Using incognito mode and VPN may still not ensure total privacy, according to expert
SVIMS Director and Vice-Chancellor B. Vengamma lighting a lamp to formally launch the cybercrime awareness programme conducted by the police department for the medical students in Tirupati on Wednesday.
An awareness meet on safe Internet practices was held for the students of Sri Venkateswara University University (SVU) and Sri Venkateswara Institute of Medical Sciences (SVIMS) here on Wednesday.
“Cyber criminals on the prowl can easily track our digital footprint, steal our identity and resort to impersonation,” cyber expert I.L. Narasimha Rao cautioned the college students.
Addressing the students in two sessions, Mr. Narasimha Rao, who is a Senior Manager with CyberPeace Foundation, said seemingly common acts like browsing a website, and liking and commenting on posts on social media platforms could be used by impersonators to recreate an account in our name.
Turning to the youth, Mr. Narasimha Rao said the incognito mode and Virtual Private Network (VPN) used as a protected network connection do not ensure total privacy as third parties could still snoop over the websites being visited by the users. He also cautioned them tactics like ‘phishing’, ‘vishing’ and ‘smishing’ being used by cybercriminals to steal our passwords and gain access to our accounts.
“After cracking the whip on websites and apps that could potentially compromise our security, the Government of India has recently banned 232 more apps,” he noted.
Additional Superintendent of Police (Crime) B.H. Vimala Kumari appealed to cyber victims to call 1930 or the Cyber Mitra’s helpline 9121211100. SVIMS Director B. Vengamma stressed the need for caution with smartphones becoming an indispensable tool for students, be it for online education, seeking information, entertainment or for conducting digital transactions.
Related Blogs
Executive Summary:
Recently, our team came across a widely circulated post on X (formerly Twitter), claiming that the Indian government would abolish paper currency from February 1 and transition entirely to digital money. The post, designed to resemble an official government notice, cited the absence of advertisements in Kerala newspapers as supposed evidence—an assertion that lacked any substantive basis
Claim:
The Indian government will ban paper currency from February 1, 2025, and adopt digital money as the sole legal tender to fight black money.
Fact Check:
The claim that the Indian government will ban paper currency and transition entirely to digital money from February 1 is completely baseless and lacks any credible foundation. Neither the government nor the Reserve Bank of India (RBI) has made any official announcement supporting this assertion.
Furthermore, the supposed evidence—the absence of specific advertisements in Kerala newspapers—has been misinterpreted and holds no connection to any policy decisions regarding currency
During our research, we found that this was the prediction of what the newspaper from the year 2050 would look like and was not a statement that the notes will be banned and will be shifted to digital currency.
Such a massive change would necessitate clear communication to the public, major infrastructure improvements, and precise policy announcements which have not happened. This false rumor has widely spread on social media without even a shred of evidence from its source, which has been unreliable and is hence completely false.
We also found a clip from a news channel to support our research by asianetnews on Instagram.
We found that the event will be held in Jain Deemed-to-be University, Kochi from 25th January to 1st February. After this advertisement went viral and people began criticizing it, the director of "The Summit of Future 2025" apologized for this confusion. According to him, it was a fictional future news story with a disclaimer, which was misread by some of its readers.
The X handle of Summit of Future 2025 also posted a video of the official statement from Dr Tom.
Conclusion:
The claim that the Indian government will discontinue paper currency by February 1 and resort to full digital money is entirely false. There's no government announcement nor any evidence to support it. We would like to urge everyone to refer to standard sources for accurate information and be aware to avoid misinformation online.
- Claim: India to ban paper currency from February 1, switching to digital money.
- Claimed On: X (Formerly Known As Twitter)
- Fact Check: False and Misleading
.webp)
Introduction
As per the National Crime Records Bureau (NCRB) ‘Cyber Crime In India Report 2022’, A total of 65,893 cases were registered under Cyber Crimes, showing an increase of 24.4% in registration in comparison to 52,974 cases registered in 2021. The crime rate increased from 3.9 in 2021 to 4.8 in 2022. During 2022, 64.8% of cyber-crime cases registered were for the motive of fraud (42,710 out of 65,893 cases), followed by Extortion with 5.5% (3,648 cases) and Sexual Exploitation with 5.2% (3,434 cases). The statistics released by NCRB show the increased rate of cyber crimes in the country, which poses a significant question of safety in the online world. The rise in cybercrime indicates a rise in emerging criminal groups with malicious intentions, creating new cybercrime hotspots in the country where these groups target and commit cyber crimes despite limited resources.
