Light Up Diwali with Cyber Safety: Don’t Fall for Phishing Scams

Introduction

India & Bangladesh have adopted proactive approaches, focusing on advancing cyber capacity building in the region. Bangladeshi and Indian cybersecurity experts have emphasised the importance of continuous technology training to protect the digital space from growing cyber-attacks and threats. They call for greater collaboration to share knowledge and expertise in cyber resilience, network vulnerability, and cyber risk assessment. The Cyber-Maitree 2023 event held in Dhaka aimed to enrich and build capacity to counter cyber-attacks and threats. The senior director of India's Computer Emergency Response Team acknowledged the growing dependence on cyberspace and the need for increased preparedness as critical infrastructures, energy systems, banks, and utilities are connected to the internet. Recently, Bangladesh Cyber ​​Security Summit 2024, organised by Grameenphone, was held in Dhaka on March 5th, 2024. Such collaborative dialogues between the countries serve as a shining example of cooperation between the governments of Bangladesh and India, serving as a platform for knowledge sharing, capacity building, and international cooperation in cyber security.

Cyber Maitree held in 2023

In 2023, India and Bangladesh held  'Cyber Maitree 2023', an initiative hosted by the ICT Division of the Bangladeshi Government, to address cybersecurity challenges in a rapidly globalising world characterised by digitisation. The event, which translates to "Cyber Friendship," was an interface for cybersecurity experts and aspirants from both nations, creating an avenue for extensive training, practical exercises, and a dynamic exchange of information. We need to emphasise the importance of bolstering digital safety as both nations grapple with the rapid digitisation of the world.

India-Bangladesh joint efforts aim to fortify cyber resilience, pinpoint potential network vulnerabilities, bolster rigorous risk assessments, and illuminate the landscape of cyber threats. It encompasses various sectors, including cybersecurity, artificial intelligence, ICT, and IT-driven human resource expansion. The growing camaraderie between India and Bangladesh has been evident through strategic engagements, such as the India-Bangladesh Startup Bridge and the establishment of 12 High Tech Parks in Bangladesh.

Highlights of the India-Bangladesh MoUs for Cyber Security Cooperation

In 2017, India and Bangladesh signed a Memorandum of Understanding (MoU) focused on cyber security cooperation. 

In 2022, Both nations crafted a Memorandum of Understanding (MoU), highlighting collaboration in spheres such as e-governance, e-public service delivery, research, and development. A separate agreement was also inked focusing on mutual information sharing pertaining to cyber-attacks and incidents. The first MoU aims to provide a framework for training Bangladesh Railway employees at Indian Railways' training institutes, including field visits. The Indian Railways will coordinate with officials from the Ministry of Railways, Government of Bangladesh to improve training facilities in Bangladesh. The second MoU focuses on collaboration in IT systems, for the Bangladesh Railway. The Ministry of Railway, Government of India, will offer IT solutions for passenger ticketing, freight operations, train inquiry systems, asset management digitisation, HR and finance infrastructure. The MoUs aim to strengthen the friendship bond between India and Bangladesh and promote friendly cooperation in the railway sector.

Way Ahead

Zunaid Ahmed Palak, State Minister for Posts, Telecom and ICT, Bangladesh, has announced that Bangladesh and India will collaborate to ensure the safety of the cyber world. The two countries are expected to sign a final agreement within the next three to six months. He stressed the importance of attracting investments in the postal, telecommunication, and IT sectors. He also highlighted the strong ties between Bangladesh and India. He also announced that 12 high-tech parks will be constructed in Bangladesh with an Indian Line of Credit, starting operation by 2025. He further referred to the Indian Cyber Emergency Response Team (CERT), and said "We are very much enthusiastic in fighting against the cyber attacks and crimes as the team is now working with us". 

Bangladesh Cyber ​​Security Summit 2024

The Bangladesh Cyber Security Summit 2024, organised by Grameenphone, was held in Dhaka on 5th March 2024, focusing on cybersecurity issues and opportunities, fostering collaboration between government, private organisations, industry experts, and sponsors investing in Bangladesh's digital future.

Conclusion 

India and Bangladesh share a common vision for a secure digital future, focusing on cybersecurity collaboration to safeguard shared aspirations and empower nations to thrive in the digital age. We must emphasise the need to fortify digital defenses, leveraging expertise, innovation, and collaboration to secure interconnected futures. Collaborative relations in Information and Communication Technology and Cyber Security will strengthen digital defense and establish cyber resilience. 

