#FactCheck: Phishing Scam on Jio is offering a ₹700 Holi reward through a promotional link

Executive Summary:

This report discloses a new cyber threat contributing to the list of threats targeting internet users in the name of "Aarong Ramadan Gifts". The fraudsters are imitating the popular Bangladeshi brand Aarong, which is known for its Bengali ethnic wear and handicrafts, and allure the victims with the offer of exclusive gifts for Ramadan. The moment when users click on the link, they are taken through a fictitious path of quizzes, gift boxes, and social proof, that simply could damage their personal information and system devices. Through knowing how this is done we can educate users to take caution and stop themselves from falling into cyber threats.

False Claim:

The false message accompanied by a link on social media, claims that Aarong, one of the most respected brands in Bangladesh for their exquisite ethnic wear and handicrafts, is providing Ramadan gifts exclusively through online promotion. And while that may be the facade of the scam, its real aim is to lead users to click on harmful links that may end up in their personal data and devices being compromised.

‍

The Deceptive Journey:

• The Landing page starts with a salutation and a catchy photo of Aarong store, and later moves ahead encouraging the visitors to take a part of a  short quiz to claim the gift. This is designed for the purpose of creating a false image of authenticity and trustworthiness.
• A certain area at the end of the page looks like a social media comment section, and users are posting the positive impacts the claim has on them. This is one of the techniques to build the image of a solid base of support and many partakers.
• The quiz starts with a few easy questions on how much the user knows about Aarong and their demographics. This data is vital in the development of more complex threats and can be used to address specific targets in the future.
• After the user hits the OK button, the screen displays a matrix of the Gift boxes, and the user then needs to make at least 3 attempts to  attain the reward. This is a commonly used approach which allows the scammer to keep users engaged longer and increases the chances of making them comply with the fraudulent scheme.
• The user is instructed to share the campaign on WhatsApp from this point of the campaign, and the user must keep clicking the WhatsApp button until the progress bar is complete. This is a way to both expand and perpetuate the scam, affecting many more users.
• After completing the steps, the user is shown instructions on how to claim the prize.

The Analysis:

• The home page and quiz are structured to maintain a false impression of genuineness and proficiency, thus allowing the victims to partake in the fraudulent design. The compulsion to forward the message in WhatsApp is the way they inspire more and more users and eventually get into the scam.
• The final purpose of the scam could be to obtain personal data from the user and eventually enter their devices, which could lead to a higher risk of cyber threats, such as identity theft, financial theft, or malware installation.
• We have also cross-checked and as of now there is no well established and credible source or any official notification that has confirmed such an offer advertised by Aarong.
• The campaign is hosted on a third party domain instead of the official Website, this raised suspicion. Also the domain has been registered recently.
• The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

‍

• Domain Name: apronicon.top
• Registry Domain ID: D20231130G10001G_13716168-top
• Registrar WHOIS Server: whois.west263[.]com
• Registrar URL: www.west263[.]com
• Updated Date: 2024-02-28T07:21:18Z
• Creation Date: 2023-11-30T03:27:17Z  (Recently created)
• Registry Expiry Date: 2024-11-30T03:27:17Z
• Registrar: Chengdu west dimension digital
• Registrant State/Province: Hei Long Jiang
• Registrant Country: CN (China)
• Name Server: amos.ns.cloudflare[.]com
• Name Server: zara.ns.cloudflare[.]com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorized access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

Aarong Ramadan Gift scam is a fraudulent act that takes advantage of the victims' loyalty to a reputable brand. The realization of the mechanism used to make the campaign look real, can actually help us become more conscious and take measures to our community not to be inattentive against cyberthreats. Be aware, check the credibility, and spread awareness to others wherever you can, to contribute in building a security conscious digital space.

‍

Introduction

The Kerala High Court banned the use of mobile phones during office hours on the 2nd of December 2024, and issued an Official Memorandum titled, ‘Indulgence In Online Gaming And Watching Social Media Content During Office Hours’. This memorandum, issued by the Registrar General, prohibits mobile phone usage for personal activities such as gaming and social media during working hours. This memorandum aims to curb the productivity woes and reinforce professional discipline and further ensure the smooth functioning of the office operations. 

The memorandum reiterated its earlier notices from 2009 and 2013, where the High Court had emphasised that violations would be taken seriously. This reflects the High Court’s commitment to maintaining efficiency and professionalism in the workplace.  According to the memorandum, controlling officers will monitor the staff for violations and strict actions will be taken if the rules are flouted. 

Background

The circumstances that led to the Kerala HC’s decision are as follows: staff engaged in playing online games, browsing social media, watching videos or movies and even engaging in online shopping or trading during work hours, excluding the allocated lunch recess (as per the memorandum). 

As mentioned earlier, this memorandum is not the first of its kind. There were similar directives that were issued in 2009 and 2013 to target the poor productivity standards, rooted in the staff members' behaviours. The present memorandum is unlike the previously mentioned ones as, it specifically addresses the rise in mobile-based distractions, like online gaming and trading. The present directive does not outline any exceptions to senior officials with designated responsibilities, and emphasises universal adherence for all levels of the workforce. 

