#FactCheck: Fake viral AI video captures a real-time bridge failure incident in Bihar

Executive Summary:

The rise in cybercrime targeting vulnerable individuals, particularly students and their families, has reached alarming levels. Impersonation scams, where fraudsters pose as Law Enforcement Officers, have become increasingly sophisticated, exploiting fear, urgency, and social stigma. This report delves into recent incidents of ransom scams involving fake CBI officers, highlighting the execution methods, psychological impact on victims, and preventive measures. The goal is to raise public awareness and equip individuals with the knowledge needed to protect themselves from such fraudulent activities.

Introduction:

Cybercriminals are evolving their tactics, with impersonation and social engineering at the forefront. Scams involving fake law enforcement officers have become rampant, preying on the fear of legal repercussions and the desire to protect loved ones. This report examines incidents where scammers impersonated CBI officers to extort money from families of students, emphasizing the urgent need for awareness, verification, and preventive measures.

Case Study:

This case study explains how the scammers impersonate themselves for the money targeting students' families. 

Targets receive calls from scammers posing as CBI officers. Mostly the families of students are targeted by the fraudsters using sophisticated impersonation and emotional manipulation tactics. In our case study, the targets received calls  from  unknown international numbers, falsely claiming that the students, along with their friends, were involved in a fabricated rape case. The parents get calls during school or college hours, a time when it is particularly difficult and chaotic for parents to reach their children, adding to the panic and sense of urgency. The scammers manipulate the parents by stating that, due to the students' clean records, they are not officially arrested but would face severe legal consequences unless a sum of money is paid immediately. 

Although in these specific cases, the parents did not pay the money, many parents in our country fall victim to such scams, paying large sums out of fear and desperation to protect their children’s futures. The fear of legal repercussions, social stigma, and the potential damage to the students' reputations, the scammers used high-pressure tactics to force compliance. 

These incidents may  result in significant financial losses, emotional trauma, and a profound loss of trust in communication channels and authorities. This underscores the urgent need for awareness, verification of authority, and prompt reporting of such scams to prevent further victimisation

Modus Operandi:

• Caller ID Spoofing: The scammer used a unknown  number and spoofing techniques to mimic a legitimate law enforcement authority.
• Fear Induction: The fraudster played on the family's fear of social stigma, manipulating them into compliance through emotional blackmail.

Analysis:

Our research found that the unknown international numbers used in these scams are not real but are puppet numbers often used for prank calls and fraudulent activities. This incident also raises concerns about data breaches, as the scammers accurately recited students' details, including names and their parents' information, adding a layer of credibility and increasing the pressure on the victims. These incidents result in significant financial losses, emotional trauma, and a profound loss of trust in communication channels and authorities.

Impact on Victims:

• Financial and Psychological Losses: The family may face substantial financial losses, coupled with emotional and psychological distress.
• Loss of Trust in Authorities: Such scams undermine trust in official communication and law enforcement channels.
• Exploitation of Fear and Urgency: Scammers prey on emotions such as fear, urgency, and social stigma to manipulate victims.
• Sophisticated Impersonation Techniques: Using caller ID spoofing, Virtual/Temporary numbers and impersonation of Law Enforcement Officers adds credibility to the scam.
• Lack of Verification: Victims often do not verify the caller's identity, leading to successful scams.
• Significant Psychological Impact: Beyond financial losses, these scams cause lasting emotional trauma and distrust in institutions.

Recommendations:

• Cross-Verification: Always cross-verify with official sources before acting on such claims. Always contact official numbers listed on trusted Government websites to verify any claims made by callers posing as law enforcement.
• Promote Awareness: Educational institutions should conduct regular awareness programs to help students and families recognize and respond to scams.
• Encourage Prompt Reporting: Reporting such incidents to authorities can help track scammers and prevent future cases. Encourage victims to report incidents promptly to local authorities and cybercrime units.
• Enhance Public Awareness: Continuous public awareness campaigns are essential to educate people about the risks and signs of impersonation scams.
• Educational Outreach: Schools and colleges should include Cybersecurity awareness as part of their curriculum, focusing on identifying and responding to scams.
• Parental Guidance and Support: Parents should be encouraged to discuss online safety and scam tactics with their children regularly, fostering a vigilant mindset.

