life, technology

Your Cat Videos May be Giving Away Sensitive Data to Hackers, and You Didn’t Even Know it.

According to a new security report , scammers and cyber attackers worldwide are scraping social media posts for data that may seem irrelevant, but are actually key personal identifiers.

Using social engineering and scraping information off the open web, hackers are targeting unsuspecting users
These include personally identifiable information posted casually by users on social media
Such tactics are being used by cyber criminals to send targeted mails with malware payloads
Your personal cat videos, stay at home birthday party photos and casual snaps of yet another day spent under Covid-19 restrictions may not just be what meets the eye.

casual social media posts made by many of us staying at home appear to be leaking key identifiers on to the open cyber space. While such things, such as you celebrating your birthday party, sharing your adoration for the puppy whom you rescued, or even something as trivial as a mid-work snap to break the boredom may not have anything sensitive at all, such data can be put together by cyber attackers, scammers and hackers to form a pool of identifiable data, all linked to you. This, in turn, is helping threat actors create targeted cyber advances and dupe individuals, in a spree of advanced online scams that no longer remain simple.

How trivial is trivial data?

“Scams are a preferred form of attack for many criminals. They are often simple to launch and, if well-executed, can have relatively good success rates. As we have become more aware of scams, criminals have had to become more cunning. One way they have sought to boost success rates is to personalise scams – think spear phishing-type attacks. No longer do we see “Dear user”, but rather “Dear [your name]”. And, scams now even use your old passwords within their messages to you,”

Such incidents aren’t particularly unprecedented – cyber crime has always evolved to keep pace with what’s topical, and in today’s world, this has a far greater reflection. For instance, numerous reports highlighted the now-well documented surge in Covid-19 related scams and spear phishing efforts during the early months of the global pandemic. As the times evolved, attackers adapted to target the Covid-19 contact tracing and vaccine efforts, and subsequently, more advanced tasks too.

But as it turns out, one of the key signifiers of advanced cyber threats were born out of casual social media posts, including very basic stuff such as a photo of your first Zoom meeting. Thanks to AI image resurrection tools, even compressed images shared on social media could be refurbished to reveal details – sometimes highly sensitive in nature. Such social media posts, as the Sophos report claims, have included personal details under popular hashtags. As it states, “Photos tagged with WorkFromHome, WorkingFromHome, HomeOffice have also revealed birthday parties (celebrated on Zoom or Teams), thereby exposing birth dates; home addresses through photos revealing addresses on Amazon parcels or postal mail; and names of family members, children and pets.”

The risks that they represent.

To put things in perspective, such identifiable data can be stitched together by attackers to contact you via email, pretending to be a work acquaintance – or from social engineering, a friend whom you have not been in touch with for a while. These attacks can, in one of the methods, include emails with attachments that directly address you. All it takes is to pique a target’s interest, enough to make them download the attachment sent via email. Once downloaded, the attachments can use one of the thousands of malware available for nominal cost, thereby handing attackers a direct route to access your files on your work PC.

For example, an attacker may contact an employee under the guise of a known supplier, drawing on information gathered from an email. Or, they may get in touch with the employee, pretending to be from the IT department and with a request that the staff member update key software that only internal employees would (should!) be aware of.

“In both cases, employees may be tricked into providing more sensitive files or data, directed to download malware, or exploited through a range of other attacks. There have been similar issues with numerous data breaches in the past where unsecured corporate servers online have leaked data, including millions of business and customer records.

The perils of casual social media posts.

While such risks may not be apparent at first,it establishes the latest favourite tactic used by cyber attackers on the open internet – social engineering. Such processes can help malicious users to create a digital map of yours by using your social media posts, and use this data to gain your trust and trick you into downloading ransomware, malware and stalkerware payloads. In extreme cases, such tactics are being used to target celebrities and personalities to infect them with spyware.

As general security advice, users are urged to not download any attachment from emails where they are not personally confident of the sender. For video conferences, users are advised to use virtual or neutral backgrounds that do not have identifiable details, and in general, social media posts are better kept to the least possible.

technology

How To Protect Yourself From Online Violence:

A Guide For Women In India.