According to Cell Phones at Workplace Statistics, around 97% of workers use their smartphones during work hours, mixing personal and job-related activities. And more than 55% of managers say that cell phones are a major reason for lower productivity among employees.

Therefore, it can be safely concluded that even though smartphones have become indispensable tools for communication, their misuse has wider implications for overall organisational productivity. 

CyberPeace Outlook

The Kerala High Court's decision to restrict personal mobile phone usage during work hours underscores the importance of fostering a disciplined and focused workplace environment. While smartphones are vital for communication, their misuse poses significant productivity challenges. Some proactive steps that employers can take are implementing clear policies, conducting regular training sessions and promoting a culture of accountability. Balancing digital freedom and professional responsibility is the key to ensuring that technological tools serve as enablers of efficiency rather than distractions in the workplace.

References

• https://www.thehindu.com/sci-tech/technology/kerala-high-court-issues-memo-banning-staff-from-gaming-and-social-media-during-work-hours/article68963949.ece
• https://timesofindia.indiatimes.com/technology/tech-news/kerala-high-court-bans-mobile-gaming-and-social-media-for-staff-during-work-hours/articleshow/116101149.cms 
• https://images.assettype.com/barandbench/2024-12-05/1hiq8ffv/Kerala_High_Court_OM.pdf 
• https://www.coolest-gadgets.com/cell-phones-at-workplace-statistics/

Introduction

In the age of social media, the news can spread like wildfire. A recent viral claim contained that police have started a nationwide scheme of free travel service for women at night. It stated that any woman who is alone and cannot find a vehicle to go home between 10 PM and 06 AM can contact the provided numbers and request a free vehicle. The viral message further contained the request to share and forward this information to everyone to get the women to know about the free vehicle service offered by police at night. However, upon fact check the claim was found to be misleading.

Social Impact of Misleading Information

The fact that such misleading information gets viral at a fast speed is because of its ability to impact and influence people through emotional resonance. Especially during a time when women's safety is a topic discussed in media sensationalism due to recently highlighted rape or sexual violence incidents, such fake viral claims often spark widespread public concern, causing emotional resonance to people and they unknowingly share or forward such messages in the spike of emotional and sensational appeal contained in such messages. The emotional nature of these viral texts often overrides scepticism, leading to immediate sharing without verification. 

Such nature of viral messages often tends to bring people to protest, raise awareness and create support networks, but in spite of emotional resonance people get targeted by misinformation and become the unintended superspreaders of fake news fueled by emotional and social media-driven reactions. Women’s safety in society is a sensitive topic and when people discover such viral claims to be misleading and fake, it often hurts the sentiments of society leading to significant social impacts, including distrust in social media, unnecessary panic and confusion.

CyberPeace Policy Vertical Advisory for Social Media Users

1. Think before Sharing: All netizens must practice caution while sharing anything and double-check its authenticity before sharing/forwarding or reposting it on your social media stories.
2. Don't be unintended superspreaders of Misinformation: Misinformation with emotional resonance and widespread sharing by netizens can lead to them becoming "superspreaders of misinformation" and making it viral quickly. Hence you must avoid such unintended consequences by following the best practices of being vigilant and informed by reliable sources. 
3. Exercise vigilance and scepticism: It is important that netizens exercise vigilance and they build cognitive abilities to recognise the red flags of misleading information. You can do so by following the official communication channels, looking for any discrepancy in the content of susceptible information and double-checking its authenticity before sharing it with anyone. 
4. Verify the information from official sources: Follow the official communication channels of concerned authorities for any kind of information, circulars, notifications etc. In case of finding any piece of information to be susceptible or misleading, intimate it to the relevant authority and the fact-checking organizations. 
5. Stay in touch with expert organizations: Cybersecurity experts and civil society organisations possess the unique blend of large-scale impact potential and technical expertise. Netizens can stay updated about recent developments in the tech-policy sphere and learn about internet best practices, and measures to counter misinformation through methods such as prebunking, debunking and more. 

Connect with CyberPeace

As an expert organisation, we have the ability to educate and empower huge numbers, along with the skills and policy acumen needed to be able to not just make people aware of the problem but also teach them how to solve it for themselves. At CyberPeace we regularly produce fact-check reports, blogs & advisories, and insights on prebunking & debunking measures and capacity-building programs with the aim of empowering netizens at the heart of our initiatives. CyberPeace has established the largest network of CyberPeace Corps volunteers globally. These volunteers play a crucial role in assisting victims, raising awareness, and promoting proactive measures. 

References: 

1. indiatvnews.com/fact-check/fact-check-are-police-providing-free-travel-services-to-women-at-night-know-truth-of-viral-claim-2024-08-28-949280#:~:text=What%20came%20out%20in%20fact,be%20cautious%20of%20these%20claims

‍