#Fact Check: Viral Footage from Bangladesh Incorrectly Portrayed as Immigrant March for Violence in Assam.

Executive Summary:

This report discloses a new cyber threat contributing to the list of threats targeting internet users in the name of "Aarong Ramadan Gifts". The fraudsters are imitating the popular Bangladeshi brand Aarong, which is known for its Bengali ethnic wear and handicrafts, and allure the victims with the offer of exclusive gifts for Ramadan. The moment when users click on the link, they are taken through a fictitious path of quizzes, gift boxes, and social proof, that simply could damage their personal information and system devices. Through knowing how this is done we can educate users to take caution and stop themselves from falling into cyber threats.

False Claim:

The false message accompanied by a link on social media, claims that Aarong, one of the most respected brands in Bangladesh for their exquisite ethnic wear and handicrafts, is providing Ramadan gifts exclusively through online promotion. And while that may be the facade of the scam, its real aim is to lead users to click on harmful links that may end up in their personal data and devices being compromised.

‍

The Deceptive Journey:

• The Landing page starts with a salutation and a catchy photo of Aarong store, and later moves ahead encouraging the visitors to take a part of a  short quiz to claim the gift. This is designed for the purpose of creating a false image of authenticity and trustworthiness.
• A certain area at the end of the page looks like a social media comment section, and users are posting the positive impacts the claim has on them. This is one of the techniques to build the image of a solid base of support and many partakers.
• The quiz starts with a few easy questions on how much the user knows about Aarong and their demographics. This data is vital in the development of more complex threats and can be used to address specific targets in the future.
• After the user hits the OK button, the screen displays a matrix of the Gift boxes, and the user then needs to make at least 3 attempts to  attain the reward. This is a commonly used approach which allows the scammer to keep users engaged longer and increases the chances of making them comply with the fraudulent scheme.
• The user is instructed to share the campaign on WhatsApp from this point of the campaign, and the user must keep clicking the WhatsApp button until the progress bar is complete. This is a way to both expand and perpetuate the scam, affecting many more users.
• After completing the steps, the user is shown instructions on how to claim the prize.

The Analysis:

• The home page and quiz are structured to maintain a false impression of genuineness and proficiency, thus allowing the victims to partake in the fraudulent design. The compulsion to forward the message in WhatsApp is the way they inspire more and more users and eventually get into the scam.
• The final purpose of the scam could be to obtain personal data from the user and eventually enter their devices, which could lead to a higher risk of cyber threats, such as identity theft, financial theft, or malware installation.
• We have also cross-checked and as of now there is no well established and credible source or any official notification that has confirmed such an offer advertised by Aarong.
• The campaign is hosted on a third party domain instead of the official Website, this raised suspicion. Also the domain has been registered recently.
• The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

‍

• Domain Name: apronicon.top
• Registry Domain ID: D20231130G10001G_13716168-top
• Registrar WHOIS Server: whois.west263[.]com
• Registrar URL: www.west263[.]com
• Updated Date: 2024-02-28T07:21:18Z
• Creation Date: 2023-11-30T03:27:17Z  (Recently created)
• Registry Expiry Date: 2024-11-30T03:27:17Z
• Registrar: Chengdu west dimension digital
• Registrant State/Province: Hei Long Jiang
• Registrant Country: CN (China)
• Name Server: amos.ns.cloudflare[.]com
• Name Server: zara.ns.cloudflare[.]com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorized access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

Aarong Ramadan Gift scam is a fraudulent act that takes advantage of the victims' loyalty to a reputable brand. The realization of the mechanism used to make the campaign look real, can actually help us become more conscious and take measures to our community not to be inattentive against cyberthreats. Be aware, check the credibility, and spread awareness to others wherever you can, to contribute in building a security conscious digital space.

‍

Introduction

‍

With the advent of cloud computing, new information and asset delivery avenues have become possible, including Infrastructure-as-a-Service, Platform-as-a-Service, and Software-as-a-Service. With this change, the conventional paradigm of "computer as a product" is replaced with "computing as a service," which is provided to customers via the internet by big data warehouses or the cloud. Additionally, it has brought about an essential shift in how organisations function, allowing them to access computer tools and services online instead of needing to construct and manage their IT systems. As a result, organizations are now more agile, scalable, and efficient and can react swiftly to shifting consumer demands and market situations.

