#Fact Check: Viral Video Falsely Claims Israel Launched Nuclear Attack on Iran

Introduction

In the advanced age of digitalization, the user base of Android phones is high. Our phones have become an integral part of our daily life activities from making online payments, booking cabs, playing online games, booking movie & show tickets, conducting online business activities, social networking, emailing and communication, we utilize our mobile phone devices. The Internet is easily accessible to everyone and offers various convenient services to users. People download various apps and utilize various services on the internet using their Android devices. Since it offers convenience, but in the growing digital landscape, threats and vulnerabilities have also emerged. Fraudsters find the vulnerabilities and target the users. Recently, various creepy online scams such as AI-based scams, deepfake scams, malware, spyware, malicious links leading to financial frauds, viruses, privacy breaches, data leakage, etc. have been faced by Android mobile users. Android mobile devices are more prone to vulnerabilities as compared to iOS. However, both Android and iOS platforms serve to provide safer digital space to mobile users. iOS offers more security features. but we have to play our part and be careful. There are certain safety measures which can be utilised by users to be safe in the growing digital age.

‍

User Responsibility: 

Law enforcement agencies have reported that they have received a growing number of complaints showing malware being used to compromise Android mobile devices. Both the platforms, Android and Google, have certain security mechanisms in place. However, cybersecurity experts emphasize that users must actively take care of safeguarding their mobile devices from evolving online threats. In this era of evolving cyber threats, being precautious and vigilant and personal responsibility for digital security is paramount.

‍

Being aware of evolving scams

1. Deepfake Scams: Deepfake is an AI-based technology. Deepfake is capable of creating realistic images or videos which in actuality are created by machine algorithms. Deepfake technology, since easily accessible, is misused by fraudsters to commit various cyber crimes or deceive and scam people through fake images or videos that look realistic. By using the Deepfake technology, cybercriminals manipulate audio and video content which looks very realistic but, in actuality, is fake. 
2. Voice cloning: To create a voice clone of anyone's, audio can be deepfaked too, which closely resembles a real one but, in actuality, is a fake voice created through deepfake technology. Recently, in Kerala, a man fell victim to an AI-based video call on WhatsApp. He received a video call from a person claiming to be his former colleague. The scammer, using AI deepfake technology, impersonated the face of his former colleague and asked for financial help of 40,000. 
3. Stalkerware or spyware: Stalkware or spyware is one of the serious threats to individual digital safety and personal information. Stalkware is basically software installed into your device without your consent or knowledge in order to track your activities and exploit your data. Stalkware, also referred to as spyware, is a type of malicious software secretly installed on your device without your knowledge. Its purpose is to track you or monitor your activities and record sensitive information such as passwords, text messages, GPS location, call history and access to your photos and videos. Cybercriminals and stalkers use this malicious software to unauthorisedly gain access to someone's phone devices.

‍

Best practices or Cyber security tips:

• Keep your software up to date: Turn on automatic software updates for your device and make sure your mobile apps are up to date.
• Using strong passwords: Use strong passwords on your lock/unlock and on important apps on your mobile device.
• Using 2FA or multi-factor authentication: Two-factor authentication or multi-factor authentication provides extra layers of security. Be cautious before clicking on any link and downloading any app or file: Users are often led to click on malicious online links. Scammers may present such links to users through false advertisements on social media platforms, payment processes for online purchases, or in phone text messages. Through the links, victims are led either to phishing sites to give away personal data or to download harmful Android Package Kit (APK) files used to distribute and install apps on Android mobile phones.‍
• Secure Payments: Do not open any malicious links. Always make payments from secure and trusted payment apps.  Use strong passwords for your payment apps as well. And secure your banking credentials.‍
• Safe browsing: Pay due care and attention while clicking on any link and downloading content. Ignore the links or attachments of suspicious emails which are from an unknown sender. ‍
• Do not download third-party apps: Using an APK file to download a third-party app to an Android device is commonly known as sideloading. Be cautious and avoid downloading apps from third-party or dubious sites. Doing so may lead to the installation of malware in the device, which in turn may result in confidential and sensitive data such as banking credentials being stolen. Always download apps only from the official app store.‍
• App permissions: Review app permission and only grant permission which is necessary to use that app. ‍
• Do not bypass security measures: Android offers more flexibility in the mobile operating system and in mobile settings. For example, sideloading of apps is disabled by default, and alerts are also in place to warn users. However, an unwitting user who may not truly understand the warnings may simply grant permission to an app to bypass the default setting.‍
• Monitoring: Regularly monitor your devices and system logs for security check-ups and for detecting any suspicious activity.‍
• Reporting online scams: A powerful resource available to victims of cybercrime is the National Cyber Crime Reporting Portal, equipped with a 24x7 helpline number, 1930. This portal serves as a centralized platform for reporting cybercrimes, including financial fraud.