Cyber Crime Hotspots
Police have recently arrested several cyber criminals in a specific region, indicating that certain areas have become hotspots for cybercrime. Mewat region is one such hotspot indicating a growing trend of cybercrime operating from this area. The Mewat gang's modus operandi is quite different; Cybercriminals in Mewat scam mobile owners just using smartphones and SIM cards without kingpins and targeting mobile owners. The scammers also lure people through online marketplaces such as OLX, in which they pretend to sell possessions and then either physically lure victims to pick-up locations or scam them virtually.
A study conducted by Future Crime Research Foundation and IIT Kanpur in 2023 has revealed that Jamatara city, once considered the cyber crime capital of India, is no longer the epicentre. The study found that 35 hotspots in India are actively involved in cybercrime activities. The top 10 cybercrime hotspots in India collectively account for 80% of cybercrime-related cases in India. These districts are strategically located near India's capital or closer to the National Capital Region (NCR). These districts are strategically placed with multiple borders, making them easy targets for criminals.
Online financial fraud and social media-related crimes are the most common in India. Cybercriminals exploit data as a gold mine, using it to commit crimes. For instance, they can obtain banking and insurance data, use simple AI tools to cheat victims, and they can easily impersonate identities to lure innocent people. In cybercrime hotspots, sextortion is a modern way for cybercriminals to record and demand money. Loan app fraud, OLX fraud, and job fraud also originate from these specific regions.
Recommendations
To counter the challenges posed by emerging cybercrime hubs, the following recommendations are to be considered:
- Advanced threat Intelligence: The digital landscape is evolving, and the threat landscape is becoming more complex. AI's role in cybersecurity is becoming increasingly critical, both positively and negatively, as it helps in understanding and addressing advanced threats. AI is capable of proactive threat hunting, real-time anomaly detection, and swift incident response.
- Enhancing capabilities of Law Enforcement Agencies: Law enforcement agencies must be sensitised to advanced tools or techniques to investigate cyber crime cases effectively. The development and implementation of advanced forensic tools and technologies need to be utilised or implemented to keep up with the evolving tactics of cybercrime perpetrators.
- Continuous Monitoring: Continuous cybersecurity monitoring is crucial for detecting anomalies and preventing cyber-attacks. It involves analysing systems and data to establish baseline security, identify deviations, and investigate potential threats. Cybersecurity experts use data observability tools, artificial intelligence, and machine learning to detect unexpected dataset changes.
- Cyber Security Awareness: Public awareness needs to be higher. Cybercrime prevention and cybersecurity is a shared responsibility of all of us by being aware of the threats and following the best practices. The frequent interaction between law enforcement and the public is necessary to raise awareness about safeguarding personal and financial information. Effective campaigns on cyber security are necessary to educate netizens.
Safety Tips for Netizens
Install up-to-date security software and firewalls on devices, use strong passwords for accounts, and regularly update software and applications. Be cautious when clicking on links or downloading files from unknown sources, and be cautious of your personal information.
Conclusion
The rise of Cyber Crime Hotspots in specific regions or districts has significantly exacerbated the issue of increasing cybercrime rates. In order to combat cybercrime more effectively, it is necessary for law enforcement agencies to strengthen their coordination between different states and to adapt advanced technology methods to counter cybercrime threats effectively. Moreover, educating netizens about cyber crime threats and providing best practices is an effective method to counter these threats, considered the first line of defense against cybercrime.
References
- https://ncrb.gov.in/uploads/nationalcrimerecordsbureau/custom/1701607577CrimeinIndia2022Book1.pdf
- https://economictimes.indiatimes.com/tech/technology/no-kingpins-just-a-smartphone-and-sim-card-how-cybercriminals-in-mewat-scam-mobile-owners/articleshow/98062889.cms?from=mdr
- https://www.futurecrime.org/fcrf-cyber-crime-survey-2023
- https://timesofindia.indiatimes.com/city/mumbai/jamtara-loses-crown-as-new-remote-districts-rewrite-indias-cybercrime-map/articleshow/104475868.cms?from=mdr
- https://government.economictimes.indiatimes.com/news/secure-india/80-of-cyber-crimes-from-10-new-districts-iit-report/103921338
- https://www.dw.com/en/how-mewat-became-indias-new-hub-for-cyber-criminals/video-68674527
- https://www.indiatoday.in/from-india-today-magazine/story/into-cybercrime-hotspot-india-mewat-rajasthan-haryana-uttar-pradesh-2381545-2023-05-19
- https://frontline.thehindu.com/the-nation/spotlight-how-nuh-district-in-haryana-became-a-breeding-ground-for-cybercriminals/article67098193.ece
- https://www.opindia.com/2024/04/nuh-mewat-cyber-crime-haryana-police-crackdown/#google_vignette
Introduction
With mobile phones at the centre of our working and personal lives, the SIM card, which was once just a plain chip that links phones with networks, has turned into a vital component of our online identity, SIM cloning has become a sneaky but powerful cyber-attack, where attackers are able to subvert multi-factor authentication (MFA), intercept sensitive messages, and empty bank accounts, frequently without the victim's immediate awareness. As threat actors are becoming more sophisticated, knowing the process, effects, and prevention of SIM cloning is essential for security professionals, telecom operators, and individuals alike.
