#FactCheck - Deepfake Video Falsely Claims visuals of a massive rally held in Manipur

Introduction

The Chairman of Vardhman Group, Mr SP Oswal, an India-based textile manufacturer, fell victim to a cyber fraud scheme that cost him ₹7 crore. The scam unfolded on August 28 and 29, conning Mr Oswal into transferring Rs 7 crore into multiple bank accounts. As per the recent reports, the Police have managed to freeze these accounts and recover over Rs 5 crore as of now. The fraudsters convinced Mr SP Oswal that he was a suspect in a money laundering investigation and held on a “Digital Arrest”. These are sophisticated cyber frauds where cyber-criminals impersonate law enforcement officials or other authorities and target innocent individuals with manipulative tactics. The scam targets are often contacted out of the blue, on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don't cooperate with a series of urgent demands.

Posing as Officials, Fraudsters Orchestrate ₹7 Crore Scam

The investigation revealed that the fraudsters posed as members of the Central Bureau of Investigation (CBI). They had contacted Mr Oswal and claimed that his Aadhaar had been misused in a case involving fake passports and financial fraud. The imposter conducted a video call in a police uniform using a background with the CBI logo. The fraud escalated further, Mr Oswal got a fake "arrest warrant" on  WhatsApp allegedly authorised by the Supreme Court. Fraudsters convinced Mr Oswal to transfer ₹7 crores to facilitate bail proceedings, claiming he was under "digital arrest". The meticulously planned scam involved fake documents, a virtual courtroom, and relentless intimidation tactics leaving Mr Oswal effectively under "digital arrest" for two days. While the police have successfully recovered over Rs 5 crore so far, this case highlights the alarming threat of digital impersonation of law enforcement authorities.

Legal Outlook on the Validity of Digital Arrests

In India, the main laws governing cyber crimes are the Information Technology Act, of 2000 and the rules made under therein, and the newly enacted Bhartiya Nyaya Sanhita, 2023. Recently enacted new criminal laws do not provide for any provision for law enforcement agencies conducting a digital arrest.  The law only provides for service of the summons and the proceedings in an electronic mode. Hence, there are no provisions for conducting 'digital arrests' as per the laws of the country. 

Further, It should be noted that the Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, coordinates the activities related to combating cybercrime in the country. MHA works closely with other ministries to counter these frauds. The I4C also provides technical support to the police authorities of states/UTs for the identification and investigation of these cases. 

Best Practices to Avoid Digital Arrest Scams 

• To protect yourself from scams, it is crucial to verify the identity of individuals claiming to be law enforcement or government officials and use official contact channels to confirm their credentials. 
• Be cautious of pressure tactics used by fraudsters, especially demands for quick payment over unverified communication platforms like WhatsApp. 
• Cross-check official documents with legal advisors or relevant authorities. 
• Never share sensitive personal information, such as your Aadhaar number, over phone calls, emails, or messages without verifying the request's authenticity. 
• Avoid untraceable payments, such as cryptocurrency or prepaid cards, without validating the transaction's legitimacy, especially under duress. 
• Stay informed on scam techniques, particularly those involving impersonation and digital threats. 
• Enable Two-Factor Authentication (2FA) for sensitive online accounts to prevent misuse. 
• Consult advice from legal professionals if you receive threatening communication involving digital arrest or legal actions and do not take any action on the asks of persons posing as legitimate authorities. 
• In case of any cybercrime, you can file a complaint at cybercrime.gov.in or helpline number 1930. You can also seek assistance from the CyberPeace helpline at +91 9570000066.

Conclusion

The digital arrest of Vardhman Group's CEO underscores the increasing sophistication of cyber fraud schemes, which exploit fear and urgency, leading to severe financial and reputational harm. No one is immune from cybercrime, vigilance is essential at all leadership levels. While laws like the IT Act and initiatives taken by the I4C help combat cybercrime, rapidly evolving threats demand proactive safety measures. Beyond the possibility of financial loss, incidents like this jeopardise brand reputation, investor confidence, and operational stability. Be cautious of such threats and exercise due care and caution while navigating the digital landscape. Be aware of such kinds of scams and the manipulative tactics used by fraudsters to avoid them. By staying vigilant and aware we can avoid the growing scam of digital arrests. 