India has the highest number of Facebook and TikTok users in the world and the eighth highest on Twitter. Our country has one of the largest and fastest growing presence on various social media platforms. With such a large population accessing the internet and social media platforms, there is a likelihood of online abuse and harassment. As indicated by the most recent National Crime Records Bureau data, the number of cyber-crimes have been steadily increasing each year, with 2018 seeing 27,248 cyber-crimes. The curfew and lockdown measures imposed by the government during the COVID-19 pandemic has further increased the dependency of people on the internet for work, entertainment and information, putting many vulnerable groups including women further at risk.

In January 2020, Amnesty International India published Troll Patrol India, exposing the online abuse that women face on a daily basis in India. While the social media platforms and the government are primarily responsible for ensuring safe spaces for women, it is important to know not only how you can protect yourself online but also how you can be a more responsible netizen. Here is what you need to know:

What is online violence/online abuse?
Online violence or online abuse is not specifically defined under Indian law. There are several kinds of harassment and abuse that people face on the internet. Online violence and abuse can take many forms. This issue has a profound impact on the fundamental human rights of people, especially the right to equality, right to life and right to freedom of expression.

The following are some forms of online violence:

Threats of violence: Direct and indirect threats of physical or sexual violence.
Violations of privacy: Sharing of sexual and private images without consent, and ‘doxxing’ (revealing personal or identifying details without consent, with the aim to cause distress).
Discrimination: Targeted content that is sexist, racist, homophobic or related to an individual’s identity that aims to belittle, humiliate or undermine them.
Online harassment: Sustained or repeated communications involving one or more people working together to target an individual, using abusive comments or images online, over a short or coordinated period of time, with the aim of humiliating or otherwise distressing them.
It is important to remember that online settings where such violence can occur includes but is not limited to social media platforms like Twitter, Facebook and Instagram. They also include emails, messaging apps like WhatsApp and Viber; blog sites such as WordPress and Blogger, and even comments sections of different websites like news sites and YouTube.

Online violence and abuse is experienced by Internet users of all gender. However, women’s experiences online often mirror the discrimination, sexism and violence that women experience offline.

How do I report online harassment?
A complaint can be filed anywhere, as cybercrimes don’t have any jurisdiction. To report online harassment, the following options are available to you:

Reporting on social media websites: Most social media platforms have the option of reporting online harassment. You can check the reporting guidelines by clicking on a particular platform and accordingly report:
Facebook
Twitter
Instagram
Tiktok
Whatsapp
YouTube
Cyber cells: They have been established especially to deal with victims of cybercrime. They come under the purview of the crime investigation department. Here are the Nodal Cyber Cell Officers for each state. You can also file a complaint at http://www.cybercrime.gov.in. The National Cyber Crime Reporting Portal also has a manual on reporting cyber-crimes to help guide you through the process.
Local Police Station: You can also file an F.I.R. at a local police station. Remember: It is compulsory for a police station to register an F.I.R, you have the right to this redressal if you choose it.
Ministry of Women and Child Development: A specific email account has been established by the Ministry which is dedicated to complaints related to abusive behaviour, harassment or hateful conduct on social media. You can email at: complaint-mwcd@gov.in
The National Commission for Women: In the case of women, the National Commission for Women can take cognizance and enquire into cases of online harassment against women. You can either make a complaint online, email at: complaintcell-ncw@nic.in; or call the NCW at: +91-11-26944880.
Do I need to give any proof when I report?
While it may be appealing to delete evidence of abusive/harassing interactions that you have faced online, it is important not delete the evidence. Consider keeping screenshots as well as print-outs of photos, emails, or any other information sent by the perpetrator, this will make it easier for the concerned authorities to trace evidence in the virtual world.

What are other ways I can keep myself safe online?
Keep personal identifying information private. This is your location, date of birth, address, any identity documentation.
Be an active bystander. Do not allow cyber bullying to go unchecked. If you see someone else being harassed online, report it to the website. Help your friends.
Be cautious of those you meet online. Do not trust everyone who approaches you online. If you are meeting someone who you have only interacted with online, ensure that a trusted friend or family member knows where you are.
Trust your instincts. Ask yourself whether the interactions you are having feel right? Ask yourself, if your friends and family knew what was being shown and said, would you be embarrassed?
Stop the chain. Do not forward, copy, download content that you think is inappropriate. If necessary, contact the Cyber Cell to report the spread of inappropriate content.
The National Cyber Crime Reporting Portal has more tips on online safety and how to protect yourself on social media platforms.

technology

5 easy ways to protect yourself from cyber attacks.