Understanding SIM Cloning
SIM cloning is the act of making an exact copy of a victim's original SIM card. After cloning, the attacker's phone acts like the victim's, receiving calls, messages, and OTPs. This allows for a variety of cybercrimes, ranging from unauthorised financial transactions to social media account hijacking. The attacker virtually impersonates the victim, often leading to disastrous outcomes.
The cloning can be executed through various means:
● Phishing or Social Engineering: The attack compels the victim or a mobile carrier into divulging personal information or requesting a replacement SIM.
● SIM Swap Requests: Attackers use fake IDs or stolen credentials to make telecom providers port the victim's number to a new SIM.
● SS7 Protocol Exploitation: Certain sophisticated attacks target weaknesses in the Signalling System No. 7 (SS7) protocol employed by cellular networks to communicate.
● Hardware based SIM Cloning: Although uncommon, experienced attackers will clone SIMs through the use of specialized hardware and malware that steals authentication keys.
The Real-World Consequences
The harm inflicted by SIM cloning is systemic as well as personal. The victims are deprived of their phones and online accounts, realising the breach only when improper dealings or login attempts have occurred. The FBI reported over $50 million loss in 2023 from crimes associated with SIM, most of which involved cryptocurrency account and high net-worth persons.
Closer to home, Indian entrepreneurs, journalists, and fintech users have reported losing access to their numbers, only to have their WhatsApp, UPI, and banking apps taken over. In a few instances, the attackers even contacted contacts, posing as the victim to scam others.
Why the Threat Is Growing
Dependence on SMS-based OTPs is still a core vulnerability. Even as there are attempts to move towards app-based two-factor authentication (2FA), most banking, government, and e-commerce websites continue to employ SMS as their main authentication method. This reliance provides an entry point for attackers who can replicate a SIM and obtain OTPs without detection.
Vulnerabilities in telecom infrastructure are also a part of the issue. Insider attacks at telecom operators, where malicious employees handle fraud SIM swap requests, also keep cropping up. On top of that, most users are not even aware of what exactly SIM cloning is or how to identify it, leaving attackers with a head start.
Very often, the victims are only aware that their SIM has been cloned when they lose mobile service or notice unusual activity on their accounts. Red flags include loss of signal, failure to send or receive messages, and inability to receive OTPs. Alerts on password changes or unusual login attempts must never be taken lightly, particularly if this is coupled with loss of mobile service.
How Users Can Protect Themselves
● Use A Strong SIM Pin: This protects your SIM from access by unauthorized users should your phone be lost or stolen.
● Secure Personal Information: Don't post sensitive personal information online that can have a place in social engineering.
● Notify your Carrier of Suspicious Activity: If your phone suddenly has lost service or is behaving strangely, contact your mobile operator immediately.
● Register for Telecom Alerts: Many providers offer alerts to SIM swap or porting requests that are useful to preliminarily detect a possible takeover.
● Verify SIM card status using Sanchar Saathi: Visit [https://sancharsaathi.gov.in](https://sancharsaathi.gov.in) to check how many mobile numbers are issued using your ID. This government portal allows you to identify unauthorized or unknown SIM cards, helping prevent SIM swapping fraud. You can also request to block suspicious numbers linked to your identity.
Conclusion
SIM cloning is not a retrograde nod to vintage cybercrime; it's an effective method of exploitation, especially where there's a strong presence of SMS-based authentication. The attack vector is simple, but the damage it causes can be profound, both financial and reputational. With telecommunication networks forming the backbone of digital identity, users, regulators, and telecom service providers have to move in tandem. For the users, awareness is the best protection. For Telecoms, security must be a baseline requirement, not a value-add option. It's time to redefine mobile security, before your identity is in anyone else's hands.
References
● https://www.trai.gov.in/faqcategory/mobile-number-portability
● https://www.cert-in.org.in/PDF/Digital_Threat_Report_2024.pdf
● https://www.ic3.gov/PSA/2022/PSA220208/
● https://www.hdfcbank.com/personal/useful-links/security/beware-of-fraud/sim-swap
● https://security-gen.com/SecurityGen-Article-Cloning-SimCard.pdf
● https://www.p1sec.com/blog/understanding-ss7-attacks-vulnerabilities-impacts-and-protection-measures