References

• https://www.business-standard.com/companies/news/digital-arrest-and-rs-7-crore-heist-how-vardhman-group-head-was-tricked-124100100832_1.html
• https://www.hindustantimes.com/business/vardhman-group-chairman-sp-oswal-duped-of-rs-7-crore-fraudsters-posed-as-cbi-101727666912738.html 
• https://www.msspalert.com/native/digital-arrests-the-new-frontier-of-cybercrime

‍

In 2023, PIB reported that up to 22% of young women in India are affected by Polycystic Ovarian Syndrome (PCOS). However, access to reliable information regarding the condition and its treatment remains a challenge. A study by the PGIMER Chandigarh conducted in 2021 revealed that approximately 37% of affected women rely on the internet as their primary source of information for PCOS. However, it can be difficult to distinguish credible medical advice from misleading or inaccurate information online since the internet and social media are rife with misinformation. The uptake of misinformation can significantly delay the diagnosis and treatment of medical conditions, jeopardizing health outcomes for all.

The PCOS Misinformation Ecosystem Online

PCOS is one of the most common disorders diagnosed in the female endocrine system, characterized by the swelling of ovaries and the formation of small cysts on their outer edges. This may lead to irregular menstruation, weight gain, hirsutism, possible infertility, poor mental health, and other symptoms. However, there is limited research on its causes, leaving most medical practitioners in India ill-equipped to manage the issue effectively and pushing women to seek alternate remedies from various sources.

This creates space for the proliferation of rumours, unverified cures and superstitions,  on social media, For example, content on YouTube, Facebook, and Instagram may promote “miracle cures” like detox teas or restrictive diets, or viral myths claiming PCOS can be “cured” through extreme weight loss or herbal remedies. Such misinformation not only creates false hope for women but also delays treatment, or may worsen symptoms.

 How Tech Platforms Amplify Misinformation 

1. Engagement vs. Accuracy: Social media algorithms are designed to reward viral content, even if it’s misleading or incendiary since it generates advertisement revenue. Further, non-medical health influencers often dominate health conversations online and offer advice with promises of curing the condition.
2. Lack of Verification: Although platforms like YouTube try to provide verified health-related videos through content shelves, and label unverified content, the sheer volume of content online means that a significant chunk of content escapes the net of content moderation. 
3. Cultural Context: In India, discussions around women’s health, especially reproductive health, are stigmatized, making social media the go-to source for private, albeit unreliable, information. 

Way Forward

a. Regulating Health Content on Tech Platforms: Social media is a significant source of health information to millions who may otherwise lack access to affordable healthcare. Rather than rolling back content moderation practices as seen recently, platforms must dedicate more resources to identify and debunk misinformation, particularly health misinformation. 

b. Public Awareness Campaigns: Governments and NGOs should run nationwide campaigns in digital literacy to educate on women’s health issues in vernacular languages and utilize online platforms for culturally sensitive messaging to reach rural and semi-urban populations. This is vital for countering the stigma and lack of awareness which enables misinformation to proliferate. 

c. Empowering Healthcare Communication: Several studies suggest a widespread dissatisfaction among women in many parts of the world regarding the information and care they receive for PCOS.  This is what drives them to social media for answers. Training PCOS specialists and healthcare workers to provide accurate details and counter misinformation during patient consultations can improve the communication gaps between healthcare professionals and patients. 

d. Strengthening the Research for PCOS: The allocation of funding for research in PCOS is vital, especially in the face of its growing prevalence amongst Indian women. Academic and healthcare institutions must collaborate to produce culturally relevant, evidence-based interventions for PCOS. Information regarding this must be made available online since the internet is most often a primary source of information. An improvement in the research will inform improved communication, which will help reduce the trust deficit between women and healthcare professionals when it comes to women’s health concerns.

Conclusion 

In India, the PCOS misinformation ecosystem is shaped by a mix of local and global factors such as health communication failures, cultural stigma, and tech platform design prioritizing engagement over accuracy. With millions of women turning to the internet for guidance regarding their conditions, they are increasingly vulnerable to unverified claims and pseudoscientific remedies which can lead to delayed diagnoses, ineffective treatments, and worsened health outcomes. The rising number of PCOS cases in the country warrants the bridging of health research and communications gaps so that women can be empowered with accurate, actionable information to make the best decisions regarding their health and well-being. 

Sources

• https://pib.gov.in/PressReleasePage.aspx?PRID=1893279#:~:text=It%20is%20the%20most%20prevailing%20female%20endocrine,neuroendocrine%20system%2C%20sedentary%20lifestyle%2C%20diet%2C%20and%20obesity. 
• https://www.thinkglobalhealth.org/article/india-unprepared-pcos-crisis?utm_source=chatgpt.com 
• https://www.bbc.com/news/articles/ckgz2p0999yo ‍
• https://pmc.ncbi.nlm.nih.gov/articles/PMC9092874/

Introduction

Cert-In (Indian Computer Emergency Response Team) has recently issued the “Guidelines on Information Security Practices” for Government Entities for Safe & Trusted Internet. The guideline has come at a critical time when the Draft Digital India Bill is about to be released, which is aimed at revamping the legal aspects of Indian cyberspace. These guidelines lay down the policy framework and the requirements for critical infrastructure for all government organisations and institutions to improve the overall cyber security of the nation.

