No Gaming or Social Media during Work Hours Kerala HC to ban employees from using their phones for non-official purposes during working hours

Introduction

Cybercrime is one of the most pressing concerns in today’s era. As the digital world is evolving rapidly, so do the threats and challenges to curb these cybercrimes. The complexities associated with the evolving cybercrimes make it difficult to detect and investigate by the law enforcement across the world. India is one of those countries that is actively engaged in creating awareness about the cybercrimes and security concerns across the State. At the national level, initiatives like National Cybercrime Reporting Portal, CERT-In and I4C have been established to assist the law enforcement in dealing with cybercrimes in India. According to the press release by the Ministry of Home Affairs, 12,5153 cases of Financial Cyber Frauds were reported in the year 2023, which is the second highest in State-wise Reporting after UP. Maharashtra has been highlighted as one of the States with the highest cybercrime cases for the past few years. 

In response to curbing the increasing number of cases, the state of Maharashtra has launched the initiative ‘the Maharashtra Cyber Security Project’. The purpose of this project is to strengthen the system’s defense mechanism by establishing cybersecurity infrastructure, exploiting technological advancements and enhancing the skills of law enforcement agencies. 

Maharashtra Cyber Department and the Cyber Security Project

The Maharashtra Cyber Department, also referred as MahaCyber was established in the year 2016 and employs a multi-faceted approach to address cyberthreats. The objective is to provide a user-friendly space to report Cybercrimes, safeguarding Critical Information Infrastructure from cyber threats, empowering the investigation law agencies ultimately improving its efficiency and creating awareness among common people.  

The Maharashtra Cyber Security Project aims to strengthen the department, bringing all the aspects of the cyber security system under one facility. The key components of the Maharashtra Cyber Security Project are as follows: 

• Command & Control Centre:

The Command & Control Centre will function as a 24/ complaint registration hub and grievance handling mechanism which can be accessed by calling the helpline number, mobile app or on the online portal. The Centre continuously monitors cyber threats, reduce the impact of cyber attacks and ensures that issues are resolved as soon as possible. 

• Technology Assisted Investigation (TAI):

Complaints that are registered are analysed and investigated by experts using cutting edge technologies such as Computer Forensic or Mobile Forensic, Voice Analysis System, Image Enhancement Tool, Deepfake Detection Solution to name a few which helps the Maharashtra Cyber Department to collect evidence, identify weak spots and mitigate the cyber threats effectively.   

• Computer Emergency Response Team – Maharashtra (CERT-MH):

The CRET-MH works on curbing cybercrimes which are especially targeted to affect the Critical Infrastructure like banks, railway services, electricity of the State and threats related to national security using technologies such as Deep web and Dark web analysis, Darknet & Threat Intelligence Feeds, Vulnerability Management, Cyber Threat Intelligence Platform, Malware Analysis and Network Capture Analysis and coordinates with other agencies. 

• Security Operations Centre (SOC):

The SOC looks after the security of the MahaCyber from any cyber threats. It 24/7 monitors the infrastructure for any signs of breach or threats and thus aids in early detection and prevention of any further harm. 

• Centre of Excellence (COE):

The Centre of Excellence focuses on training the police officials to equip them with desired tools and technologies to deal with cyber threats. The Centre also works on creating awareness about various cyber threats among the citizens of the state. 

• Nodal Cyber Police Station:

The Nodal Cyber Police Station works as a focal point for all cybercrime related law enforcement activities. It is responsible for coordinating the investigation procedure and prevention of cybercrimes within the state. Such Cyber Police Stations have been established in each district of Maharashtra. 

Funds of Funds to scale up Startups

The government of Maharashtra through the Fund of Funds for Startups scheme has invested in more than 300 startups that align with the objective of cyber security and digital safety. The government is promoting ideas and cyber defence innovation which will help to push the boundaries of traditional cybersecurity tools and improve the State’s ability to tackle cybercrimes.  Such partnerships can be a cost-effective solution that proactively promotes a culture of cybersecurity across industries. 

