#FactCheck - Viral Image of Bridge claims to be of Mumbai, but in reality it's located in Qingdao, China

Introduction

AI-generated fake videos are proliferating on the Internet indeed becoming more common by the day. There is a use of sophisticated AI algorithms that help manipulate or generate multimedia content such as videos, audio, and images. As a result, it has become increasingly difficult to differentiate between genuine, altered, or fake content, and these AI-manipulated videos look realistic. A recent study has shown that 98% of deepfake-generated videos have adult content featuring young girls, women, and children, with India ranking 6th among the nations that suffer from misuse of deepfake technology. This practice has dangerous consequences and could harm an individual's reputation, and criminals could use this technology to create a false narrative about a candidate or a political party during elections.

The working of deepfake videos is based on algorithms that refine the fake content, and the generators are built and trained in such a way as to get the desired output. The process is repeated several times, allowing the generator to improve the content until it seems realistic, making it more flawless. Deepfake videos are created by specific approaches some of them are: -

• Lip syncing: This is the most common technique used in deepfake. Here, the voice recordings of the video, make it appear as to what was originally said by the person appearing in the video.
• Audio deepfake:  For Audio-generated deepfake, a generative adversarial network (GAN) is used to colon a person’s voice, based on the vocal patterns and refine it till the desired output is generated.

• Deepfake has become so serious that the technology could be used by bad actors or by cyber-terrorist squads to set their Geo-political agendas.  Looking at the present situation in the past few the number of cases has just doubled, targeting children, women and popular faces. 

• Greater Risk: in the last few years the cases of deep fake have risen. by the end of the year 2022, the number of cases has risen to 96% against women and children according to a survey.
• Every 60 seconds, a deepfake pornographic video is created, now quicker and more affordable than ever, it takes less than 25 minutes and costs using just one clean face image.  
• The connection to deepfakes is that people can become targets of "revenge porn" without the publisher having sexually explicit photographs or films of the victim. They may be made using any number of random pictures or images collected from the internet to obtain the same result. This means that almost everyone who has taken a selfie or shared a photograph of oneself online faces the possibility of a deepfake being constructed in their image.

Deepfake-related security concerns

As deepfakes proliferate, more people are realising that they can be used not only to create non-consensual porn but also as part of disinformation and fake news campaigns with the potential to sway elections and rekindle frozen or low-intensity conflicts.

Deepfakes have three security implications: at the international level, strategic deepfakes have the potential to destroy precarious peace; at the national level, deepfakes may be used to unduly influence elections, and the political process, or discredit opposition, which is a national security concern, and at the personal level, the scope for using Women suffer disproportionately from exposure to sexually explicit content as compared to males, and they are more frequently threatened. 

Policy Consideration

Looking at the present situation where the cases of deepfake are on the rise against women and children, the policymakers need to be aware that deepfakes are utilized for a variety of valid objectives, including artistic and satirical works, which policymakers should be aware of. Therefore, simply banning deepfakes is not a way consistent with fundamental liberties. One conceivable legislative option is to require a content warning or disclaimer. Deepfake is an advanced technology and misuse of deepfake technology is a crime.

What are the existing rules to combat deepfakes?

It's worth noting that both the IT Act of 2000 and the IT Rules of 2021 require social media intermediaries to remove deep-fake videos or images as soon as feasible. Failure to follow these guidelines can result in up to three years in jail and a Rs 1 lakh fine. Rule 3(1)(b)(vii) requires social media intermediaries to guarantee that its users do not host content that impersonates another person, and Rule 3(2)(b) requires such content to be withdrawn within 24 hours of receiving a complaint. Furthermore, the government has stipulated that any post must be removed within 36 hours of being published online. Recently government has also issued an advisory to social media intermediaries to identify misinformation and deepfakes.

Conclusion

It is important to foster ethical and responsible consumption of technology. This can only be achieved by creating standards for both the creators and users, educating individuals about content limits, and providing information. Internet-based platforms should also devise techniques to deter the uploading of inappropriate information. We can reduce the negative and misleading impacts of deepfakes by collaborating and ensuring technology can be used in a better manner.  