‍

Conclusion:

The era of digitalisation has transformed our lives, with Android phones becoming an integral part of our daily routines. While these devices offer convenience, they also expose us to online threats and vulnerabilities, such as scams like deepfake technology-based scams, voice clones, spyware, malware, and malicious links that can lead to significant financial and privacy breaches. Android devices might be more susceptible to such scams. By being aware of emerging scams like deepfakes, spyware, and other malicious activities, we can take proactive steps to safeguard our digital lives. Our mobile devices remain as valuable assets for us. However, they are also potential targets for cybercriminals. Users must remain proactive in protecting their devices and personal data from potential threats. By taking personal responsibility for our digital security and following these best practices, we can navigate the digital landscape with confidence, ensuring that our Android phones remain powerful tools for convenience and connection while keeping our data and privacy intact and staying safe from online threats and vulnerabilities.

‍

References: 

https://www.todayonline.com/singapore/explainer-why-android-devices-prone-online-scams-users-guard-against-it-2252066

‍

Introduction

Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs  (MHA) to provide a framework and eco-system for law enforcement agencies (LEAs) to deal with cybercrime in a coordinated and comprehensive manner. The Indian Ministry of Home Affairs approved a scheme for the establishment of the Indian Cyber Crime Coordination Centre (I4C) in October2018, which was inaugurated by Home Minister Amit Shah in January 2020. I4C is envisaged to act as the nodal point to curb Cybercrime in the country. Recently, on 13th March2024, the Centre designated the Indian Cyber Crime Coordination Centre (I4C) as an agency of the Ministry of Home Affairs (MHA) to perform the functions under the Information Technology Act, 2000, to inform about unlawful cyber activities.

The gazetted notification dated 13th March 2024 read as follows:

“In exercise of the powers conferred by clause (b) of sub-section (3) of section 79 of the Information Technology Act 2000, Central Government being the appropriate government hereby designate the Indian Cybercrime Coordination Centre (I4C), to be the agency of the Ministry of Home Affairs to perform the functions under clause (b) of sub-section (3) of section79 of Information Technology Act, 2000 and to notify the instances of information, data or communication link residing in or connected to a computer resource controlled by the intermediary being used to commit the unlawful act.”

Impact

Now, the Indian Cyber Crime Coordination Centre (I4C) is empowered to issue direct takedown orders under 79(b)(3) of the IT Act, 2000. Any information, data or communication link residing in or connected to a computer resource controlled by any intermediary being used to commit unlawful acts can be notified by the I4C to the intermediary. If an intermediary fails to expeditiously remove or disable access to a material after being notified, it will no longer be eligible for protection under Section 79 of the IT Act, 2000.

Safe Harbour Provision

Section79 of the IT Act also serves as a safe harbour provision for the Intermediaries. The safe harbour provision under Section 79 of the IT Act states that "an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him". However, it is notable that this legal immunity cannot be granted if the intermediary "fails to expeditiously" take down a post or remove a particular content after the government or its agencies flag that the information is being used to commit something unlawful. Furthermore, Intermediaries are also obliged to perform due diligence on their platforms and comply with the rules & regulations and maintain and promote a safe digital environment on the respective platforms.

Under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, The government has also mandated that a ‘significant social media intermediary’ must appoint a Chief Compliance Officer (CCO), Resident Grievance Officer (RGO), and Nodal Contact Person and publish periodic compliance report every month mentioning the details of complaints received and action taken thereon.

I4C's Role in Safeguarding Cyberspace

The Indian Cyber Crime Coordination Centre (I4C) is actively working towards initiatives to combat the emerging threats in cyberspace. I4C is one of the crucial extensions of the Ministry of Home Affairs, Government of India, working extensively to combat cyber crimes and ensure the overall safety of netizens. The ‘National Cyber Crime Reporting Portal’ equipped with a 24x7 helpline number 1930,  is one of the key component of the I4C.

Components Of The I4C

1. National Cyber Crime Threat Analytics Unit
2. National Cyber Crime Reporting Portal
3. National Cyber Crime Training Centre
4. Cyber Crime Ecosystem Management Unit
5. National Cyber Crime Research and Innovation Centre
6. National Cyber Crime Forensic Laboratory Ecosystem
7. Platform for Joint Cyber Crime Investigation Team.

‍

Conclusion

I4C, through its initiatives and collaborative efforts, plays a pivotal role in safeguarding cyberspace and ensuring the safety of netizens. I4C reinforces India's commitment to combatting cybercrime and promoting a secure digital environment. The recent development by designating the I4C as an agency to notify the instances of unlawful activities in cyberspace serves as a significant step to counter cybercrime and promote an ethical and safe digital environment for netizens.

References

• https://www.deccanherald.com/india/centre-designates-i4c-as-agency-of-mha-to-notify-unlawful-activities-in-cyber-world-2936976
• https://www.business-standard.com/india-news/home-ministry-authorises-i4c-to-issue-takedown-notices-under-it-act-124031500844_1.html
• https://www.hindustantimes.com/india-news/it-ministry-empowers-i4c-to-notify-instances-of-cybercrime-101710443217873.html
• https://i4c.mha.gov.in/about.aspx#:~:text=Objectives%20of%20I4C,identifying%20Cybercrime%20trends%20and%20patterns

‍

Introduction

With the increasing reliance on digital technologies in the banking industry, cyber threats have become a significant concern. Cyberlaw plays a crucial role in safeguarding the banking sector from cybercrimes and ensuring the security and integrity of financial systems.