The Growth of Remote and Hybrid Workspaces

‍

Hybrid and remote workplaces are becoming more popular post-pandemic era. Many businesses have used regional workplace solutions to manage a more scattered workforce. IT departments are put in a difficult position since they have to make sure that branch office staff and remote workers can access the information they require safely and dependably. VPNs and Direct Internet Access links are becoming more and more popular, thus IT professionals are coming up with innovative ways for connecting distant locations to the main office while protecting the confidentiality of information.

User Portability

‍The widespread use of mobile devices for work, along with the growing Bring Your Own Device (BYOD) culture, has significantly contributed to the rise of remote work and flexible work environments. Employees can now connect to corporate systems using either personal or company-issued devices through secure methods such as Virtual Private Networks (VPNs) or cloud-based platforms. This has made teleworking, work-from-home setups, and flexible work hours increasingly common and practical, allowing for greater productivity and work-life balance.

Growing Volume of Traffic

‍

Professionals in the modern workplace must have access to private apps stored in a data centre or a multi-cloud setup. Nevertheless, these programs might not always be easily accessible from branch offices or by remote workers and staff members might not have instant support for IT. Organizations must discover solutions to this problem so that remote workers may consistently and dependably access company resources while also making the most of their current assets. It is important to note that employees need reliable and secure ways to access their work tools from anywhere, just like they would in the office.

Battling Networking and Security Issues in a Post-Pandemic Setting

‍

While many businesses have successfully adopted a cloud-first approach for new system implementations or have deployed specific Software-as-a-Service (SaaS) solutions, many are still struggling to fully reap the benefits of moving most or all of their business software to the cloud.

‍

• Conventional IT frameworks allowed for the creation of the present company applications. Because of this, these applications are frequently inflexible and configured for fixed capacity across a limited number of data facilities. Certain organizations could lack the elements required to oversee an entire cloud migration. This could be the result of things like an affinity for on-premises systems, aversion to alteration, or a lack of experience with cloud systems. 
• Although cloud computing might be a cost-effective solution for some workloads, it might not be the best choice overall. Running certain applications in a combination of cloud services or on-premises may be more cost-effective. 
• Particularly if they are regionally distributed, workloads requiring high connection speeds or low latency may not be ideal for cloud computing.
• If a corporation lacks authority over the servers in the cloud, it may be concerned about the integrity of its data stored there. Consequently, they would rather keep it inside their data facilities.
• Firms may be restricted in their ability to migrate some types of information to the cloud by legal or compliance regulations. 

Networking and Cybersecurity Consolidation: Handling Present Risks

‍

In the past, protecting a network required establishing boundaries and keeping an eye on communication between recognized devices. However, it is now required for a network's components to work together as a cohesive system due to shifting expectations. To do this, flexible network pieces must be able to communicate with one another while also protecting workflows, apps, and payments that move across different devices. The current problem is to effortlessly combine security with network capabilities and connection so that data can flow between constantly moving devices while being inspected, encrypted, and subject to regulation.

Infrastructure and security personnel must update their methods and equipment to better meet these constraints to deliver reliable, efficient, and trustworthy access across users, apps, and regions within an enterprise. Inevitably, networking and safety will eventually merge for improved organizational alignment.

Businesses may stay ahead of the competition in attracting top people in an increasingly diverse and cost-effective workplace by integrating a virtual and physical workforce. The future of security solutions lies in consolidation and platformisation; a cloud-centric Secure Access Service Edge (SASE) the capacity offering paired with network edge capabilities like secured Software-Defined Wide Area Network (SD-WAN) can improve and automate the safety measures of the company while also cutting down on the complexity and expense of managing disparate point remedies.

