#FactCheck - Viral video attributed to the Australian Prime Minister is AI-generated; claim of cancelling Pakistani visas is false

Executive Summary:

This report deals with a recent cyberthreat that took the form of a fake message carrying a title of India Post which is one of the country’s top postal services. The scam alerts recipients to the failure of a delivery due to incomplete address information and requests that they click on a link (http://iydc[.]in/u/5c0c5939f) to confirm their address. Privacy of the victims is compromised as they are led through a deceitful process, thereby putting their data at risk and compromising their security. It is highly recommended that users exercise caution and should not click on suspicious hyperlinks or messages.

False Claim:

The fraudsters send an SMS stating the status of delivery of an India Mail package which could not be delivered due to incomplete address information. They provide a deadline of 12 hours for recipients to confirm their address by clicking on the given link (http://iydc[.]in/u/5c0c5939f). This misleading message seeks to fool people into disclosing personal information or compromising the security of their device. 

‍

‍

The Deceptive Journey:

• First Contact: The SMS is sent and is claimed to be from India Post, informs users that due to incomplete address information the package could not be delivered.

• Recipients are then expected to take action by clicking on the given link (http://iydc[.]in/u/5c0c5939f) to update the address. The message creates a panic within the recipient as they have only 12 hours to confirm their address on the suspicious link.

• Click the Link: Inquiring or worried recipients click on the link.

• User Data: When the link is clicked, it is suspected to  launch possible remote scripts in the background and collect personal information from users.

• Device Compromise: Occasionally, the website might also try to infect the device with malware or take advantage of security flaws.

The Analysis:

• Phishing Technique: The scam allures its victims with a phishing technique and poses itself as the India Post Team, telling the recipients to click on a suspicious link to confirm the address as the delivery package can’t be delivered due to incomplete address. 
• Fake Website Creation: Victims are redirected to a fraudulent website when they click on the link (http://iydc[.]in/u/5c0c5939f) to update their address.
• Background Scripts: Scripts performing malicious operations such as stealing the visitor information, distributing viruses are suspected to be running in the background. This script can make use of any vulnerability in the device/browser of the user to extract more info or harm the system security.
• Risk of Data Theft: This type of fraud has the potential to steal the data involved because it lures the victims into giving their personal details by creating fake urgency. The threat actors  can use it for various illegal purposes such as financial fraud, identity theft and other criminal purposes in future.
• Domain Analysis: The iydc.in domain was registered on the 5th of April, 2024, just a short time ago. Most of the fraud domains that are put up quickly and utilized in criminal activities are usually registered in a short time.
• Registrar: GoDaddy.com, LLC, a reputable registrar, through which  the domain is registered. 
• DNS: Chase.ns.cloudflare.com and delilah.ns.cloudflare.com are the name servers used by Cloudflare to manage domain name resolution. 
• Registrant: Apart from the fact that it is in Thailand, not much is known about the registrant probably because of using the privacy reduction plugins. 

• Domain Name: iydc.in
• Registry Domain ID: DB3669B210FB24236BF5CF33E4FEA57E9-IN
• Registrar URL: www.godaddy.com
• Registrar: GoDaddy.com, LLC
• Registrar IANA ID: 146
• Updated Date: 2024-04-10T02:37:06Z
• Creation Date: 2024-04-05T02:37:05Z (Registered in very recent time)
• Registry Expiry Date: 2025-04-05T02:37:05Z
• Registrant State/Province: errww
• Registrant Country: TH (Thailand)
• Name Server: delilah.ns.cloudflare.com
• Name Server: chase.ns.cloudflare.com

Note: Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open the messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorized access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never reveal sensitive data such as your login credentials and banking details to entities where you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• Verify the authenticity of alluring offers before taking any action.
  