References

• https://timesofindia.indiatimes.com/life-style/parenting/moments/how-social-media-scandals-like-deepfake-impact-minors-and-students-mental-health/articleshow/105168380.cms?from=mdr
• https://www.aa.com.tr/en/science-technology/deepfake-technology-putting-children-at-risk-say-experts/2980880
• https://wiisglobal.org/deepfakes-as-a-security-issue-why-gender-matters/

Introduction

Over the past few months, cybercriminals have upped the ante with highly complex methods targeting innocent users. One such scam is a new one that exploits WhatsApp users in India and globally. A seemingly harmless picture message is the entry point to stealing money and data. Downloading seemingly harmless images via WhatsApp can unknowingly install malware on your smartphone. This malicious software can compromise your banking applications, steal passwords, and expose your personal identity. With such malware-laced instant messages now making headlines, it is advised for netizens to exercise extreme caution while handling media received on messaging platforms.

How Does the WhatsApp Photo Scam Work?

Cybercriminals began embedding malicious code in images being shared on WhatsApp. Here is how the attack typically works:

1.  The user receives a WhatsApp message from an unknown number with an image.
2. The image may appear harmless—a greeting, meme, or holiday card—but it's packed with hidden malware.
3. When the user taps to download the image, the malware gets installed on the phone in silent mode.
4. Once installed, the malware is able to capture keystrokes, read messages, swipe banking applications, swipe credentials, and even hijack device functionality.
5. Allegedly, in its advanced versions, it can exploit two-factor authentication (2FA) and make unauthorised transactions.

Who Is Being Targeted?

This scam targets both Android and iPhone users, with a focus on vulnerable groups like senior citizens, busy workers during peak seasons, and members of WhatsApp groups flooded with forwarded messages. Experts warn that a single careless click is enough to compromise an entire device.

What Can the Malware Do?

Upon installation, the malware grants hackers a terrifying level of access:

• Track user activity via keylogging or screen capture.
• Pilfer banking credentials and initiate fund transfers automatically.
• Obtain SMS or app-based 2FA codes, evading security layers.
• Clone identity information, such as Aadhaar details, digital wallets, and email access.
• Control device operations, including the camera and microphone.

This level of intrusion can result in not just financial loss but long-term digital impersonation or blackmail.

Safety Measures for WhatsApp Users

1. Never Download Media from Suspicious Numbers

Do not download any files or pictures, even if the content appears to be familiar, unless you have faith in the source. Spread this advice among family members, particularly the older generation.

2. Turn off Auto-Download in WhatsApp Settings

Navigate to Settings > Storage and Data > Media Auto-Download. Switch off auto-download for mobile data, Wi-Fi, and roaming.

3. Install and Update Mobile Security Apps

Ensure your phone is equipped with a good antivirus or mobile security app that is updated from time to time.

4. Block and Report Potential Scammers

WhatsApp offers the ability to block and report senders in a straightforward manner. This ensures that it notifies the platform and others as well.

5. Educate Your Community

Share your knowledge on cyber hygiene with family, friends, and colleagues. Many people fall victim simply because they aren't aware of the risks, staying informed and spreading the word can make a big difference.

Advisories and Response

The Indian Cybercrime Coordination Centre (I4C) and other state cyber cells have released several alerts on increasing fraud via messaging platforms. Law enforcement agencies are appealing to the public not only to be vigilant but also to report any incident at once through the National Cybercrime Reporting Portal (cybercrime.gov.in).

Conclusion

The WhatsApp photo scam is a stark reminder that not all dangers come with a warning. A picture can now be a Trojan horse, propagating silently from device to device and draining personal money. Do not engage with unwanted media, refresh and update your privacy and security settings. Cyber criminals survive on neglect and ignorance, but through digital hygiene and vigilance, we can fight against these types of emerging threats.

References

• https://www.opswat.com/blog/how-emerging-image-based-malware-attacks-threaten-enterprise-defenses
• https://www.indiatvnews.com/technology/news/whatsapp-photo-scam-alert-downloading-random-images-could-cost-you-big-2025-05-06-988855
• https://www.hindustantimes.com/india-news/what-is-the-whatsapp-image-scam-and-how-can-you-stay-safe-from-it-101744353412848.html
• https://faq.whatsapp.com/898107234497196/?helpref=uf_share
• https://www.welivesecurity.com/en/malware/malware-hiding-in-pictures-more-likely-than-you-think/
• https://faq.whatsapp.com/573786218075805
• https://www.reversinglabs.com/blog/malware-in-images

‍

Introduction

Taj Hotels Group is well known for its luxurious ambience and old-world grace and charm, blended with contemporary comforts and amenities for its guests or customers. But what can make all the netizens perplexed is the recent data breach incident which took place in Tata-owned Taj hotels. The hotel suffer from a data breach that compromises nearly 1.5 million customers' data which includes addresses, membership IDs, mobile numbers and other personally identifiable information, according to sources. This news was brought to light which raised concerns about the privacy and data protection of personal data of individuals. We are living in a space influenced by advanced technology and digital communication which throws a concern or challenge to secure the personal information of individuals. 