Safe Networking: Moving Towards This Phenomenon and Concentration of Cybersecurity

‍

Companies relying on conventional networking models often face challenges in securing modern elements, such as cloud-based applications, remote users, mobile devices, and distributed locations, because traditional networks were not designed with these factors in mind. A robust networking strategy integrates both safety and networking into one system to get around these problems. It enhances security posture and network performance. It improves the user's experience and lessens the complexities of management. It is important to combine point product providers into a risk management platform rather than implementing safety measures one at a time. Tighter cooperation, greater efficiency, and a quicker, better-coordinated reaction to network threats are made possible by this.

SASE: A Coordinated Method

‍

Secure Access Service Edge (SASE) is a cloud-based architecture that offers security and networking solutions as needed and unites all edges into a single logical connection.

SASE drivers

‍

Conventional safety measures are ill-suited to deal with the more dispersed and complicated IT environment brought about by the advent of the Internet of Things, edge computing, and telecommuting. Using SASE, security and network services may be accessed from the cloud, eliminating the need to backhaul traffic to a single data centre for safety assessment.

‍

• Distant user traffic assessment and blind spots presented difficulties for companies.
• Full oversight over hybrid network operations is provided by SASE technology, which provides network services including FWaaS, SWG, DLP, and CASB.
• Issues around abnormal port usage and policy violations have arisen as more customers access SaaS apps from different gadgets and regions.
• SASE technology reduces the cost of hiring IT staff by combining safe access to resources from one supplier.
• SASE technology consolidates secure accessibility capabilities from one vendor, hence lowering the cost of hiring IT workers.
• One major benefit of SASE technology is its ease of administration. Even when overseeing multiple offices inside a corporate network, the IT department's job is minimized because a single cloud-based administrator manages the entire system.

Recommendations

‍

• For high-risk use cases, consider utilizing Zero Trust Network Access to supplement or replace the outdated VPN for distant users.
• Take inventory of the gear and agreements in order to progressively replace the branch and perimeter hardware on-site over a few years in favour of delivering SASE functionalities via the cloud.
• Simplify and cut expenses by grouping suppliers when VPN, CASB, and encrypted web portal agreements are up for renewal. Profit from a market that has come together and integrated these security edge services.
• Limit SASE products to a couple of partnering companies.
• Irrespective of location, integrate Zero Trust Network Access (ZTNA) and methods of authorization (such as MFA) for every client, including those in the workplace or branch.
• To meet security and regulatory requirements, select SASE products that provide you control over where inspection takes place, how traffic is directed, what is recorded, and where records are kept.

Conclusion

‍

The development of cloud technology, the rise of offsite and hybrid workplaces, and the increased challenges in communication and privacy following the pandemic highlight the necessity for a comprehensive and integrated strategy. By adopting SASE (Secure Access Service Edge), a cloud-centric framework that enables secure connectivity across diverse environments, businesses can enhance cybersecurity, streamline operations, and adapt to the evolving needs of modern workplaces. This approach ultimately contributes to a safer and more efficient future for information architecture.

References

‍

• https://www.dsci.in/files/content/knowledge-centre/2023/DSCI-Fortinet%20POV%20Paper.pdf
• https://www.datacenterknowledge.com/cloud/cloud-trends-and-cybersecurity-challenges-navigating-future
• https://banagevikas.medium.com/cybersecurity-trends-2024-navigating-the-future-10383ec10efe

Authors:

‍

Soumya Gangele (Intern - Tech & Policy), CyberPeace

Neeraj Soni (Sr. Researcher), CyberPeace

‍

Introduction

Global cybersecurity spending is expected to breach USD 210 billion in 2025, a ~10% increase from 2024 (Gartner). This is a result of an evolving and increasingly critical threat landscape enabled by factors such as the proliferation of IoT devices, the adoption of cloud networks, and the increasing size of the internet itself.  Yet, breaches, misuse, and resistance persist. In 2025, global attack pressure rose ~21% Y-o-Y ( Q2 averages) (CheckPoint) and confirmed breaches climbed ~15%( Verizon DBIR). This means that rising investment in cybersecurity may not be yielding proportionate reductions in risk. But while mechanisms to strengthen technical defences and regulatory frameworks are constantly evolving, the social element of trust and how to embed it into cybersecurity systems remain largely overlooked.   