Conclusion:

The India Post delivery scam is an example of fraudulent activity that uses the name of trusted postal services to trick people. The campaign is initiated by using deceptive texts and fake websites that will trick the recipients into giving out their personal information which can later be used for identity theft, financial losses or device security compromise. Technical analysis shows the sophisticated tactics used by fraudsters through various techniques such as phishing, data harvesting scripts and the creation of fraudulent domains with less registration history etc.  While encountering such messages, it's important to verify their authenticity from official sources and take proactive measures to protect both your personal information and devices from cyber threats. People can reduce the risk of falling for online scams by staying informed and following cybersecurity best practices.

‍

About Global Commission on Internet Governance 

The Global Commission on Internet Governance was established in January 2014 with the goal of formulating and advancing a strategic vision for Internet governance going forward. Independent research on Internet-related issues of international public policy is carried out and supported over the two-year initiative. An official commission report with particular policy recommendations for the future of Internet governance will be made available as a result of this initiative.

There are two goals for the Global Commission on Internet Governance. First, it will encourage a broad and inclusive public discussion on how Internet governance will develop globally. Second, through its comprehensive policy-oriented report and the subsequent marketing of this final report, the Global Commission on Internet Governance will present its findings to key stakeholders at major Internet governance events.‍

‍The Internet: exploring the world wide web and the deep web

The Internet can be thought of as a vast networking infrastructure, or network of networks. By linking millions of computers worldwide, it creates a network that allows any two computers, provided they are both online, to speak with one another.

The Hypertext Transfer Protocol is the only language spoken over the Internet and is used by the Web to transfer data. Email, which depends on File Transfer Protocol, Usenet newsgroups, Simple Mail Transfer Protocol, and instant messaging, is also used on the Internet—not the Web. Thus, even though it's a sizable chunk, the Web is only a part of the Internet [1]. In summary, the deep Web is the portion of the Internet that is not visible to the naked eye. It is stuff from the World Wide Web that isn't available on the main Web. Standard search engines cannot reach it. More than 500 times larger than the visible Web is this enormous subset of the Internet [1-2].

The Global Commission on Internet Governance will concentrate on four principal themes:

• Improving the legitimacy of government, including standards and methods for regulation;

• Promoting economic innovation and expansion, including the development of infrastructure, competition laws, and vital Internet resources; 

• Safeguarding online human rights, including establishing the idea of technological neutrality for rights to privacy, human rights, and freedom of expression;

• Preventing systemic risk includes setting standards for state behaviour, cooperating with law enforcement to combat cybercrime, preventing its spread, fostering confidence, and addressing disarmament-related issues.

Dark Web 

The part of the deep Web that has been purposefully concealed and is unreachable using conventional Web browsers is known as the "dark Web." Dark Web sites are a platform for Internet users who value their anonymity since they shield users from prying eyes and typically utilize encryption to thwart monitoring. The Tor network is a well-known source for content that may be discovered on the dark web. Only a unique Web browser known as the Tor browser is required to access the anonymous Tor network (Tor 2014). It was a technique for anonymous online communication that the US Naval Research Laboratory first introduced as The Onion Routing (Tor) project in 2002. Many of the functionality offered by Tor are also available on I2P, another network. On the other hand, I2P was intended to function as a network inside the Internet, with traffic contained within its boundaries. Better anonymous access to the open Internet is offered by Tor, while a more dependable and stable "network within the network" is provided by I2P [3].

Cybersecurity in the dark web

Cyber crime is not any different than crime in the real world — it is just executed in a new medium: “Virtual criminality’ is basically the same as the terrestrial crime with which we are familiar. To be sure, some of the manifestations are new. But a great deal of crime committed with or against computers differs only in terms of the medium. While the technology of implementation, and particularly its efficiency, may be without precedent, the crime is fundamentally familiar. It is less a question of something completely different than a recognizable crime committed in a completely different way [4].”

Dark web monitoring

The dark Web, in general, and the Tor network, in particular, offer a secure platform for cybercriminals to support a vast amount of illegal activities — from anonymous marketplaces to secure means of communication, to an untraceable and difficult to shut down infrastructure for deploying malware and botnets.