Use your smarts, and technology, to be cyber-secure – at home, at work, at uni or out in the world.

  1. CHECK IF YOU’VE ALREADY BEEN INVOLVED IN A DATA BREACH
    Visit haveibeenpwned.com(external link) and change those passwords for any accounts that it suggests may have been compromised.
  2. CHECK THE STRENGTH OF YOUR PASSWORDS
    Test the strength of your passwords at howsecureismypassword.net(external link) (use something similar to your original password to test its strength).

When choosing a password, remember: the longer it is, the stronger it is. A strong password is at least 12 characters long and hard to guess.

Using a sentence is a great way to create a long password that you’ll never forget.

  1. AVOID THESE PASSWORDS
    The following passwords are considered the most common and easiest to crack – so if you’ve got any of these or similar variations, you should seriously considering changing them – quickly!

123456 (or any chronologically-ordered numbers)
987654321
123123
QWERTY
111111
password
WHICH GENERATION IS MOST GUILTY OF USING INEFFECTIVE PASSWORDS?

  1. TRUST NO ONE (ON EMAILS)
    This may sound a bit extreme – but always be on the lookout for deceitful emails and compromised web pages (spam and phishing). Interacting with these puts your information at risk and can download viruses. Remember:

don’t open email from unknown email addresses
trash attachments in unexpected emails
avoid risky clicks – instead type the address into your browser.

  1. SECURE YOUR DEVICE
    If your mobile device is unsecured, lost or stolen, it could be used to access your info, your money or steal your identity and irreplaceable data like photos or messages. Secure your devices by:

installing anti-virus software
setting a password, gesture or fingerprint that must be entered to unlock
setting the device to require a password before applications are installed
leaving Bluetooth hidden when not in use and disabling automatic connection to networks
enabling remote locking and/or wiping functions, if your device supports them.

technology

Criminals Use New Software to “Jackpot” ATM Machines.

Robbing a bank is no longer done with a ski mask and a getaway car as criminals are creating more complex methods to attack financial institutions. The latest method is known as “jackpotting” where an attacker gains access to the main controls of an ATM machine so they can command the machine to dispense massive amounts of cash.

In some instances, this type of attack has used proprietary software from Diebold Nixdorf, a financial and retail technology company that has also manufactured many voting machines. Gaining access to these controls not only puts banks at risk but also the customers who have both information and funds stored at the banking locations. If a plan is not created to prevent this type of crime, things may only elevate in severity with criminals going after more than just ATMs.

What’s the process for Hacking the ATM?

The attackers can “jackpot” in a variety of ways, but the method for this specific attack included a device known as a “blackbox.” This box runs part of the company’s proprietary software and is then connected to the ATM internal controls to allow the attackers to issue commands. To access the internal mechanisms, attackers either get access to a key that unlocks the ATM chassis or drill holes to break the physical locks to the internal computer.

How criminals were able to obtain the proprietary software for jackpotting is still unknown, with experts contending that it could be through an offline attack on an unencrypted hard disk within the company. Once they have access to the ATM, the criminals can control cash dispensing as fast as 40 bills every 23 seconds.

The blackbox itself can be a laptop, Raspberry or Arduino hardware that manipulates APIs in OS extensions. In some cases, the blackbox can be used to attach to network cables and record card information as it’s shared between the ATM and the transaction center. The device can then withdraw the maximum amount from those accounts.

What Does this Mean for Bank Users?

Luckily, at this time, Diebold claims that there is no indication that the thieves are using the software to steal card information. However, having proprietary data from a financial institution can only result in future cybercrime incidents. With inside data as to how a bank stores information or operates on a daily basis, it is only a matter of time before the criminals move towards a larger target than just a physical ATM.

