#FactCheck: Phishing Scam on Jio is offering a ₹700 Holi reward through a promotional link
Executive Summary:
A viral post currently circulating on various social media platforms claims that Reliance Jio is offering a ₹700 Holi gift to its users, accompanied by a link for individuals to claim the offer. This post has gained significant traction, with many users engaging in it in good faith, believing it to be a legitimate promotional offer. However, after careful investigation, it has been confirmed that this post is, in fact, a phishing scam designed to steal personal and financial information from unsuspecting users. This report seeks to examine the facts surrounding the viral claim, confirm its fraudulent nature, and provide recommendations to minimize the risk of falling victim to such scams.
Claim:
Reliance Jio is offering a ₹700 reward as part of a Holi promotional campaign, accessible through a shared link.
Fact Check:
Upon review, it has been verified that this claim is misleading. Reliance Jio has not provided any promo deal for Holi at this time. The Link being forwarded is considered a phishing scam to steal personal and financial user details. There are no reports of this promo offer on Jio’s official website or verified social media accounts. The URL included in the message does not end in the official Jio domain, indicating a fake website. The website requests for the personal information of individuals so that it could be used for unethical cyber crime activities. Additionally, we checked the link with the ScamAdviser website, which flagged it as suspicious and unsafe.
Conclusion:
The viral post claiming that Reliance Jio is offering a ₹700 Holi gift is a phishing scam. There is no legitimate offer from Jio, and the link provided leads to a fraudulent website designed to steal personal and financial information. Users are advised not to click on the link and to report any suspicious content. Always verify promotions through official channels to protect personal data from cybercriminal activities.
- Claim: Users can claim ₹700 by participating in Jio's Holi offer.
- Claimed On: Social Media
- Fact Check: False and Misleading
Related Blogs
Introduction
The United Nations General Assembly (UNGA) has unanimously adopted the first global resolution on Artificial Intelligence (AI), encouraging countries to take into consideration human rights, keeping personal data safe, and further monitoring the threats associated with AI. This non-binding resolution proposed by the United States and co-sponsored by China and over 120 other nations advocates the strengthening of privacy policies. This step is crucial for governments across the world to shape how AI grows because of the dangers it carries that could undermine the protection, promotion, and right to human dignity and fundamental freedoms. The resolution emphasizes the importance of respecting human rights and fundamental freedoms throughout the life cycle of AI systems, highlighting the benefits of digital transformation and safe AI systems.
Key highlights
● This is indeed a landmark move by the UNGA, which adopted the first global resolution on AI. This resolution encourages member countries to safeguard human rights, protect personal data, and monitor AI for risks.
● Global leaders have shown their consensus for safe, secure, trustworthy AI systems that advance sustainable development and respect fundamental freedom.
● Resolution is the latest in a series of initiatives by governments around the world to shape AI. Therefore, AI will have to be created and deployed through the lens of humanity and dignity, Safety and Security, human rights and fundamental freedoms throughout the life cycle of AI systems.
● UN resolution encourages global cooperation, warns against improper AI use, and emphasizes the issues of human rights.
● The resolution aims to protect from potential harm and ensure that everyone can enjoy its benefits. The United States has worked with over 120 countries at the United Nations, including Russia, China, and Cuba, to negotiate the text of the resolution adopted.
Brief Analysis
AI has become increasingly prevalent in recent years, with chatbots such as the Chat GPT taking the world by storm. AI has been steadily attempting to replicate human-like thinking and solve problems. Furthermore, machine learning, a key aspect of AI, involves learning from experience and identifying patterns to solve problems autonomously. The contemporary emergence of AI has, however, raised questions about its ethical implications, potential negative impact on society, and whether it is too late to control it.
While AI is capable of solving problems quickly and performing various tasks with ease, it also has its own set of problems. As AI continues to grow, global leaders have called for regulations to prevent significant harm due to the unregulated AI landscape to the world and encourage the use of trustworthy AI. The European Union (EU) has come up with an AI act called the “European AI Act”. Recently, a Senate bill called “The AI Consent Bill” was introduced in the US. Similarly, India is also proactively working towards setting the stage for a more regulated Al landscape by fostering dialogues and taking significant measures. Recently, the Ministry of Electronics and Information Technology (MeitY) issued an advisory on AI, which requires explicit permission to deploy under-testing or unreliable AI models related to India's Internet. The following advisory also indicates measures advocating to combat deepfakes or misinformation.
AI has thus become a powerful tool that has raised concerns about its ethical implications and the potential negative influence on society. Governments worldwide are taking action to regulate AI and ensure that it remains safe and effective. Now, the groundbreaking move of the UNGA, which adopted the global resolution on AI, with the support of all 193 U.N. member nations, shows the true potential of efforts by countries to regulate AI and promote safe and responsible use globally.
New AI tools have emerged in the public sphere, which may threaten humanity in an unexpected direction. AI is able to learn by itself through machine learning to improve itself, and developers often are surprised by the emergent abilities and qualities of these tools. The ability to manipulate and generate language, whether with words, images, or sounds, is the most important aspect of the current phase of the ongoing AI Revolution. In the future, AI can have several implications. Hence, it is high time to regulate AI and promote the safe, secure and responsible use of it.