As such, it has become increasingly important for security agencies to track and monitor the activities in the dark Web, focusing today on Tor networks, but possibly extending to other technologies in the near future. Due to its intricate webbing and design, monitoring the dark Web will continue to pose significant challenges. Efforts to address it should be focused on the areas discussed below [5].

Hidden service directory of dark web

A domain database used by both Tor and I2P is based on a distributed system called a "distributed hash table," or DHT. In order for a DHT to function, its nodes must cooperate to store and manage a portion of the database, which takes the shape of a key-value store. Owing to the distributed character of the domain resolution process for hidden services, nodes inside the DHT can be positioned to track requests originating from a certain domain [6].

Conclusion

The deep Web, and especially dark Web networks like Tor (2004), offer bad actors a practical means of transacting in products anonymously and lawfully.

The absence of discernible activity in non-traditional dark web networks is not evidence of their nonexistence. As per the guiding philosophy of the dark web, the actions are actually harder to identify and monitor. Critical mass is one of the market's driving forces. It seems unlikely that operators on the black Web will require a great degree of stealth until the repercussions are severe enough, should they be caught. It is possible that certain websites might go down, have a short trading window, and then reappear, which would make it harder to look into them.

References

1. Ciancaglini, Vincenzo, Marco Balduzzi, Max Goncharov and Robert McArdle. 2013. “Deepweb and Cybercrime: It’s Not All About TOR.” Trend Micro Research Paper. October. 
2. Coughlin, Con. 2014. “How Social Media Is Helping Islamic State to Spread Its Poison.” The Telegraph, November 5. 
3. Dahl, Julia. 2014. “Identity Theft Ensnares Millions while the Law Plays Catch Up.” CBS News, July 14. 
4. Dean, Matt. 2014. “Digital Currencies Fueling Crime on the Dark Side of the Internet.” Fox Business, December 18.
5. Falconer, Joel. 2012. “A Journey into the Dark Corners of the Deep Web.” The Next Web, October 8. 
6. Gehl, Robert W. 2014. “Power/Freedom on the Dark Web: A Digital Ethnography of the Dark Web Social Network.” New Media & Society, October 15. http://nms.sagepub.com/content/early/2014/ 10/16/1461444814554900.full#ref-38.

‍

Introduction

India’s telecom regulator, the Telecom Regulatory Authority of India (TRAI), has directed telcos to block all unverified headers and message templates within 30 and 60 days, respectively, according to a press release. The regulator observed that telemarketers were ‘misusing’ headers and message templates of registered parties and asked telcos to reverify all registered headers & message templates on the DLT (Distributed Ledger Technology) platform. All telecom service providers (TSP) have to comply with these directions, issued under the Telecom Commercial Communication Customer Preference Regulations, 2018, within a month, TRAI said in its release. The directions were issued after TRAI held a meeting with telcos on February 17, 2023, to discuss quality of service (QoS) improvements, review of QoS standards, QoS of 5G services and unsolicited commercial communications”, as per its press release.

Why it matters?

It may be useful as it can ensure that all promotional messages are sent through registered telemarketers using only approved templates. It is no secret that the spam problem has been difficult to rein in, so the measure can restrict its proliferation and filter out telemarketers resorting to misuse.

Details about TRAI’s orders

The release said that telcos have to ensure that temporary headers are deactivated immediately after the time duration for which such headers were created. The telcos also have to ensure that there is no space to insert unwanted content in the template of a message where one can add content to be sent to people. Message recipients should not be confused, so telcos must ensure that they register no lookalike headers in the names of different senders.

Measures to check unregistered telemarketers

The release ordered telcos to bar telemarketers not registered on its DLT platform from accessing message templates and scrubbing them to deliver spam messages to recipients on the telco’s network. The telcos have been directed not to allow promotional messages to be sent by unregistered telemarketers or telemarketers using 10-digit telephone numbers. It added that telcos have to take action against erring telemarketers and share details of these telemarketers with other telcos, which will then be responsible for stopping these entities from sending commercial communications through their networks.