What is Cert-In?

A Computer Emergency Response Team (CERT) is a group of information security experts responsible for the protection against, detection of and response to an organisation’s cybersecurity incidents. A CERT may focus on resolving data breaches and denial-of-service attacks and providing alerts and incident handling guidelines. CERTs also conduct ongoing public awareness campaigns and engage in research aimed at improving security systems. The Ministry of Electronics and Information Technology (MeitY) oversees CERT-In. It regularly releases alerts to help individuals and companies safeguard their data, information, and ICT (Information and Communications Technology) infrastructure.

Indian Computer Emergency Response Team (CERT-In) has been established and appointed as national agency in respect of cyber incidents and cyber security incidents in terms of the provisions of section 70B of Information Technology (IT) Act, 2000.

CERT-In requests information from service providers, intermediaries, data centres, and body corporates to coordinate reaction actions and emergency procedures regarding cyber security incidents. It is a focal point for incident reporting and offers round-the-clock security services.  It manages cyber occurrences that are tracked and reported while continuously analysing cyber risks. It strengthens the security barriers for the Indian Internet domain.

Background

India is fast becoming one of the world’s largest connected nations – with over 80 Crore Indians  (Digital Nagriks) presently connected and using the Internet and cyberspace – and with this number is expected to touch 120 Crores in the coming few years. The Digital Nagriks of the country are using the Internet for business, education, finance and various applications and services including Digital Government services. Internet provides growth and innovation and at the same time it has seen rise in cybercrimes, user harm and other challenges to online safety. The policies of the Government are aimed at ensuring an Open, Safe & Trusted and Accountable Internet for its users. Government is fully cognizant and aware of the growing cyber security threats and attacks.

It is the Government of India’s objective to ensure that Digital Nagriks experience a Safe & Trusted Internet. Along with ubiquitous applications of Information & Communication Technologies (ICT) in almost all facets of service delivery and operations, continuously evolving cyber threats have become a concern for the Government. Cyber-attacks can come in the form of malware, ransomware, phishing, data breach etc., that adversely affect an organisation’s information and systems. Cyber threats leading to cyber-attacks or incidents can compromise the confidentiality, integrity, and availability of an organisation’s information and systems and can have far reaching impact on essential services and national interests. To protect against cyber threats, it is important for government entities to implement strong  cybersecurity measures and follow best practices. As ICT infrastructure of the Government entities is one of the preferred targets of the malicious actors, responsibility of implementing good cyber security practices for protecting computers, servers, applications, electronic systems, networks, and data from digital attacks, also remain with the ICT assets’ owner i.e. Government entity.

What are the new Guidelines about?

The Government of India (distribution of business) Rules, 1961’s First Schedule lists a number of Ministries, Departments, Secretariats, and Offices, along with their affiliated and subordinate offices, which are all subject to the rules. They also comprise all governmental organisations, businesses operating in the public sector, and other governmental entities under their administrative control.

“The government has launched a number of steps to guarantee an accessible, trustworthy, and accountable digital environment. With a focus on capabilities, systems, human resources, and awareness, we are extending and speeding our work in the area of cyber security, according to Rajeev Chandrasekhar, Minister of State for Electronics, Information Technology, Skill Development, and Entrepreneurship.

The Recommendations

• Various security domains are covered in the standards, including network security, identity and access management, application security, data security, third-party outsourcing, hardening procedures, security monitoring, incident management, and security audits.
• For instance, the rules advise using only a Standard User (non-administrator) account to use computers and laptops for regular work regarding desktop, laptop, and printer security in the workplace. Users may only be granted administrative access with the CISO’s consent.
• The usage of lengthy passwords containing at least eight characters that combine capital letters, tiny letters, numerals, and special characters; Never save any usernames or passwords in your web browser. Likewise, never save any payment-related data there.
• They include guidelines created by the National Informatics Centre for Chief Information Security Officers (CISOs) and staff members of Central government Ministries/Departments to improve cyber security and cyber hygiene in addition to adhering to industry best practises.

Conclusion

The government has been proactive in the contemporary times to eradicate the menace of cybercrimes and therreats from the Indian cyberspace and hence now we have seen a series of new bills and polices introduced by the Ministry of Electronics and Information Technology, and various other government organisations like Cert-In and TRAI. These policies have been aimed towards being relevant to time and current technologies. The threats from emerging technologies like web 3.0 cannot be ignored and hence with active netizen participation and synergy between government and corporates will lead to a better and improved cyber ecosystem in India.