Conclusion:

The rise of impersonation scams targeting students and their families is a growing concern that demands immediate attention. By raising awareness, encouraging verification of claims, and promoting proactive reporting, we can protect vulnerable individuals from falling victim to these manipulative and harmful tactics. It is high time for the  authorities, educational institutions, and the public to collaborate in combating these scams and safeguarding our communities. Strengthening data protection measures and enhancing public education on the importance of verifying claims can significantly reduce the impact of these fraudulent schemes and prevent further victimisation.

‍

Introduction 

Governments worldwide are enacting cybersecurity laws to enhance resilience and secure cyberspace against growing threats like data breaches, cyber espionage,  and state-sponsored attacks in the digital landscape. As a response, the EU Council has been working on adopting new laws and regulations under its EU Cybersecurity Package- a framework to enhance cybersecurity capacities across the EU to protect critical infrastructure, businesses, and citizens. Recently, the Cyber Solidarity Act was adopted by the Council, which aims to improve coordination among EU member states for increased cyber resilience. Since regulations in the EU play a significant role in shaping the global regulatory environment, it is important to keep an eye on such developments.

Overview of the Cyber Solidarity Act 

The Act sets up a European Cyber Security Alert System consisting of Cross-Border Cyber Hubs across Europe to collect intelligence and act on cyber threats by leveraging emerging technology such as Artificial Intelligence (AI) and advanced data analytics to share warnings on cyber threats with other cyber data centres across the national borders of the EU. This is expected to assist authorities in responding to cyber threats and incidents more quickly and effectively. 

Further, it provides for the creation of a new Cybersecurity Emergency Mechanism to enhance incident response systems in the EU.  This will include testing the vulnerabilities in critical sectors like transport, energy, healthcare, finance, etc., and creating a reserve of private parties to provide mutual technical assistance for incident response requests from EU member-states or associated third countries of the Digital Europe Programme in case of a large-scale incident.  

Finally, it also provides for the establishment of a European Cybersecurity Incident Review Mechanism to monitor the impact of the measures under this law. 

Key Themes

1. Greater Integration: The success of this Act depends on the quality of cooperation and interoperability between various governmental stakeholders across defence, diplomacy, etc. with regard to data formats, taxonomy, data handling and data analytics tools. For example, Cross-Border Cyber Hubs are mandated to take the interoperability guidelines set by the European Union Agency for Cybersecurity (ENISA) as a starting point for information-sharing principles with each other.  
2. Public-Private Collaboration: The Act provides a framework to govern relationships between stakeholders such as the public sector, the private sector, academia, civil society and the media, identifying that public-private collaboration is crucial for strengthing EUs cyber resilience. In this regard, National Cyber Hubs are proposed to carry out the strengthening of information sharing between public and private entities.  
3. Centralized Regulation: The Act aims to strengthen all of the EU's cyber solidarity by outlining dedicated infrastructure for improved coordination and intelligence-sharing regarding cyber events among member states. Equal matching contribution for procuring the tools, infrastructure and services is to be made by each selected member state and the European Cybersecurity Competence Centre, a body tasked with funding cybersecurity projects in the EU. 
4. Setting a Global Standard: The underlying rationale behind strengthening cybersecurity in the EU is not just to protect EU citizens from cyber-threats to their fundamental rights but also to drive norms for world-class standards for cybersecurity for essential and critical services, an initiative several countries rely on.

Conclusion

In the current digital landscape, governments, businesses, critical sectors and people are increasingly interconnected through information and network connection systems and are using emerging technologies like AI, exposing them to multidimensional vulnerabilities in cyberspace. The EU in this regard continues to be a leader in setting standards for the safety of participants in the digital arena through regulations regarding cybersecurity. The Cyber Solidarity Act’s design including cross-border cooperation, public-private collaboration, and proactive incident-monitoring and response sets a precedent for a unified approach to cybersecurity. As the EU’s Cybersecurity Package continues to evolve, it will play a crucial role in ensuring a secure and resilient digital future for all. 