With the recent pandemic, many bank lobbies are closed, leading people to the drive-through ATMs. Online banking has also been at higher risk during the pandemic as more people have adopted the idea of depositing and withdrawing money using their mobile device. Unfortunately, it doesn’t seem that physical banking machines aren’t safe either. Diebold advises consumers to:

Only use ATMs that belong to major banks
Block people from seeing you enter your PIN at the machine
Check your monthly statements to ensure everything matches up.
More Security for your Buck
It was speculated that the attackers, in this case, were able to obtain proprietary software form an unencrypted hard disk belonging to a banking company. Many cyberattacks can be prevented with the simple method of implementing encryption into the workplace. Our line of hardware encrypted SecureDrives are FIPS 140-2 Level 3 Validated for total security and protect sensitive information with military-grade protection and an epoxy coating.

Even if a hacker were to steal the drive, the device is impossible to reverse engineer and without a PIN number or wireless authentication via mobile app, no one except the admin on the drive can gain access. In addition, those who do experience data breaches, fraud, and malware can contact our digital forensics department to stop the attack, see what data was compromised, and who launched the attack

technology

Cyber Prox

Get regular updates on the go about our Facebook page and WhatsApp and recent technological and legal advances in order to keep safe.

Cyber crime consultation.

We are here to help in any way possible to keep you away from the menace of cyber crime and to help you technically or legally in case you are a victim.

Uncategorized

6 ways to make your Facebook account more secure.

1) Protect your profile picture.

Your profile picture is used as a primary tool for identification on social media. Trouble is, anyone can create a fake Facebook account using your name and even your actual profile picture. To stop this from happening, Facebook has added a feature called ‘Profile picture guard’. Open your Facebook profile and click on the current profile picture (don’t click on ‘Update profile picture’). When the profile picture opens up, click on options at the bottom of the image and select ‘Turn on profile picture guard’. A blue shield will appear on your picture and no one will be able to share or download it anymore.

2) Make your friends authenticators
If Facebook detects an unrecognised login or hacking attempt, it will lock down your account, and you wouldn’t be able to access it. The process to regain access to your account used to be a long one and complicated one, but now Facebook allows you to simply choose up to five trusted friends who can help you regain access to your account. Go to Settings Security and login Choose friends to contact, and select at least three people from your friend list. If you get locked out, these friends can send you verification codes for authentication to help you regain access to your account.

3) Know which devices you use.

Under Settings Security and Login, Facebook shows a section called ‘Where you’re logged in’. This section lists all the devices (laptop, phone, tablet etc.) on which you have logged in to your Facebook account. Remove any devices you don’t recognise or don’t have access to anymore. If you’re unsure of the status of certain devices, we recommend that you use the ‘Log out of all sessions’ option, and log in afresh. This will ensure no one else has access to your Facebook account.

4) View all your information
When you open your Facebook account settings, you will notice a new menu item on the left – ‘Your Facebook information’. Facebook has consolidated access to all of your information on a single page. You can view information about you by category (posts, photos, comments, likes, etc.) and download any information you want. You can even view and manage your activity log from this page and control which of your activities appear on your friends’ timelines.

5) Manage your Facebook data
ADVERTISEMENT

In the Facebook Information page, you also have a shortcut to ‘Manage your data’. When you access this feature, you need to select if you want to manage data on Facebook or Instagram. For Facebook, you get advanced control on how and where Facebook uses any of your data. You can manage your location data, control contacts uploaded to Facebook, face recognition setting, ad preference and various other features.

6) Control your third party login
The majority of websites and apps give you the option to log in using your Facebook account instead of creating a new account from scratch. While this makes things easier, we often forget to revoke Facebook access for these third-party apps and websites when we stop using them. Head to Settings Apps and websites. You will see a list of all the active apps and websites that have access to your Facebook account. You can choose the apps you want to remove from the list, as well as delete any posts that a particular app or website might have published on your behalf.

technology

Internet safety for parents.

The Internet can be wonderful for kids. They can use it to research school reports, communicate with teachers and other kids, and play interactive games.

But online access also comes with risks, like inappropriate content, cyberbullying, and online predators. Using apps and websites where kids interact, predators may pose as a child or teen looking to make a new friend. They might prod the child to exchange personal information, such as address and phone number, or encourage kids to call them, seeing their phone number via caller ID.

Parents should be aware of what their kids see and hear on the Internet, who they meet, and what they share about themselves. Talk with your kids, use tools to protect them, and keep an eye on their activities.

