#FactCheck! Viral Image Claiming Virat Kohli and Rohit Sharma Visited Kedarnath Is AI-Generated

Introduction:

Cybercriminals can hack your phone using or exploiting some public charging stations such as at airports, Malls, hotel rooms, etc. When you plug in your phone or laptop devices into a power charger using USB, you may be plugging into a hacker. Juice jacking poses a security threat at public charging stations at airports, shopping malls and other public places that provide free charging stations for mobile, tablet, and laptop devices. 

Cybercriminals can either hack into the public charging spot or download malware or viruses through the USB port into your system. When you plug your phone, laptop, tablet or other such devices for charging at public charging stations, it can download malware to your phone and other such devices, and then hackers can access your personal information or passwords, It is really a problem since hackers can even get access to your bank account for unauthorised transactions by accessing your passwords and personal information. 

Hence it is important to think twice before using public charging spots, as it might lead to serious consequences such as malware, data leak and hacking. Hacking can gain unauthorised access to your personal information by installing malware in your device and they might monitor your device by installing monitor software or spyware to your device. This scam is referred to as juice jacking. 

FBI issued an advisory  warning about using public charging stations:

The Federal Bureau of Investigation (FBI), In May 2023, advised users to avoid using free charging stations in airports, hotels, or shopping centres. The warning comes as threat actors have figured out ways to inject malware into devices attached to publicly installed USB ports.

Updated Security measures:

We all must have seen public charging points such as airports, shopping malls, metro, and other public places that provide charging stations for mobile devices. But it can be a threat to your stored data on your device. During the charging process, your data can be transferred which can ultimately lead to a data breach. Hence utmost care should be taken to protect your information and data. iPhones and other devices have security measures in place, When you plug your phone into a charging power source, a pop-up appears to ask permission to allow or disallow the transfer of Data. There is also a default setting in the phones where data transfer is disabled. In the latest models, when you plug your device into a new port or a computer, a pop-up appears asking whether the device is trusted or not. 

Two major risks involved in the threat of Juice jacking: 

1. Malware installation: – Malware apps can be used by bad actors to clone your phone data to their device, Your personal data is transferred leading to a data breach. Some types of malware include Trojans, adware, spyware, crypto-miners, etc. Once this malware is injected into your device, It is easy for cybercriminals to extort a ransom to restore the information they have unauthorized access to.
2. Data Theft: It is important to give emphasis to the question of whether your data is protected at public charging stations? When we use a USB cable and connect to a public charging station port, cyber-criminals by injecting malware into the charging port system, can inject the malware into your device or your data can be transferred to the bad actors. USB cords can be exploited by cybercriminals to commit malicious activities.

‍

Best practices: 

• Avoid using public charging stations: Using public charging stations is not safe. It is very possible for a cybercriminal to load malware into a charging station with a USB cord. Hence It is advisable not to use public charging spots, try to make sure you charge your phone, and laptop devices in your car, at home or office so it will help you to avoid public charging stations.
• Alternative method of charging: You can carry a power bank along with you to avoid the use of public charging stations.
• Lock your phone: Lock your phone once connected to the charging port. Locking your device once connected to the charging station will prevent it from being able to sync or transfer data.
• Software update: It is important to enable and use your device’s software security measures. Mobile devices have certain technical protections against such vulnerabilities and security threats. 
• Review Settings: Disable your device’s option to automatically transfer data when a charging cable is connected. This is the default on iOS devices. Android users should disable this option in the Settings app. If your device displays a prompt asking you to “trust this computer,” it means you are connected to another device, not simply a power outlet. Deny the permission, as trusting the computer will enable data transfers to and from your device.  So when you plug your device into a USB port and a prompt appears asking permission to "share data" or “trust this computer” or “charge only,” always select “charge only.”

Conclusion:

Cybercriminals or bad actors exploit public charging stations. There have been incidents where malware was planted in the system by the use of a USB cord, During the charging process, the USB cord opens a path into your device that a cybercriminal can exploit, which means the devices can exchange data. That's called juice jacking. Hence avoid using public charging stations, our safety is in our hands and it is significantly important to give priority to best practices and stay protected in the evolving digital landscape. 