Dynamic Cyber Platform

The government of Maharashtra has been working on creating a dynamic cyber platform that would assist them in tackling cybercrimes and save hundreds of crores of rupees in a short span of time. The platform will act as a link between various stakeholders such as banks, Non-Banking Financial Companies (NBFCs) and social media providers to provide a technology-driven solution to the evolving cybercrimes. As a part of this process, the government has invited tenders and has called top IT companies from the world to participate and aid them in setting up this dynamic cyber platform. 

Why Does The Initiative By Maharashtra’s Government Act As A Model For Other States

The components of the Maharashtra Cyber Security Project and the dynamic cyber platform create a comprehensive system which aims at tackling the increasing complexities of cyber threats. The initiative with integration on cutting edge technologies, specialised institutions, expert professionals from various industries and real-time monitoring of cybercrimes sets an example that Maharashtra is well-equipped to prevent, detect and respond to cybercrimes being reported in the State. The project collaborates between government and law enforcement agencies, providing them proper training and addressing grievances of the public. By working on four key areas, i.e. centralised platform for reporting, collaboration between government and private sectors, public awareness and use of advanced technologies, the Cyber Security System in Maharashtra serves as a model for creating secure digital space and tackling cybercrime effectively on a large scale.  

Other States in India could certainly adopt similar models and achieve success in curbing cybercrimes. They need to create a dedicated response team consisting of trained personnel, invest in advanced software as used by Maharashtra, foster partnerships with companies or startups involved in AI and technology to build resilient cybersecurity infrastructures. The government of Maharashtra can extend hands to assist other states to establish a model that addresses the evolving cybercrimes efficiently.  

References

• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2003158 
• https://mhcyber.gov.in/about-us 
• https://www.youtube.com/watch?v=jjPw-8afTTw 
• https://www.ltts.com/press-release/maharashtra-inaugurates-india-first-integrated-cyber-command-control-center-ltts 
• https://theprint.in/india/maharashtra-tackling-evolving-cyber-crimes-through-dynamic-platform-cm/2486772/ ‍
• https://www.freepressjournal.in/mumbai/maharashtra-dynamic-cyber-security-platform-in-the-offing-says-fadnavis

Executive Summary

A misleading  advertisement circulating in social media providing attractive offers like iPhone15, AirPods and Smartwatches from the Indian e-commerce platform ‘Myntra’. This “Myntra - Festival Gifts” scam aims to attract the unsuspecting users into a series of redirects and fake interactions to compromise their personal information and devices. It is important to stay vigilant to protect ourselves from misleading attractive offers. Through this report, the Research Wing of CyberPeace explains about a series of processes that happens when the link gets clicked. Through this knowledge, we aim to provide awareness and empower the users to guard themselves and not fall into deceptive offers that aim to scam them.   

False Claim

The widely shared WhatsApp message claims that Myntra  is offering a wide range of high-valued prizes including the latest iPhone 15, AirPods, various smartwatches among all as a Festival Gift promotion. The campaign invites the users to click on the link provided and take a short quiz to be eligible for the prize.

‍

The Deceptive Scheme

• The link in the social media post is tailored to work only on mobile devices, users are taken through a chain of redirects.
• Users are greeted with the Myntra's "Big Fashion Festival" branding accompanied by Myntra’s logo once they reach the landing page, which gives an impression of authenticity.
• Next, a simple quiz asks basic questions about the user's shopping experience with Myntra, their age, and gender.
• On the bottom of the quiz, there is a comment section that shows the comments from users who are supposedly provided with the prizes to look real,  
• After the completion of the quiz, users are presented with a Spin-to-Win mechanism, to win the prize. 
• After winning, a congratulatory message is displayed which says that the user has won an iPhone 15.
• The final step requires the user to share the campaign over WhatsApp in order to claim the prize.

 Analyzing the Fraudulent Campaign 

• The use of Myntra's branding and the promise of exclusive, high-value prizes are designed to attract  users' interest.
• The fake comments and social proof elements aim to create a false sense of legitimacy and widespread participation, making the offer seem more credible.
• The series of redirects, quizzes, and Spin-to-Win mechanics are tactics to keep users engaged and increase the likelihood of them falling for the scam.
• The final step of sharing the post on WhatsApp is a way for the scammers to further spread the campaign and compromise more victims. Through sharing the link over WhatsApp, users become unaware accomplices that are simply assisting the scammers to reach an even bigger audience and hence their popularity.