Sources

• https://www.consilium.europa.eu/en/press/press-releases/2024/12/02/cybersecurity-package-council-adopts-new-laws-to-strengthen-cybersecurity-capacities-in-the-eu/ 
• https://data.consilium.europa.eu/doc/document/PE-94-2024-INIT/en/pdf 
• https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-strategy 
• https://www.weforum.org/stories/2024/10/cybersecurity-regulation-changes-nis2-eu-2024/

On 22nd October 2024, Jyotiraditya Scindia, Union Minister for Communications, launched the (DoT) Department of Telecoms’ International Incoming Spoofed Calls Prevention System. This was introduced in light of efforts toward preventing international fraudulent calls that enable cyber crimes. A recent report as per PIB claims for the system to have been effective and played a role in a 90% reduction in the number of spoofed international calls, its instances falling from 1.35 Crore to 6 Lakhs within two months of the launch of the system.

International spoof calls are calls that masquerade as numbers originating from within the country when displayed on the target's mobile screen. This is done by manipulating the calling line identity or the CLI, commonly known as the phone number. Previous cases reported mention that such spoof calls have been used for conducting financial scams, impersonating government officials to carry out digital arrests, and inducing panic. Instances of threats of disconnecting numbers by TRAI officials, and narcotics officials on finding drugs or even contraband through couriers are also rampant. 

International Incoming Spoofed Calls Prevention System 

As was addressed in the Budget in 2024, the system was previously called the Centralised International Out Roamer (CIOR), and the DoT was allocated Rs.38.76 crore for the same. The Digital Intelligence Unit (DIU) under the DoT is another project that aims to investigate and research fraudulent use of telecom resources, including messages, scams, and spam - the budget for which has been increased from 50 to 85 crores.

The International Incoming Spoofed Calls Prevention System was implemented in two phases, the first one was at the level of the telephone companies (telcos). Telcos can verify their subscribers and Indian SIMs based on the Indian Telecom Service Providers (TSPs) international long-distance (ILD) network. When a user with an Indian number travels abroad, the roaming feature gets activated, and all calls hit the ILD network of the TSP. This allows the TSP to verify whether the numbers starting with +91 are genuinely making calls from abroad or from India. However, a TSP can only verify numbers that are issued with their TSP ILD network and not those of other TSPs. This issue was addressed in the second phase, as the DIU of DoT and the TSPs built an integrated system so that a centralised database could be used to check for genuine subscribers. 

CyberPeace Outlook

A press release on 23rd December 2024 encouraged the TSPs to label incoming International calls as International calls on the mobile screen of the receiver. Some of them have already started adding labels and are sending awareness messages informing their subscribers of tips on staying safe from scams. Apart from these, there are also applications available online that help in identifying callers and their location, however, these are at the behest of the users' efforts and have moderate trust value. At the level of the public, the practice of blocking unknown international numbers and not calling back, along with awareness regarding country codes is encouraged. Coordinated and updated efforts on the part of the Government and the TSPs are much appreciated in today's time as scammers continue to find new ways to commit cyber crimes using telecommunication resources.

References

1. https://www.hindustantimes.com/india-news/jyotiraditya-scindia-launches-dot-system-to-block-spam-international-calls-101729615441509.html
2. https://www.business-standard.com/india-news/centre-launches-system-to-block-international-spoofed-calls-curb-fraud-124102300449_1.html
3. https://www.opindia.com/2024/12/number-of-spoofed-international-calls-used-in-cyber-crimes-goes-down-by-90-in-2-months/
4. https://www.cnbctv18.com/technology/telecom/telecom-department-anti-spoofed-international-calls-19529459.htm
5. https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2067113
6. https://pib.gov.in/PressReleasePage.aspx?PRID=2087644
7. https://www.hindustantimes.com/india-news/display-international-call-for-calls-from-abroad-to-curb-scams-dot-to-telecos-101735050551449.html 

‍