Internet Safety Laws
A federal law, the Children’s Online Privacy Protection Act (COPPA) helps protect kids younger than 13 when they’re online. It’s designed to keep anyone from getting a child’s personal information without a parent knowing about it and agreeing to it first.

COPPA requires websites to explain their privacy policies and get parental consent before collecting or using a child’s personal information, such as a name, address, phone number, or Social Security number. The law also prohibits a site from requiring a child to provide more personal information than necessary to play a game or enter a contest.

Online Protection Tools
Online tools let you control your kids’ access to adult material and help protect them from Internet predators. Many Internet service providers (ISPs) provide parent-control options. You can also get software that helps block access to sites and restricts personal information from being sent online. Other programs can monitor and track online activity.

Getting Involved in Kids’ Online Activities
More important than blocking objectionable material is teaching your kids safe and responsible online behavior, and keeping an eye on their Internet use.

Basic guidelines to share with your kids for safe online use:

Follow the family rules, and those set by the Internet service provider.
Never post or trade personal pictures.
Never reveal personal information, such as address, phone number, or school name or location.
Use only a screen name and don’t share passwords (other than with parents).
Never agree to get together in person with anyone met online without parent approval and/or supervision.
Never respond to a threatening email, message, post, or text.
Always tell a parent or other trusted adult about any communication or conversation that was scary or hurtful.
Basic guidelines for parental supervision:

Spend time online together to teach your kids appropriate online behavior.
Keep the computer in a common area where you can watch and monitor its use, not in individual bedrooms. Monitor any time spent on smartphones or tablets.
Bookmark kids’ favorite sites for easy access.
Check your credit card and phone bills for unfamiliar account charges.
Find out what, if any, online protection is offered by your child’s school, after-school center, friends’ homes, or any place where kids could use a computer without your supervision.
Take your child seriously if he or she reports an uncomfortable online exchange.
Call the National Center for Missing and Exploited Children at (800) 843-5678 if you’re aware of the sending, use, or viewing of child pornography online. Contact your local law enforcement agency or the FBI if your child has received child pornography via the Internet.

Watch for warning signs of a child being targeted by an online predator. These can include:

spending long hours online, especially at night
phone calls from people you don’t know
unsolicited gifts arriving in the mail
your child suddenly turning off the computer when you walk into the room
withdrawal from family life and reluctance to discuss online activities
Talk to your kids! Keep an open line of communication and make sure that they feel comfortable turning to you when they have problems online.

The Internet and Teens
As kids get older, it gets a little trickier to monitor their time spent online. They may carry a smartphone with them at all times. They probably want — and need — some privacy. This is healthy and normal, as they’re becoming more independent from their parents. The Internet can provide a safe “virtual” environment for exploring some newfound freedom if precautions are taken.

Talk about the sites and apps teens use and their online experiences. Discuss the dangers of interacting with strangers online and remind them that people online don’t always tell the truth. Explain that passwords are there to protect against things like identity theft. They should never share them with anyone, even a boyfriend, girlfriend, or best friend.

Taking an active role in your kids’ Internet activities helps ensure that they benefit from them without being exposed to the potential dangers.

technology

WhatsApp hacking.

WhatsApp hacking: the new method hackers are using.

The only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code.

Who would have thought that the way of logging into WhatsApp accounts could be misused to hack user data without their knowledge?
How is it done?

If you receive a message on your phone explaining that an error has been made and that you have received a message containing a code from another person allowing them to connect to WhatsApp, above all, do not disclose this code!
Here is why:

Anyone who has access to this code, along with your phone number, could enter your account, and block you in such a way that you can no longer access it.
How does it work?

The only information needed to connect to someone’s WhatsApp account is a valid phone number and a verification code that you will receive at this number by SMS, used to verify the authenticity of the person wishing to connect.
Unfortunately, some people have decided to take advantage of this ease of use against WhatsApp’s users.
All they need to know is the phone number of their potential victim.
By registering on the application with this phone number that does not belong to them, these same people cannot access the accounts without the access code which was sent to the phone of the victims. Then, the victims receive the following message:
“Hey, I accidentally sent a WhatsApp verification code to your phone. Can you send it to me?”
If a victim responds to this message with the code they received by text message, the perpetrators are in possession of the victim’s telephone number, and also of the identity verification code.
In other words, they have it all.
Nothing then bars their access to their victims’ WhatsApp accounts, from which they can block them.
A tip, as WhatsApp specifies in its terms of use: Never disclose this code to anyone.
“You should never share your WhatsApp verification code with others. If someone is trying to take over your account, they need the SMS verification code sent to your phone number to do so. Without this code, any user attempting to verify your number can’t complete the verification process and use your phone number on WhatsApp. This means you remain in control of your WhatsApp account.”