References:

• https://caribbeannewsglobal.com/bangladesh-and-india-call-for-more-cyber-security-training/?amp=1
• https://www.indianewsnetwork.com/en/20231005/bangladesh-and-india-strengthen-ties-through-cyber-maitree-2023
• https://www.bssnews.net/news-flash/150763
• https://digibanglatech.news/english/bangladesh-english/125439/
• https://www.mea.gov.in/Portal/LegalTreatiesDoc/BG17B3024.pdf
• https://digibanglatech.news/english/bangladesh-english/125439/
• https://www.tbsnews.net/tech/ict/bangladesh-india-work-together-cyber-security-palak-712182

‍

Overview of the India-UK Joint Tech Security Initiative

India and the UK have been deepening their technological and security ties through various initiatives and agreements. One of the key developments in this partnership is the India-UK Joint Tech Security Initiative, which focuses on enhancing collaboration in areas like cybersecurity, artificial intelligence (AI),telecommunications, and critical technologies. Building upon the bilateral cooperation agenda set out in the India-UK Roadmap 2030, which seeks to bolster cooperation across various sectors, including trade, climate change, antidefense, the UK and India launched the Joint Tech Security Initiative (TSI) on July 24, 2024. This initiative will priorities collaboration in critical and emerging technologies across priority sectors. Coordinating with the national security agencies of both countries, the TSI will set priority areas and identify interdependencies for cooperation on critical and emerging technologies. This, in turn, will help build meaningful technology value chain partnerships between India & the UK.

The TSI will be coordinated by the National Security Advisors (NSAs) of both countries through existing and new dialogues. The NSAswill set priority areas and identify interdependencies for cooperation on critical and emerging tech, helping build meaningful technology value chain partnerships between the two countries. Progress made on the initiative will be reviewed on a half-yearly basis at the Deputy NSA level. A bilateral mechanism will be established led by India's Ministry of External Affairs and the UK government for promotion of trade in critical and emerging technologies, including resolution of relevant licensing or regulatory issues. Both countries view this TSI as a platform and a strong signal of intent to build and grow sustainable and tangible partnerships across priority tech sectors. They will explore how to build a deeper strategic partnership between UK and Indian research and technology centres and Incubators, enhance cooperation across UK and India tech and innovation ecosystems, and create a channel for industry and academia to help shape the TSI.

The UK and India are launching new bilateral initiatives to expand and deepen their technology security partnership. These initiatives will focus on various domains, including telecoms, critical minerals, semiconductors, and energy security.

In telecoms, the UK and India will build a new Future Telecoms Partnership, focusing on joint research on future telecoms, open RAN systems, testbed linkups, telecoms security, spectrum innovation, software and systems architecture. This will include collaboration between UK's SONIC Labs, India's Centre for Development of Telematics (C-DOT), and Dot's Telecoms Startup Mission.

In critical minerals, the UK and India will expand their collaboration on critical minerals, working together to improve supply chain resilience, explore possible research and development and technology partnerships along the complete critical minerals value chain, and share best practices on ESG standards. They will establish a roadmap for cooperation and establish a UK-India ‘critical minerals’ community of academics, innovators, and industry.

Key Areas of Collaboration:

• Strengthening cybersecurity defense and enhancing resilience through joint cybersecurity exercises and information-sharing and developing common standards and best practices while collaborating with their respective organisations, ie, CERT-In and NCSC.
• Promotion of ethical AI development and deployment with AI ethics guidelines and frameworks, and efforts encouraging academic collaborations. Support for new partnerships between UK and Indian research organizations alongside existing joint programmes using AI to tackle global challenges.
• Building secure and resilient telecom infrastructure with a focus on security and exchange of expertise and regulatory cooperation. Collaboration on Open Radio Access Networks tech to name as an example.
• Critical and emerging technologies development by advancing research and innovation in the quantum, semiconductors and biotechnology niches. Promoting and investing in tech startups and innovation ecosystems. Engaging in policy dialogues on tech governance and standards.
• Digital economy and trade facilitation to promote economic growth by enhancing frameworks and agreements for it. Collaborating on digital payment systems and fintech solutions and most importantly promoting data protection and privacy standards.

Outlook and Impact on the Industry

The initiative sets out a new approach for how the UK and India work together on the defining technologies of this decade. These include areas such as telecoms, critical minerals, AI, quantum, health/biotechnology, advanced materials and semiconductors. While the initiative looks promising, several challenges need to be addressed such as the need to put robust regulatory frameworks in place, and develop a balanced approach for data privacy and information exchange in the cross-border data flows. It is imperative to install mechanisms that ensure that intellectual property is protected while the facilitation of technology transfer is not hampered. Above all, geopolitical risks need to be navigated in a manner that the tensions are reduced and a stable partnership grows. The Initiative builds on a series of partnerships between India and the UK, as well as between industry and academia.  Abilateral mechanism, led by India’s Ministry of External Affairs and the UK government, will promote trade in critical and emerging technologies, including the resolution of relevant licensing or regulatory issues.

Conclusion

This initiative, at its core, will drive forward a bilateral partnership that is framed on boosting economic growth and deepening cooperation across key issues including trade, technology, education, culture and climate.  By combining their strengths, the UK and India are poised to create a robust framework for technological innovation and security that could serve as a model for international cooperation in tech.