The banking industry has witnessed a rapid digital transformation, enabling convenient services and greater access to financial resources. However, this digitalisation also exposes the industry to cyber threats, necessitating the formulation and implementation of effective cyber law frameworks.

Recent Trends in the Banking Industry

Digital Transformation: The banking industry has embraced digital technologies, such as mobile banking, internet banking, and financial apps, to enhance customer experience and operational efficiency.

Open Banking: The concept of open banking has gained prominence, enabling data sharing between banks and third-party service providers, which introduces new cyber risks.

How Cyber Law Helps the Banking Sector

The banking sector and cyber crime share an unspoken synergy due to the mass digitisation of banking services. Thanks to QR codes, UPI and online banking payments, India is now home to 40% of global online banking transactions. Some critical aspects of the cyber law and banking sector are as follows:

Data Protection: Cyberlaw mandates banks to implement robust data protection measures, including encryption, access controls, and regular security audits, to safeguard customer data.

Incident Response and Reporting: Cyberlaw requires banks to establish incident response plans, promptly report cyber incidents to regulatory authorities, and cooperate in investigations.

Customer Protection: Cyberlaw enforces regulations related to online banking fraud, identity theft, and unauthorised transactions, ensuring that customers are protected from cybercrimes.

Legal Framework: Cyberlaw provides a legal foundation for digitalisation in the banking sector, assuring customers that regulations protect their digital transactions and data.

Cybersecurity Training and Awareness: Cyberlaw encourages banks to conduct regular training programs and create awareness among employees and customers about cyber threats, safe digital practices, and reporting procedures.

RBI Guidelines

The RBI, as India’s central banking institution, has issued comprehensive guidelines to enhance cyber resilience in the banking industry. These guidelines address various aspects, including:

Technology Risk Management

Cyber Security Framework

IT Governance

Cyber Crisis Management Plan

Incident Reporting and Response

Recent Trends in Banking Sector Frauds and the Role of Cyber Law

Phishing Attacks: Cyberlaw helps banks combat phishing attacks by imposing penalties on perpetrators and mandating preventive measures like two-factor authentication.

Insider Threats: Cyberlaw regulations emphasise the need for stringent access controls, employee background checks, and legal consequences for insiders involved in fraudulent activities.

Ransomware Attacks: Cyberlaw frameworks assist banks in dealing with ransomware attacks by enabling legal actions against hackers and promoting preventive measures, such as regular software updates and data backups.

Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs)

Draft of Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs) issued by the Reserve Bank of India (RBI). The directions provide guidelines and requirements for PSOs to improve the safety and security of their payment systems, with a focus on cyber resilience. These guidelines for PSOs include mobile payment service providers like Paytm or digital wallet payment platforms.

Here are the highlights-

The Directions aim to improve the safety and security of payment systems operated by PSOs by providing a framework for overall information security preparedness, with an emphasis on cyber resilience.

The Directions apply to all authorised non-bank PSOs.

PSOs must ensure adherence to these Directions by unregulated entities in their digital payments ecosystem, such as payment gateways, third-party service providers, vendors, and merchants.

The PSO’s Board of Directors is responsible for ensuring adequate oversight over information security risks, including cyber risk and cyber resilience. A sub-committee of the Board may be delegated with primary oversight responsibilities.

PSOs must formulate a Board-approved Information Security (IS) policy that covers roles and responsibilities, measures to identify and manage cyber security risks, training and awareness programs, and more.

PSOs should have a distinct Board-approved Cyber Crisis Management Plan (CCMP) to detect, contain, respond, and recover from cyber threats and attacks.

A senior-level executive, such as a Chief Information Security Officer (CISO), should be responsible for implementing the IS policy and the cyber resilience framework and assessing the overall information security posture of the PSO.

PSOs need to define Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to identify potential risk events and assess the effectiveness of security controls. The sub-committee of the Board is responsible for monitoring these indicators.

PSOs should conduct a cyber risk assessment when launching new products, services, technologies, or significant changes to existing infrastructure or processes.

PSOs, including inventory management, identity and access management, network security, application security life cycle, security testing, vendor risk management, data security, patch and change management life cycle, incident response, business continuity planning, API security, employee awareness and training, and other security measures should implement various baseline information security measures and controls.

PSOs should ensure that payment transactions involving debit to accounts conducted electronically are permitted only through multi-factor authentication, except where explicitly permitted/relaxed.

Conclusion

The relationship between cyber law and the banking industry is crucial in ensuring a secure and trusted digital environment. Recent trends indicate that cyber threats are evolving and becoming more sophisticated. Compliance with cyber law provisions and adherence to guidelines such as those provided by the RBI is essential for banks to protect themselves and their customers from cybercrimes. By embracing robust cyber law frameworks, the banking industry can foster a resilient ecosystem that enables innovation while safeguarding the interests of all stakeholders or users.