‍

Human Error and Digital Trust  (Individual Trust) 

‍

Human error is consistently recognised as the weakest link in cybersecurity. While campaigns focusing on phishing prevention, urging password updates and using two-factor authentication (2FA) exist, relying solely on awareness measures to address human error in cyberspace is like putting a Band-Aid on a bullet wound. Rather, it needs to be examined through the lens of digital trust. As Chui (2022) notes, digital trust rests on security,  dependability, integrity, and authenticity. These factors determine whether users comply with cybersecurity protocols. When people view rules as opaque, inconvenient, or imposed without accountability, they are more likely to cut corners, which creates vulnerabilities. Therefore, building digital trust means shifting from blaming people to design: embedding transparency, usability, and shared responsibility towards a culture of cybersecurity so that users are incentivised to make secure choices. 

‍

Organisational Trust and Insider Threats (Institutional Trust)

At the organisational level, compliance with cybersecurity protocols is significantly tied to whether employees trust employers/platforms to safeguard their data and treat them with integrity. Insider threats, stemming from both malicious and non-malicious actors, account for nearly 60% of all corporate breaches (Verizon DBIR 2024). A lack of trust in leadership may cause employees to feel disengaged or even act maliciously.  Further, a 2022 study by Harvard Business Review finds that adhering to cybersecurity protocols adds to employee workload. When they are perceived as hindering productivity, employees are more likely to intentionally violate these protocols.  The stress of working under surveillance systems that feel cumbersome or unreasonable, especially when working remotely, also reduces employee trust and, hence, compliance.  

‍

Trust, Inequality, and Vulnerability (Structural Trust)

Cyberspace encompasses a social system of its own since it involves patterned interactions and relationships between human beings. It also reproduces the social structures and resultant vulnerabilities of the physical world. As a result,  different sections of society place varying levels of trust in digital systems.  Women, rural, and marginalised groups often distrust existing digital security provisions more, and with reason. They are targeted disproportionately by cyber attackers, and yet are underprotected by systems, since these are designed prioritising urban/ male/ elite users.  This leads to citizens adopting workarounds like password sharing for “safety” and disengaging from cyber safety discourse, as they find existing systems inaccessible or irrelevant to their realities. Cybersecurity governance that ignores these divides deepens exclusion and mistrust.

‍

Laws and Compliances (Regulatory Trust)

Cybersecurity governance is operationalised in the form of laws, rules, and guidelines. However, these may often backfire due to inadequate design, reducing overall trust in governance mechanisms. For example, CERT-In’s mandate to report breaches within six hours of “noticing” it has been criticised as the steep timeframe being insufficient to generate an effective breach analysis report. Further, the multiplicity of regulatory frameworks in cross-border interactions can be costly and lead to compliance fatigue for organisations. Such factors can undermine organisational and user trust in the regulation’s ability to protect them from cyber attacks, fuelling a check-box-ticking culture for cybersecurity.  

‍

Conclusion 

Cybersecurity is addressed primarily through code, firewall, and compliance today. But evidence suggests that technological and regulatory fixes, while essential, are insufficient to guarantee secure behaviour and resilient systems. Without trust in institutions, technologies, laws or each other, cybersecurity governance will remain a cat-and-mouse game.  Building a trust-based architecture requires mechanisms to improve accountability, reliability, and transparency.  It requires participatory designs of security systems and the recognition of unequal vulnerabilities. Thus, unless cybersecurity governance acknowledges that cyberspace is deeply social,  investment may not be able to prevent the harms it seeks to curb. 

‍

References 

• https://www.gartner.com/en/newsroom/press-releases/2025-07-29
• https://blog.checkpoint.com/research/global-cyber-attacks-surge-21-in-q2-2025
• https://www.verizon.com/business/resources/reports/2024-dbir-executive-summary.pdf 
• https://www.verizon.com/business/resources/reports/2025-dbir-executive-summary.pdf 
• https://insights2techinfo.com/wp-content/uploads/2023/08/Building-Digital-Trust-Challenges-and-Strategies-in-Cybersecurity.pdf 
• https://www.coe.int/en/web/cyberviolence/cyberviolence-against-women 
• https://www.upguard.com/blog/indias-6-hour-data-breach-reporting-rule 

‍