#FactCheck - "Viral Video Falsely Claimed as Evidence of Attacks in Bangladesh is False & Misleading”

Executive Summary:

The internet is a nest of scams and there's much need to be careful with predatory ideas that prey on the naïve people. Within the recent days, a malicious campaign has emerged falsely alleging 28 day free recharge by courtesy of the Prime Minister Narendra Modi. This blog seeks to analyze the tactics used by this scam in luring the victims and give an overview on how one can identify and keep away from such fraudulent activities.

Claim:

In view of the increasing support for the BJP 2024 election, a rumor has allegedly claimed that the Prime Minister Narendra Modi offering a free recharge with a validity period of up-to twenty eight days at cost of ₹239  to all Indian users. The message encourages the users to click on a given link in order to redeem the free recharge, pointing out that this offer is valid until January 26th of 2024.

The Deceptive Journey:

• Insecure Links:The research begins with a suspicious link (http://offerintro[.]com/BJP2024), without any credibility that honest sites use to protect the user information. We should keep in mind that the links which aren’t secure may easily lead to phishing and other  cyber threats.
• Multiple Redirects:When users click the link, they are immediately directed through a series of links. This common tactic used by scammers is designed to hide the true origin of their fraudulent scheme, making it difficult for users' efforts to identify the malicious activity.
• False Promises and Fake Comments:The landing page has a banner of the Prime Minister Narendra Modi that makes it look like this is an official channel and hence authentic. Further, false comments can be also included to compliment the alleged initiative. But remember that genuine government announcements are made through legal channels, not by the shady websites.
• Mobile Number Request:As the next step, the users enter their mobile numbers in the specified field. True initiatives never really need the personal information to pass through unofficial lines. This is actually a trick that scammers use to acquire the important information.
• Share to Activate:Once a user has entered the mobile number, he/she is prompted to share the link with others in order to “activate” promised free recharge. This method is most often used by scammers for spreading their fraudulent message beyond the targeted victim.
• Fake Progress Display:When the users have done their part by sharing the link, a false recharge in progress  bar is shown to make them believe that it has started. But the consumers are unwittingly playing a part in the fraud.
• Recharge Completion Pop-up:The last stage of fraud includes a pop-up saying that the recharge is done; leaving users with the false belief that they have benefited from a legitimate government initiative.

What we Analyze :

• It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by the Prime Minister or from their government. So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information.
• The campaign is hosted on a third party domain instead of any official Government Website, this raised suspicion. Also the domain has been registered in very recent times.

‍

‍

• Domain Name: offerintro[.]com
• Registry Domain ID: 2791466714_DOMAIN_COM-VRSN
• Registrar WHOIS Server: whois.godaddy[.]com
• Registrar URL: https://www.godaddy[.]com
• ‍Registrar: GoDaddy[.]com, LLC
• Registrar IANA ID: 146
• Updated Date: 2023-06-18T20:37:20Z
• Creation Date: 2023-06-18T20:37:20Z
• Registrar Registration Expiration Date: 2024-06-18T20:37:20Z
• Name Server: ANAHI.NS.CLOUDFLARE.COM
• Name Server: GARRETT.NS.CLOUDFLARE.COM

CyberPeace Advisory:

• Stay Informed: Beware of the scams and keep yourself updated through authentic government platforms.
• Verify Website Security: Do not get engaged with any insecure HTTP links but focus on URLs that have secure encryption (HTTPS).
• Protect Personal Information: However, be cautious when sharing personal information – especially in a non-official channel.
• Report Suspicious Activity: If you discover any scams or fraudulent activities, report it and the relevant sites to help avoid others from being defrauded of their hard earned money.

Conclusion:

Summing up, Prime Minister Narendra Modi Free Recharge fraud is an excellent illustration that there is always some danger within cyberspace. The way of the method, from insecure links and also multiple redirects to false promises and really data collection make it clear that internet users should be more careful. The importance of staying up-to-date with what is happening in this new digital world, verifying credibility and also privacy are paramount. By being cautiously aware, the people can keep themselves safe from such fraudulent acts and also play a role in ensuring security even for an online world. Remember that an offer which is in a perfect world should be illegal. Therefore, after doing a thorough research we found this campaign to be fake.