“WhatsApp doesn’t have sufficient information to identify the individual who is attempting to verify your WhatsApp account.”

So be careful – the security and the use of your WhatsApp account depends on it!

technology

Are matrimonial websites safe to use?

The use of matrimonial websites has grown over the past few years. During the lockdown, a leading Indian matrimonial platform observed a 30% increase in the number of average daily registrations. Increased usage makes such sites more prone to cyber crimes, as has been reported in the recent past. Yet, there is no definite answer to the question of whether these websites are safe for finding a life partner. This article analyses the kinds of cases that we come across regularly and suggests measures to avoid unpleasant situations.

Before getting into the kinds of cyber crimes and frauds taking place on such sites, I will be elaborating on why these crimes occur in the first place.

Reasons why people fall prey to cyber crimes on matrimonial websites
The phrase think before you talk may be extended to think before you type. Most people forget the repercussions of what they type. For example, we are generally secretive about details such as salary, financial assets, etc., but, when it comes to finding a partner online, we put all our details on display. While one may think that this increases our credibility; it also increases the chances a perpetrator missing your personal information. Most people think that money is a major factor in finding a partner, but one must be careful about putting out one’s profile on public platforms.
Love may be blind, but it need not be deaf and dumb as well. Finding love online these days means that physical verification is not possible. We tend to ignore subtle red flags in online meetings, and people turn a blind eye to things they would have otherwise found suspicious. It is important to treat people who one meets through such websites in the same way as one would have if meeting in person.
Most people who register themselves on matrimonial websites want to settle down or find a perfect match. This makes them vulnerable and easier targets for cyber crimes.
Perpetrators establish a sense of trust by investing time in the people they meet online. They may talk to the victim for even 3 to 6 months just to establish a sense of trust and make them more vulnerable. They also spend time talking to the victim’s family or friends to create an impression and gain the victim’s trust. The perpetrators also claim to belong to well-accepted professionals, such as doctors, lawyers, businessmen, etc. to establish a sense of social security and trust.
Cases involving cyber crimes through matrimonial websites

  1. A Pune-based techie loses 10 lakh rupees, instead of receiving gifts
    As per a news article published in October 2019, a woman, a resident of Bavdhan, working in an IT Sector in Pune lost 10 lakh rupees due to a matrimonial fraud. The incident occurred in the first two weeks of September 2019. The conman claimed to have sent the techie gifts from the Netherlands which were seized by customs officials at New Delhi. These gifts included a ring, perfumes, a high-end laptop, and many more such things. She then got a phone call from the customs office asking her to send money to release the above-mentioned gifts.

The official also mentioned that this amount was refundable, and the woman was made to send money to eight different bank accounts. After transferring the money she realised that she had been duped as the conman who claimed to be an NRI stopped responding to her calls and messages. She even found out that there was no seizure of goods at the New Delhi customs office, and the call that she got from the customs officer was fake. She lodged a complaint at the Hadapsar police station on December 28, 2019.

A similar case occurred recently in July 2020 in Goa, where a woman was duped on a matrimonial site and the imposter duped her of 35 lakh rupees on the pretext of custom clearance.

  1. A Hyderabad-based software engineer loses 1 crore rupees
    In another case reported by the Times of India in June 2020, a 33-year-old Software Engineer in Hyderabad was allegedly duped of Rs 1 crore by a woman he met online through a matrimonial website in 2018. The fraudster introduced herself as a doctor of Indian origin who was residing in Baltimore. The software professional was so smitten by the woman and the chats they had on Telegram and WhatsApp that he was ready to pay any amount of money that she asked for. The victim’s monthly salary was about Rs 80,000 and he utilised savings along with borrowing to send her the money. The KPHB police station registered a case under Sections 420 and 406 of the Indian Penal Code, 1860, and Section 66 of the Information Technology Act, 2000.