• The primary objectives of such scams are to gather users' personal information and potentially gain access to their devices. By luring users with the promise of exclusive gifts and creating a false sense of legitimacy, the scammers aim to exploit user trust and compromise their data, leading to potential identity theft, financial fraud, or the installation of potentially unwanted softwares.
• We have also cross-checked and as of now there is no well established and credible source or any official notification that has confirmed such an offer advertised by Myntra.
• Domain Analysis: If we closely look at the viral message, it is clearly visible that the scammers mentioned myntra.com in the url. However, the actual url takes the user to a different domain as the campaign is hosted on a third party domain instead of the official Website of Myntra, this raised suspicion. This is the common way to deceive users into falling for a Phishing scam. Whois information reveals that the domain has been registered not long ago i.e on 8th April 2024, just a few days back. Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.

• Domain Name: MYTNRA.CYOU
• Registry Domain ID: D445770144-CNIC
• Registrar WHOIS Server: whois.hkdns.hk
• Registrar URL: http://www.hkdns.hk
• Updated Date: 2024-04-08T03:27:58.0Z
• Creation Date: 2024-04-08T02:58:14.0Z
• Registry Expiry Date: 2025-04-08T23:59:59.0Z
• Registrar: West263 International Limited
• Registrant State/Province: Delhi
• Registrant Country: IN
• Name Server: NORMAN.NS.CLOUDFLARE.COM
• Name Server: PAM.NS.CLOUDFLARE.COM

‍CyberPeace Advisory and Best Practices‍

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorized access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

The “Myntra - Festival Gift” scam is a kind of manipulation in which the fraudsters exploit the trust of the users and take advantage of a popular e-commerce website. It is equally crucial to equip the users by imparting them knowledge on fraudulent behavior tactics like impersonating brands, creating fake social proof and application of different engagement strategies. We are required to remain alert and stand firm against cyber attacks. Be careful, make sure that information is verified and share awareness to help make a safe online environment for all users.

‍

Smart Wearable devices are designed to track several activities in defined parameters and are increasingly becoming a part of everyday life. According to Markets and Markets Report, the global wearable tech market is projected to reach a staggering USD 256.4 billion by 2026. One of the main areas of use of wearable devices is health, including biomedical research, health care, personal health practices and tracking, technology development, and engineering. These wearable devices often include digital health technologies such as consumer smartwatches that monitor an individual's heart rate and step count, and other body-worn sensors like those that continuously monitor blood glucose concentration. 

Wearable devices used by the general population are getting increasingly popular. Health devices like fitness trackers and smartwatches enable continuous monitoring of personal health. Privacy is an emerging concern due to the real-time collection of sensitive data. Vulnerabilities due to unauthorised access or discrimination in case of information being revealed without consent are the primary concerns with these devices. While these concerns are present a lot of related misinformation is emerging due to the same. 

While wearable devices typically come with terms of use that outline how data is collected and used, and there are regulations in place such as EU Law GDPR, such regulations largely govern the regulatory compliances on the handling of personal data, however, the implementation and compliances by the manufacturer is a one another aspect which might present the question on privacy protection. In addition, beyond the challenge of regulatory compliance, the rise of myths and misinformation surrounding wearable tech presents a separate issue. 