References

• https://www.hindustantimes.com/india-news/india-uk-launch-joint-tech-security-initiative-101721876539784.html
• https://www.gov.uk/government/publications/uk-india-technology-security-initiative-factsheet/uk-india-technology-security-initiative-factsheet
• https://www.business-standard.com/economy/news/india-uk-unveil-futuristic-technology-security-initiative-to-seal-fta-soon-124072500014_1.htm
• https://bharatshakti.in/india-uk-technology-security-initiative/

Executive Summary:

‍The internet has become a hub for fraudsters, and a new fraudulent scheme has been circulating, stating a free 84-day recharge of ₹719 given by the Honourable Prime Minister Narendra Modi  in celebration of the BJP Government formation in 2024. This is yet another scam that uses tricks to lure the users, for instance by fake questionnaires, fake promises and the use of the Honourable Prime Minister Narendra Modi’s image to give a fake impression of legitimacy. The following blog post analyzes the scam and offers recommendations on how to recognize similar frauds and avoid them.

False Claim:

A viral link trending on various social media platforms states that Narendra Modi, the Honourable Prime Minister of India, is giving a free 84-day free recharge worth ₹719 to all users in India and this is an Election Bonus  in celebration of the BJP government formation in 2024.  The claim insists the users are required to click on the link (https://offerraj.in/Congress2024-Recharge/id=9jMiaeN1) and complete a questionnaire to get the offer.

‍

The Deceptive Scheme:

1. Mobile-Only Access:  The malicious link (https://offerraj.in/Congress2024-Recharge/id=9jMiaeN1) is designed to open only on mobile devices; this makes it easier for more people to be affected. 
2. Multiple Redirects: After clicking the link, the users are led through a sequence of other links in order to conceal the actual source of the deception, and probably a try of making it difficult to track the notorious activity.
3. Fake Comments & Images: First, the landing page contains a banner with the photo of India’s Honourable Prime-Minister Narendra Modi which gives the site’s visitors the impression of the official source. Also, fake comments can be made for the same reason, stating that the author has received a free recharge and supporting the so-called initiative.
4. Fake Prize Notifications: For instance, after responding to the questions in the questionnaire, users may be presented with messages such as ‘Congratulations, you have won a free recharge’; this further creates an impression of a genuine offer.
5. Social Sharing Requirement: To collect the so-called ‘prize’, the users are requested to share the link in the WhatsApp or other social networks, thus contributing to the spread of the scam.

‍

Analyzing the Fraudulent Campaign:

1. No Official Announcement: The internet and other social platforms are the only places where such an offer has been mentioned, and there is no official announcement from the Government or any other authorized body.
2. Multiple Redirects: After clicking the link, users are taken through multiple redirects to obfuscating the source of the deception and to trace the malicious activity. 
3. Suspicious Domain and Hosting: The campaign is hosted on a third-party domain (offerraj.in) instead of any official government website, raising suspicion about its authenticity.
4. Personal Data Collection: The questionnaire prompts users to provide personal information, which legitimate Government initiatives would not typically request through unofficial channels.
5. Insecure HTTP Link: The link provided is an insecure HTTP link, whereas legitimate government websites employ secure HTTPS encryption.

‍

Domain Analysis:

The actual url is hosted on a third party domain instead of the official website of the BJP or any Government website. This is the common way to deceive users into falling for a Phishing scam. Whois information reveals that the domain has been registered recently i.e on 28-03-2023 and the domain is registered with godaddy.com and state is from Rajasthan, India. Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.

‍

• Domain Name: offerraj.in
• Registry Domain ID: D9483D0EB38264263958C9609D2DCEA70-IN
• Registrar WHOIS Server:
• Registrar URL: www.godaddy.com
• Updated Date: 2024-05-03T07:30:03Z
• Creation Date: 2023-03-28T04:33:12Z
• Registry Expiry Date: 2026-03-28T04:33:12Z
• Registrar: GoDaddy.com, LLC
• Registrar IANA ID: 146
• Registrant State/Province: Rajasthan
• Registrant Country: IN
• Name Server: johnathan.ns.cloudflare.com
• Name Server: braelyn.ns.cloudflare.com

‍

Similar offer surfing with different links: Several similar kind of offers through various links such as https://offerintro.com/BJP2024-Recharge/id=QYntPBDU,  https://mahaloot2.xyz, https://mahaloot3.xyz, https://pmoffer4.online,  are available in the social media. All these links are analysed and validated to be malicious or phishing links. 

CyberPeace Advisory and Best Practices:

‍

1. Stay Informed: Be aware of potential scams and rely on official government channels for verified information.
2. Verify Website Security: Do not click on links that have the ‘http’ at the beginning and focus on sites that have encryption (‘https’).
3. Protect Personal Information: Be careful when there is any request to send some type of personal information, especially if it is done through informal companies.
4. Report Suspicious Activity: When you notice that you have been scammed or a certain activity is fraudulent, ensure to report the incidents to the necessary authorities and the platforms to prevent others from being scammed.

‍

Conclusion: 

The claim of 84 day free recharge worth ₹719 to all users in India as an “Election Bonus”  is false and similar kinds of various links are consistently surfing through the internet. The deceptive practices employed in these kinds of links are insecure and it has multiple redirects to false promises which highlights the need for heightened awareness and caution among internet users.  In this digital world, it is important to stay informed, verify the authenticity of resources to protect personal information. Individuals can safeguard themselves against such fraudulent schemes and contribute to a safer online environment.

‍