Conclusion
The UNGA has approved its global resolution on AI, marking significant progress towards creating global standards for the responsible development and employment of AI. The resolution underscores the critical need to protect human rights, safeguard personal data, and closely monitor AI technologies for potential hazards. It calls for more robust privacy regulations and recognises the dangers associated with improper AI systems. This profound resolution reflects a unified stance among UN member countries on overseeing AI to prevent possible negative effects and promote safe, secure and trustworthy AI.
References
Executive Summary
A viral image claims that an Israeli helicopter shot down in South Lebanon. This investigation evaluates the possible authenticity of the picture, concluding that it was an old photograph, taken out of context for a more modern setting.
Claims
The viral image circulating online claims to depict an Israeli helicopter recently shot down in South Lebanon during the ongoing conflict between Israel and militant groups in the region.
Factcheck:
Upon Reverse Image Searching, we found a post from 2019 on Arab48.com with the exact viral picture.
Thus, reverse image searches led fact-checkers to the original source of the image, thus putting an end to the false claim.
There are no official reports from the main news agencies and the Israeli Defense Forces that confirm a helicopter shot down in southern Lebanon during the current hostilities.
Conclusion
Cyber Peace Research Team has concluded that the viral image claiming an Israeli helicopter shot down in South Lebanon is misleading and has no relevance to the ongoing news. It is an old photograph which has been widely shared using a different context, fueling the conflict. It is advised to verify claims from credible sources and not spread false narratives.
- Claim: Israeli helicopter recently shot down in South Lebanon
- Claimed On: Facebook
- Fact Check: Misleading, Original Image found by Google Reverse Image Search
Executive Summary:
CVE 2024-3094 is a backdoor vulnerability recently found in Kali Linux installations that happened between March 26th to 29th. This vulnerability was found in XZ package version 5.6.0 to 5.6.1. It could allow the malicious actor to compromise SSHD authentication, and grant unauthorized access to the entire system remotely. The users who have installed or updated Kali Linux during the said time are advised to update their system to safeguard against this vulnerability.
The Dangerous Backdoor
The use of the malicious implant found in XZ Utils as a remote code execution tool makes it more dangerous, because of its ability to compromise the affected systems. Initially, researchers believed the vulnerability enabled an authentication bypass for the OpenSSH server (SSHD) process. However, further analysis revealed it is better characterized as a remote code execution (RCE) vulnerability.
The backdoor intercepts the RSA_public_decrypt function, verifies the host's signature using a fixed Ed448 key, and if successful, executes malicious code passed by the attacker via the system() function. This leaves no trace in SSHD logs and makes it difficult to detect the vulnerability.
Impacted Linux Distributions
The compromised versions of XZ Utils have been found in the following Linux distributions released in March 2024:
- Kali Linux (between March 26 and March 29)
- openSUSE Tumbleweed and openSUSE MicroOS (March 7 to March 28)
- Fedora 41, Fedora Rawhide, and Fedora Linux 40 beta
- Debian (testing, unstable, and experimental distributions only)
- Arch Linux container images (February 29 to March 29)
- Meanwhile, distributions such as Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise, openSUSE Leap, and Debian Stable are not believed to be affected.
How Did This Happen?
The malicious code appears to have been inserted by taking advantage of a typical control transfer vulnerability. The original maintainer of the XZ Libs project on GitHub handed over control of the repository to an account that had been contributing to various data compression-related projects for several years. It was at this point that the backdoor was implanted in the project code.
Fortunately, the Potential Disaster Was Averted
As per Igor Kuznetsov, head of Kaspersky's Global Research and Analysis Team (GReAT), the vulnerability CVE-2024-3094 is considered as the largest scale attack that has happened in the Linux ecosystem history. Because it targeted the primary remote management tool for Linux servers on the internet which is SSH servers.
As this vulnerability was detected in the testing and rolling distributions in the short period of time, where the latest software packages are used. This results to the minimum damage to the linux users and so far no case of CVE-2024-3094 being actively exploited have been detected.
Staying Safe
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises that users who installed or updated the affected operating systems in March immediately roll back to XZ Utils 5.4.6 version and be on alert for any malicious activity. It is recommended to change the passwords in the case of a distribution where a weak version of XZ Utils has been installed.
The Yara rule has been released to detect any infected systems by CVE-2024-3094 Vulnerability.
Conclusion
The discovery of the XZ Utils backdoor provides a reminder to be vigilant in the open source software environment. This supply chain attack highlights the importance of strong security measures, elaborate code reviews, and regular distribution of security updates to provide shield against such vulnerabilities. Always staying informed and taking the necessary precautions, Linux users can mitigate the potential impact of this vulnerability to keep their systems safe.
References :
- https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html
- https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor/
- https://www.kali.org/blog/about-the-xz-backdoor/
- https://www.kaspersky.com/blog/cve-2024-3094-vulnerability-backdoor/50873/
- https://www.rapid7.com/blog/post/2024/04/01/etr-backdoored-xz-utils-cve-2024-3094/