Common Misconceptions About Privacy with Wearable Tech

• With the rapid development and growth of wearable technology their use has been subject to countless rumours which fuel misinformation narratives in the minds of general public. Addressing these misconceptions and privacy concerns requires targeted strategies.
• A prevalent misconception is that they are constantly spying on users. While wearable devices collect users’ data in real time, their vulnerability to unauthorised access is similar to that of a non-wearable device.  The issue is of consent when it comes to wearable technology because it gives the ability to record.  If permissions are not asked when a person is being recorded then the data is accessible to external entities.
• There is a common myth that wearable tech is surveillance tool. This is entirely a conjecture. These devices collect the user data with their prior consent and have been created to provide them with real-time information, most commonly physical health information. Since users choose the information shared, the idea of wearable tech serving as a surveillance tool is unfounded.
• Another misconception about wearable tech is that it can diagnose medical conditions. These devices collect real-time health data, such as heart rate or activity levels, they are not designed for medical diagnosis. The data collected may not always be accurate or reliable for clinical use to be interpreted by a healthcare professional. This is mainly because the makers of these devices are not held to the safety and liability standards that medical providers are.
• A prevalent misconception is that wearable tech can cure health issues, which is simply untrue. Wearable tech devices are essentially tracking the health parameters that a user sets. It in no way is a cure for any health issue that one suffers from. A user can manage their health based on the parameters they set on the device such as the number of steps that they walk, check on the heart rate and other metrics for their mental satisfaction but they are not a cure to treat diseases. Wearable tech acts as alerts, notifying users of important health metrics and encouraging proactive health management.

Addressing Privacy and Health Concerns in Wearable Tech

Wearable technology raises concerns for privacy and health due to the colossal amount of personal data collected. To address these, strong data protection measures are essential, ensuring that sensitive health information is securely stored and shared only with consent. Providing users with control over their data is one of the ways to build user trust. It includes enabling them to opt in, access, or delete the data in question. Regulators should establish clear guidelines, ensuring wearables ensure the compliances with data protection regulations like HIPPA, GDPR or DPDP Act, whichever is applicable as per the jurisdiction. Furthermore, global standards for data encryption, device security, and user privacy should be implemented to mitigate risks. Transparency in data usage and consistent updates to software security are also crucial for protecting users' privacy and health while promoting the responsible use of wearable tech.

CyberPeace Insights

• Making informed decisions about wearable tech starts with thorough research. Start by reading reviews and comparing products to assess their features, compatibility, and security standards. 
• Investigate the manufacturer’s reputation for data protection and device longevity. Understanding device capabilities is crucial. One should evaluate whether the wearable meets their needs, such as fitness tracking, health monitoring, or communication features. Consider software security and updates, and data accuracy when comparing options.  Opt for devices that offer two-factor authentication for an additional layer of security.
• Check the permissions requested by the accompanying app; only grant access to data that is necessary for the device's functionality. Always read the terms of use to understand your rights and responsibilities regarding the use of the device. Review and customize data-sharing settings for better control to prevent unauthorised access.
• Staying updated on the tech is equally important. A user should follow the advancements in wearable technology be it regular security updates, or regulatory changes that may affect privacy and usability. This ensures getting tech that aligns with user lifestyle while meeting privacy and security expectations.

Conclusion

Privacy and Misinformation are key concerns that emerge due to the use of wearable tech designed to offer benefits such as health monitoring, fitness tracking, and personal convenience. It requires a combination of informed decision-making by users and stringent regulatory oversight to overcome the issues that emerge due to misinformation about these devices. Users must ensure they understand the capabilities and limitations of their devices, from data accuracy to privacy risks. Additionally, manufacturers and regulators need to prioritise transparency, data protection, and compliance with global standards like GDPR or DPDP to build trust. As wearable tech continues to evolve, a balanced approach to innovation and privacy will be essential in fostering its responsible and beneficial use for all.

References

1. https://thehealthcaretechnologyreport.com/privacy-data-security-concerns-rise-as-healthcare-wearables-gain-popularity/ 
2. https://journals.plos.org/digitalhealth/article?id=10.1371/journal.pdig.0000104
3. https://www.marketsandmarkets.com/Market-Reports/wearable-electronics-market-983.html?gclid=Cj0KCQjwgMqSBhDCARIsAIIVN1V0sqrk6SpYSga3rcDtWcwh8npZ08L0_s4X91gh7yPAa6QmsctB-lMaAlpqEALw_wcB 
4. https://www.cambridge.org/core/journals/legal-information-management/article/health-data-on-the-go-navigating-privacy-concerns-with-wearable-technologies/05DAF11EFA807051362BB39260C4814C

‍