Unveiling the incident 

Tata-owned Taj Hotels group has suffered a data breach that compromise information of over 1.5 million customers, according to a news report. A bad actor or entity going by the name “Dnacookies” claimed data set contains data from the 2014-2020 period and has not been disclosed anywhere till now. Such personal data includes name, address, customer ID, mobile number and other personally identifiable information. This shows the risks or challenges of data protection and security. The incidents raise an alarm about the risks and vulnerabilities that might be faced even by the big corporate giants. The bad actor with the handle “Dnacookies” also demanded a ransom of a sum of about Rs 4.16 lakh from the Taj hotel group. In response to the incident, a spokesperson from the concerned hotel group said that we have been made aware of someone claiming possession of a limited data customer data set, which is non-sensitive in nature. Investigation is underway and relevant authorities have been notified about the incident.

‍A demand for ransom

The report from CNBC-TV18 clears that the bad actor not only purloined the data but also demanded around 4.16 lakh as a ransom for the database.  Along with this, the bad actor kept three conditions ahead. Firstly there has to be a middleman for a negotiable deal secondly the data cannot be split either the entire data has to be taken with the ransom demand or no data at all. Thirdly additional samples of data will not be provided. Further, the spokesperson of Indian Hotel Company Limited mentioned that they have been escalated with the fact that someone is claiming authority in a limited data set. The bad actor claimed that the database contains information from 2014- 2020 which has been kept confidential till now. The audacity of the bad actor went to such an extent that the sample containing one thousand rows of unique entries from the bad actor dataset was also provided by the bad actor as proof of the deed. This incident underlines the growing threat in cyberspace and the urgency for individuals, organizations or entities to priorities data security measures and maintain cyber resilience.

Personal Data on Stake

Such data is the personal information of the individuals and also constitutes the personal tastes and preferences of individuals which can be exploited. The biggest gush of winds the hotel and individuals face by such a data breach is not only the volume of data compromised but also the potential ways it can get misused and exploited against the hotel or its customers by cyber crooks. This paves the way for cybercriminals to put forward any demand knowing the sensitivity of the data. Followed by creating a dilemmatic situation for the affected entities to either accept the ransom demands or to stand against ransom. Since the risks are high, going ahead with any of these situations can have an adverse impact on the security of personal data. The organisation or entities holding the personal data need to make sure that data under their realm is well protected and secured.

While the organisation has to sail through the aftermath of this breach, such incidents also pose a challenge for the organisation to maintain the trust and reputation of the organization since these incidents question the cyber security posture of the organisation. It is suggested to be transparent with its stakeholders, and open about the vulnerabilities and steps taken against this. They should also discuss the amplified step added for safeguarding their customer's personal data. Since Taj is well known for its out-of-the-box luxury and for providing comfort to its customers it should take a step ahead to reinforce its digital infrastructure to ensure the security of data.

Digital Personal Data Protection Act, 2023

The newly enacted Digital Personal Data Act, 2023 put certain obligations on data fiduciaries to take reasonable measures to maintain the security of personal data. The Act also requires to inform about the data breach to the data protection board constituted under the Act. The Act aims to protect the individual's digital personal data. The Act casts certain obligations on data principals and data fiduciaries. The Act provides penalty upto 250 crores in case of a data breach. The Act aims to provide consent-based data collection techniques. The Act also establishes the Data Protection Board to ensure compliance with the provisions of the Act and address grievances. 

Conclusion

Data breach in such a big giant in the market serves as an alarming concern to be more cautious and proactively take precautionary measures to protect the security of data and compliance with data protection laws and regulations. We are living in an era where digital security is as important as the basic fundamental rights of an individual. Taj Hotels Group has actively taken steps to handle the aftermath of the data breach by informing the incident to law enforcement agencies and taking necessary steps.  It is also on our part to be more aware, and vigilant about our personal data. Entities need to ensure compliance and measures to protect personal data and overall ensure a true cyber-safe & digital environment.

References

https://www.moneycontrol.com/news/technology/taj-hotels-suffers-data-breach-exposes-information-of-1-5-million-customers-11801161.html

‍