-pc-in-fy24-increase-parliament-reply-data-19514295.htm
• https://www.statista.com/statistics/1034443/india-upi-usage-by-platform/#:~:text=In%20January%202025%2C%20PhonePe%20held%20the%20highest,key%20drivers%20of%20UPI%20adoption%20in%20India
• https://telecom.economictimes.indiatimes.com/amp/news/policy/centre-notifies-draft-rules-for-delicensing-lower-6-ghz-band/121260887?nt

‍

Introduction

Search Engine Optimisation (SEO) is a process through which one can improve website visibility on search engine platforms like Google, Microsoft Bing, etc. There is an implicit understanding that SEO suggestions or the links that are generated on top are the more popular information sources and, hence, are deemed to be more trustworthy. This trust, however, is being misused by threat actors through a process called SEO poisoning.

SEO poisoning is a method used by threat actors to attack and obtain information about the user by using manipulative methods that position their desired link, web page, etc to appear at the top of the search engine algorithm. The end goal is to lure the user into clicking and downloading their malware, presented in the garb of legitimate marketing or even as a valid result for Google search.

An active example of attempts at SEO poisoning has been discussed in a report by the Hindustan Times on 11th November, 2024. It highlights that using certain keywords could make a user more susceptible to hacking. Hackers are now targeting people who enter specific words or specific combinations in search engines. According to the report, users who looked up and clicked on links at the top related to the search query “Are Bengal cats legal in Australia?” had details regarding their personal information posted online soon after.

SEO Poisoning - Modus Operandi Of Attack

There are certain tactics that are used by the attackers on SEO poisoning, these are:

• Keyword stuffing- This method involves overloading a webpage with irrelevant words, which helps the false website appear higher in ranking.
• Typosquatting- This method involves creating domain names or links similar to the more popular and trusted websites. A lack of scrutiny before clicking would lead the user to download malware, from what they thought was a legitimate site.
• Cloaking- This method operates by showing different content to both the search engines and the user. While the search engine sees what it assumes to be a legitimate website, the user is exposed to harmful content.
• Private Link Networks- Threat actors create a group of unrelated websites in order to increase the number of referral links, which enables them to rank higher on search engine platforms.
• Article Spinning- This method involves imitating content from other pre-existing, legitimate websites, while making a few minor changes, giving the impression to search engine crawlers of it being original content.
• Sneaky Redirect- This method redirects the users to malicious websites (without their knowledge) instead of the ones the user had intended to click.

CyberPeace Recommendations

• Employee Security Awareness Training: Security awareness training can help employees familiarise themselves with tactics of SEO poisoning, encouraging them to either spot such inconsistencies early on or even alert the security team at the earliest. 
• Tool usage: Companies can use Digital Risk Monitoring tools to catch instances of typosquatting. Endpoint Detection and Response (EDR) tools also help keep an eye on client history and assess user activities during security breaches to figure out the source of the affected file.
• Internal Security Measures: To refer to lists of Indicators of Compromise (IOC). IOC has URL lists that show evidence of the strange behaviour of websites, and this can be used to practice caution. Deploying Web Application Firewalls (WAFs) to mitigate and detect malicious traffic is helpful.

Conclusion

The nature of SEO poisoning is such that it inherently promotes the spread of misinformation, and facilitates cyberattacks. Misinformation regarding the legitimacy of the links and the content they display, in order to lure users into clicking on them, puts personal information under threat. As people trust their favoured search engines, and there is a lack of awareness of such tactics in use, one must exercise caution while clicking on links that seem to be popular, despite them being hosted by trusted search engines.

References

• https://www.checkpoint.com/cyber-hub/cyber-security/what-is-cyber-attack/what-is-seo-poisoning/
• https://www.vectra.ai/topics/seo-poisoning
• https://www.techtarget.com/whatis/definition/search-poisoning
• https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/seo-poisoning
• https://www.coalitioninc.com/blog/seo-poisoning-attacks
• https://www.sciencedirect.com/science/article/abs/pii/S0160791X24000186
• https://www.repindia.com/blog/secure-your-organisation-from-seo-poisoning-and-malvertising-threats/ 
• https://www.hindustantimes.com/technology/typing-these-6-words-on-google-could-make-you-a-target-for-hackers-101731286153415.html

‍