‍

Introduction

The Indian Computer Emergency Response Team, CERT-In, is the national statutory agency that responds to Cybersecurity Incidents under the Ministry of Electronics and Information Technology (MeitY) of the Government of India. CERT-In and Information Sharing and Analysis Center (ISAC) have joined hands to develop a focused pool of Cybersecurity Leaders through the National Cyber Security Scholar Program (NCSSP). This National Cyber Security Scholar Program is to create a pool of credible and ethical cybersecurity leaders in the country who prioritise national cyber security in their professional endeavours. This program allows both organisations to jointly issue joint certifications for Cohort 6 of the National Cyber Security Scholar Program (NCSSP). This certification is provided to cybersecurity professionals who complete one of the world’s leading cybersecurity management programs.

About the Program

The National Cybersecurity Scholar (NCSS) is a comprehensive 18-week, 160-hour Instructor-led program for emerging cybersecurity leaders. The ISAC will conduct the program with CERT-IN and KDEM as knowledge partners. This Cyber Security Scholar program aims to provide an extraordinary opportunity, for scholars, to gain hands-on experience in real-world scenarios through activities such as war games. It will allow scholars to acquaint themselves with roles such as that of stakeholders,  including attackers, Security Operations Centre (SOC) teams, Forensicators, Chief Information Security Officers (CISOs), and CEOs, and engage in tabletop exercises that simulate a cyber crisis. This program would allow scholars to understand how responses to cyber crises impact the financial performance of an organisation, including, stock prices and sales.  It offers a treasure trove of insights into the economic impact of cybersecurity decisions and the importance of proactive risk management. 

The program invites applications from various scholars including Mid to senior-level leaders, diplomats and diplomatic corps officers, mid to senior-level government officials involved in homeland and cybersecurity operations, experienced executives from Managed Security Services Providers (MSSPs), faculty members who specialise in new and emerging technologies, cybersecurity professionals in CII sectors and post-doctoral or research scholars in cybersecurity. 

CyberPeace Outlook

The National Cyber Security Scholar Program subsumes several key dimensions working towards building a resilient cybersecurity ecosystem for India.

1. The program focuses on skill development and enhancing scholars’ knowledge in domains of network security, ethical hacking, cyber forensics, incident response, malware analysis, and threat intelligence. 
2. The partnership between CERT-In and ISAC, government and Industry entities, ensures that scholars are exposed to different policy-level frameworks and technical expertise, offering a unique blend of perspectives that cater to the country's national security goals and industry best practices.
3. The scholar program encourages the development of new methodologies, tools, and frameworks that could be instrumental in tackling future cyber challenges and advancing India's position as a global leader in cybersecurity research and development. Research and innovation in cybersecurity are critical to the program.
4. It plays a significant role in providing opportunities for career development by further providing networking platforms with professionals, researchers, and thought leaders in the cybersecurity field, giving them exposure to internships, job placements, and further academic pursuits.

This program aims to support upskilling India’s broader cyber defence strategy through the creation of highly skilled professionals. The scholars are expected to contribute actively to national cybersecurity efforts, whether through roles in government, private sector, or academia, helping to create a more secure and resilient cyberspace. The National Cyber Security Scholar Program is a major advancement in strengthening cybersecurity resilience in India. In a digital world where cyber threats crossing boundaries, such programs are essential for maintaining our national security and economic stability.

References

• https://theprint.in/ani-press-releases/cert-in-and-isac-collaborate-to-develop-focussed-pool-of-cybersecurity-leaders-through-the-national-cyber-security-scholar-program-ncssp/2318021/ 
• https://isacfoundation.org/national-cyber-security-scholar/
• https://cyberversefoundation.org/national-cyber-security-scholar/ 

‍

Introduction

Meta is the leader in social media platforms and has been successful in having a widespread network of users and services across global cyberspace. The corporate house has been responsible for revolutionizing messaging and connectivity since 2004. The platform has brought people closer together in terms of connectivity, however, being one of the most popular platforms is an issue as well. Popular platforms are mostly used by cyber criminals to gain unauthorised data or create chatrooms to maintain anonymity and prevent tracking. These bad actors often operate under fake names or accounts so that they are not caught. The platforms like Facebook and Instagram have been often in the headlines as portals where cybercriminals were operating and committing crimes.