How big is the problem of spam?

A survey conducted by LocalCircles said that two out of every three people (66 per cent) in India get three or more spam calls daily. It added that not one person among thousands of respondents checked the box of ‘no spam’.

The platform said that it was a national survey which gathered over 56,000 responses from Indians located in 342 districts. It also found that 92 % of responders said they continue receiving spam despite opting for DND. The DND list is a feature where mobile subscriber can register their number to avoid getting unsolicited commercial communication (UCC).

Addressing the problem of spam

The regulatory body recently released a consultation paper that proposed the idea of providing the real name identity of callers to people receiving calls. The paper said that it would use a database containing each subscriber’s correct name to implement the caller name presentation (CNAP) service. The regulator wants to use details acquired by telecom service providers via customer acquisition forms (CAF).

TRAI formed a joint committee to look at the issue of phishing and cyber fraud in 2022. It included officials from the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI). The telecom watchdog had laid out a plan to combat SMS and call spam using blockchain technology (DLT). It saw telecom companies and TRAI to build an encrypted and distributed database that will record user consent to be included in SMS or call send-out lists.

According to a press release, the Telecom Regulatory Authority of India (TRAI), the telecom regulator in India, has ordered carriers to block any unverified headers and message templates within 30 and 60 days, respectively.

The regulator saw that telemarketers were “misusing” registered parties’ headers and message templates. Thus, they requested that telecoms validate all of the registered headers and message templates on the DLT (Distributed Ledger Technology) platform.

According to TRAI’s statement, all telecom service providers (TSP) must adhere to these directives within one month under the 2018 Telecom Commercial Communication Consumer Preference Rules. The guidelines were released following a conference with telcos convened by TRAI on February 17, 2023, to discuss quality of service (QoS) enhancements, a review of QoS standards, the QoS of 5G services, and unsolicited commercial communications.

Why it matters?

Requiring that only registered telemarketers send promotional communications using approved templates may prove to be a beneficial safeguard. It is no secret that the spam problem has been challenging to control, so the measure can limit its spread and screen out telemarketers that employ abusive tactics.

Information on the TRAI order

According to the press release, telecoms must ensure that temporary headers are deactivated as soon as the time period they were established has passed. The telecoms must also ensure that there is no room in the message template where one can add content to be sent to recipients for unwanted content. There should be no room for uncertainty among message recipients. Thus, telecoms must ensure that no similar-looking headers are registered under the identities of various senders.

Taking action against unregistered telemarketers In accordance with the directive, telcos must prevent telemarketers who are not registered on their DLT platform from obtaining message templates and using them to send spam to subscribers on their network. Telemarketers who are not registered or who use 10-digit phone numbers cannot send promotional messages, according to instructions given to telecoms. Telcos must take action against misbehaving telemarketers, it was noted, and divulge their information to other telecoms, who would be in charge of preventing these companies from transmitting commercial messages.

How widespread is the spam issue?

According to a LocalCircles poll, three or more spam calls are received every day by two out of every three Indians (66%) on average. It further stated that not a single one of the thousands of responses clicked the “no-spam” box. According to the platform, the survey was conducted nationally and received over 56,000 responses from Indians in 342 districts. Moreover, 92 % of respondents reported that even after choosing DND, they still receive spam. A mobile subscriber can register their number on the DND list to prevent receiving unsolicited commercial communication (UCC).

consultation document recently in which it recommended the concept of providing the genuine name identify of callers to persons receiving calls. The paper indicated that it would employ a database containing each subscriber’s correct name to implement the caller name presentation (CNAP) service. The regulator wants to use information collected by telecom service providers through client acquisition forms (CAF).

Conclusion

TRAI established a joint committee to examine the problem of phishing and cyber scams in 2022. Officials from the Securities and Exchange Board of India (SEBI) and Reserve Bank of India (RBI) were present (SEBI).

The telecom watchdog had outlined a strategy for leveraging blockchain technology to combat SMS and call spam (DLT).