References: 

• https://www.cbsnews.com/philadelphia/news/fbi-issue-warning-about-juice-jacking-when-using-free-cell-phone-charging-kiosks/
• https://www.comparitech.com/blog/information-security/juice-jacking/#:~:text=Avoid%20public%20charging%20stations,guaranteed%20success%20with%20this%20method
• https://www.fcc.gov/juice-jacking-tips-to-avoid-it

‍

Introduction

A disturbing trend of courier-related cyber scams has emerged, targeting unsuspecting individuals across India. In these scams, fraudsters pose as officials from reputable organisations, such as courier companies or government departments like the narcotics bureau. Using sophisticated social engineering tactics, they deceive victims into divulging personal information and transferring money under false pretences. Recently, a woman IT professional from Mumbai fell victim to such a scam, losing Rs 1.97 lakh.

Instances of courier-related cyber scams

Recently, two significant cases of courier-related cyber scams have surfaced, illustrating the alarming prevalence of such fraudulent activities.

1. Case in Delhi: A doctor in Delhi fell victim to an online scam, resulting in a staggering loss of approximately Rs 4.47 crore. The scam involved fraudsters posing as representatives of a courier company. They informed the doctor about a seized package and requested substantial money for verification purposes. Tragically, the doctor trusted the callers and lost substantial money.
2. Case in Mumbai: In a strikingly similar incident, an IT professional from Mumbai, Maharashtra, lost Rs 1.97 lakh to cyber fraudsters pretending to be officials from the narcotics department. The fraudsters contacted the victim, claiming her Aadhaar number was linked to the criminals’ bank accounts. They coerced the victim into transferring money for verification through deceptive tactics and false evidence, resulting in a significant financial loss.

These recent cases highlight the growing threat of courier-related cyber scams and the devastating impact they can have on unsuspecting individuals. It emphasises the urgent need for increased awareness, vigilance, and preventive measures to protect oneself from falling victim to such fraudulent schemes.

Nature of the Attack

The cyber scam typically begins with a fraudulent call from someone claiming to be associated with a courier company. They inform the victim that their package is stuck or has been seized, escalating the situation by involving law enforcement agencies, such as the narcotics department. The fraudsters manipulate victims by creating a sense of urgency and fear, convincing them to download communication apps like Skype to establish credibility. Fabricated evidence and false claims trick victims into sharing personal information, including Aadhaar numbers, and coercing them to make financial transactions for verification purposes.

‍Best Practices to Stay Safe

To protect oneself from courier-related cyber scams and similar frauds, individuals should follow these best practices:

• Verify Calls and Identity: Be cautious when receiving calls from unknown numbers. Verify the caller’s identity by cross-checking with relevant authorities or organisations before sharing personal information.
• Exercise Caution with Personal Information: Avoid sharing sensitive personal information, such as Aadhaar numbers, bank account details, or passwords, over the phone or through messaging apps unless necessary and with trusted sources.
• Beware of Urgency and Threats: Scammers often create a sense of urgency or threaten legal consequences to manipulate victims. Remain vigilant and question any unexpected demands for money or personal information.
• Double-Check Suspicious Claims: If contacted by someone claiming to be from a government department or law enforcement agency, independently verify their credentials by contacting the official helpline or visiting the department’s official website.
• Educate and Spread Awareness: Share information about these scams with friends, family, and colleagues to raise awareness and collectively prevent others from falling victim to such frauds.

Legal Remedies

In case of falling victim to a courier-related cyber scam, individuals can sort to take the following legal actions:

1. File a First Information Report (FIR): In case of falling victim to a courier-related cyber scam or any similar online fraud, individuals have legal options available to seek justice and potentially recover their losses. One of the primary legal actions that can be taken is to file a First Information Report (FIR) with the local police. The following sections of Indian law may be applicable in such cases:
2. Section 419 of the Indian Penal Code (IPC): This section deals with the offence of cheating by impersonation. It states that whoever cheats by impersonating another person shall be punished with imprisonment of either description for a term which may extend to three years, or with a fine, or both.
3. Section 420 of the IPC: This section covers the offence of cheating and dishonestly inducing delivery of property. It states that whoever cheats and thereby dishonestly induces the person deceived to deliver any property shall be punished with imprisonment of either description for a term which may extend to seven years and shall also be liable to pay a fine.
4. Section 66(C) of the Information Technology (IT) Act, 2000: This section deals with the offence of identity theft. It states that whoever, fraudulently or dishonestly, makes use of the electronic signature, password, or any other unique identification feature of any other person shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to pay a fine.
5. Section 66(D) of the IT Act, 2000 pertains to the offence of cheating by personation by using a computer resource. It states that whoever, by means of any communication device or computer resource, cheats by personating shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to pay a fine.
6. National Cyber Crime Reporting Portal- One powerful resource available to victims is the National Cyber Crime Reporting Portal, equipped with a 24×7 helpline number, 1930. This portal serves as a centralised platform for reporting cybercrimes, including financial fraud.