To keep the data of the netizen safe and secure Paytm under first of its kind service is offering customers protection against cyber fraud through an insurance policy available for fraudulent mobile transactions up to Rs 10,000 for a premium of Rs 30. The cover ‘Paytm Payment Protect’ is provided through a group insurance policy issued by HDFC Ergo. The company said that the plan is being offered to increase the trust in digital payments, which will push up adoption.

Meta’s Cybersecurity

Meta has one of the best cyber security in the world but that diest mean that it cannot be breached. The social media giant is the most vulnerable platform in cases of data breaches as various third parties are also involved. As seen the in the case of Cambridge Analytica, a huge chunk of user data was available to influence the users in terms of elections. Meta needs to be ahead of the curve to have a safe and secure platform, for this Meta has deployed various AI and ML driven crawlers and software which work o keeping the platform safe for its users and simultaneously figure out which accounts may be used by bad actors and further removes the criminal accounts. The same is also supported by the keen participation of the user in terms of the reporting mechanism. Meta-Cyber provides visibility of all OT activities, observes continuously the PLC and SCADA for changes and configuration, and checks the authorization and its levels. Meta is also running various penetration and bug bounty programs to reduce vulnerabilities in their systems and applications, these testers are paid heavily depending upon the scope of the vulnerability they found.

‍CyberRoot Risk Investigation

Social media giant Meta has taken down over 40 accounts operated by an Indian firm CyberRoot Risk Analysis, allegedly involved in hack-for-hire services along with this Meta has taken down 900 fraudulently run accounts, these accounts are said to be operated from China by an unknown entity. CyberRoot Risk Analysis was responsible for sharing malware over the platform and used it to impersonate themselves just as their targets, i.e lawyers, doctors, entrepreneurs, and industries like – cosmetic surgery, real estate, investment firms, pharmaceutical, private equity firms, and environmental and anti-corruption activists. They would get in touch with such personalities and then share malware hidden in files which would often lead to data breaches subsequently leading to different types of cybercrimes.

Meta and its team is working tirelessly to eradicate the influence of such bad actors from their platforms, use of AI and Ml based tools have increased exponentially.

‍Paytm CyberFraud Cover

Paytm is offering customers protection against cyber fraud through an insurance policy available for fraudulent mobile transactions up to Rs 10,000 for a premium of Rs 30. The cover ‘Paytm Payment Protect’ is provided through a group insurance policy issued by HDFC Ergo. The company said that the plan is being offered to increase the trust in digital payments, which will push up adoption. The insurance cover protects transactions made through UPI across all apps and wallets. The insurance coverage has been obtained by One97 Communications, which operates under the Paytm brand.

The exponential increase in the use of digital payments during the pandemic has made more people susceptible to cyber fraud. While UPI has all the digital safeguards in place, most UPI-related frauds are undertaken by confidence tricksters who get their victims to authorise a transaction by passing collect requests as payments. There are also many fraudsters collecting payments by pretending to be merchants. These types of frauds have resulted in a loss of more than Rs 63 crores in the previous financial year. The issue of data insurance is new to India but is indeed the need of the hour, majority of netizens are unaware of the value of their data and hence remain ignorant towards data protection, such steps will result in safer data management and protection mechanisms, thus safeguarding the Indian cyberspace.

Conclusion

cyberspace is at a critical juncture in terms of data protection and privacy, with new legislation coming out on the same we can expect new and stronger policies to prevent cybercrimes and cyber-attacks. The efforts by tech giants like Meta need to gain more speed in terms of the efficiency of cyber safety of the platform and the user to make sure that the future of the platforms remains secured strongly. The concept of data insurance needs to be shared with netizens to increase awareness about the subject. The initiative by Paytm will be a monumental initiative as this will encourage more platforms and banks to commit towards coverage for cyber crimes. With the increasing cases of cybercrimes, such financial coverage has come as a light of hope and security for the netizens.