Conclusion:

The rise of courier-related cyber scams demands increased vigilance from individuals to protect themselves against fraud. Heightened awareness, caution, and scepticism when dealing with unknown callers or suspicious requests are crucial. By following best practices, such as verifying identities, avoiding sharing sensitive information, and staying updated on emerging scams, individuals can minimise the risk of falling victim to these fraudulent schemes. Furthermore, spreading awareness about such scams and promoting cybersecurity education will play a vital role in creating a safer digital environment for everyone.

Executive Summary:

Social media is buzzing with a link  that claims to offer an iPhone 15 as a gift from LuLu Hype­rmarket, presente­d as part of Holi celebrations. This article e­xamines the deceptive tactics behind this fraudulent offe­r and provides guidance on recognizing and avoiding such scams.

False Claim:

The link be­ing shared is misleading and falsely claims that LuLu Hype­rmarket is giving away free iPhone­ 15 phones. This is taking advantage of the Holi fe­stival to trick unsuspecting people. Whe­n users click on the link, they are­ redirected multiple­ times and end up on a page with LuLu Hype­rmarket's photo and some simple que­stions. Fake comments are also use­d to make the offer se­em genuine, but it is all a de­ception.

The Deceptive Scheme:

The plan uses psychological tricks by linking the offe­r to a famous brand and a popular celebration. The landing page's simplicity and phoney comments try to make users trust it and fe­el like they ne­ed to act fast, so they'll join the scam.

The Fraudulent Campaign Analysed:

The­ scammers are using psychological tactics to manipulate pe­ople. They're e­xploiting the trust people have­ in LuLu Hypermarket and the e­xcitement around the ne­w iPhone 15 during the Holi festival. The­ fake questionnaire se­rves no real purpose, but it's a way to e­ngage users and make the­ scam seem legitimate­. Testimonials claiming people have­ successfully receive­d the iPhone 15 are also fake­, designed to create­ a false sense of cre­dibility. Users are prompted to se­lect a "gift box," which adds an interactive e­lement to draw them in furthe­r. When a user sele­cts a box, they're falsely congratulate­d on winning the iPhone 15, giving them a se­nse of accomplishment. Finally, users are­ urged to share the link via WhatsApp to "claim" the­ gift, spreading the scam to more pote­ntial victims.

What do we Analyse? :

• We analyse the deceptive tactics employed by the scam, including psychological manipulation, false engagement techniques, and fake testimonials, all aimed at convincing users of the offer's legitimacy.

Link : (https://sophisticate­ddistort[.]top/nTiwpTTTT526?llue1696559991144)

• It is important to note that at this particular point, there has not been any official declaration or a proper confirmation of an offer made by Lulu Hypermarket So, people must be very careful when encountering such messages because they are often employed as lures in phishing attacks or misinformation campaigns. Before engaging or transmitting such claims, it is always advisable to authenticate the information from trustworthy sources in order to protect oneself online and prevent the spread of wrongful information
• The campaign is hosted on a third party domain instead of any official Website of LuLu Hypermarket, this raised suspicion. Also the domain was registered last year.
• The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

‍

‍

• Domain Name: sophisticateddistort.top
• Registry Domain ID: D20230629G10001G_04181852-top
• Registrar WHOIS Server: whois.west263.com
• Registrar URL: www.west263.com
• Updated Date: 2023-07-01T02:55:34Z
• Creation Date: 2023-06-29T06:05:00Z
• Registry Expiry Date: 2024-06-29T06:05:00Z
• Registrar: Chengdu west dimension digital
• Registrant State/Province: Shan Xi
• Registrant Country: CN (China)
• Name Server: curt.ns.cloudflare.com
• Name Server: harlee.ns.cloudflare.com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorised access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

During the festive season, as we engage in merrymaking and online activities, we should be mindful of fraudster's exploitation strategies. Another instance is the illegitimate Lulu Hypermarket offer of the upcoming iPhone 15. With the knowledge and carefulness, we can report any suspicious actions to avoid being victims of fraud in this way. Keep in mind the fact that legitimate offers are usually issued by trustworthy sources while if, the offer looks too good to be true, then it is rather a scam.

‍

‍

‍