Earlier in March 2020, the Hyderabad police arrested a gang of four individuals comprising of a Nigerian and three Nepalese nationals. These scammers tricked a doctor into transferring seven lakh rupees in their bank accounts. This was under the pretext for GST and custom clearance payments for gifts and jewellery.

  1. Sexual harassment and extortion
    In April 2020, one victim got in touch with us for seeking assistance in a case involving sexual harassment and extortion. According to her, she signed up on a popular matrimonial website and started exploring the platform. One individual, claimed to be a Navratna PSU employee and posted to a European country, contacted her. Over time, he shared many fake pieces of information to gain her trust. These included employee ID cards, GPS locations, and salary receipts. A couple of months, he asked her to send her nude photos. While she initially sent the pictures, she came to know that he was also screen-recording their calls. When she informed him that her parents had fixed her engagement, he started blackmailing her using those pictures and screen-recorded videos.

Since then to the time of publication of this article, we have received 17 cases with similar modus operandi.

Relevant laws

  1. Identity Theft

According to Section 66C of the Information Technology Act, 2000, it is an incident of identity theft when someone fraudulently or dishonestly uses your electronic signature, password, or any other unique identification feature. Other provisions that may be applicable vary from case to case. Relevant provisions from the Indian Penal Code, 1860:

Section 464: Forgery
Section 465: False documents
Section 468: Forgery for the purpose of cheating
Section 469: Forgery for harming reputation
Section 471: Using a forged document or electronic record as genuine
Section 474: Possession of a forged document with an intention to use as genuine

  1. Financial Frauds
    Financial frauds on matrimonial websites are punishable by law. They may involve the application of Sections 66C and 66D of the Information Technology Act, 2000. However, relevant provisions from the Indian Penal Code, 1860 are applicable such as Sections 406 and 420.
  2. Sexual harassment and extortion
    While the exact provisions will vary from one case to another, the following provisions from the Information Technology Act, 2000 are relevant.

Section 66E: Violation of privacy
Section 67: Publication and transmission of obscene content
Section 67A: Publication and transmission of sexually explicit content
While on the other hand, Sections 354C (voyeurism), 354D (stalking), and 384 to 387 (extortion) from the Indian Penal Code, 1860 are applicable.

Best Practices
Every platform out there will have its pros and cons and the same goes for matrimonial websites. It becomes your responsibility to ensure that you perform due diligence for any individual that you meet online.

As a thumb rule, you should not trust any person you meet online. If you do trust, ALWAYS verify.

We recommend our readers to follow these best practices to minimise the chances of falling prey to cyber crimes:

Do an extensive background check on the other person before revealing your personal information.
Do not believe everything that the other person says.
Take your time and make an informed decision.
Talk to your friend or family members as they will have a fresh pair of eyes.
Do not share your financial information, or make any payments for any reason whatsoever.

technology

Online Dating in 2021: Cyber Safety Precautions for Women.

Online dating has become a common phenomenon, with many apps and their ever-increasing user base. This new trend may turn out to be unsafe for various users. The solution is not to completely stop using them, but to ensure that you use them safely. It is not a hidden fact that men and women experience cyber crime differently. More so, women are more likely to face cyber stalking and online harassment than men. This article suggests a list of cyber safety practices for women that you must follow.

From what we have seen in the cases we receive, the reasons for women being the primary victims can be:

Lack of awareness of using dating platforms.
Negligible interest in knowing about security measures.
Perpetrators may find it easy to blackmail a victim for being present on online dating sites due to cultural stigma.
Lack of familiarity with technological advancements.
After taking a detailed look at the available cases, I have prepared the following guide. You can adopt the following security and safety measures while using online dating platforms.

Suggested Cyber Safety Practices
You should not use a profile picture that reveals your city or locality. If a dating application shows individuals living nearby, it may be possible for them to determine your location easily.
Avoid uploading so-many of your photos on your dating account. A perpetrator can perform a reverse search on your pictures to gather plenty of information about you.
You should not publicly share information about your political interest. I have seen cases where a victim’s political interest was a trigger for anger or vengeful behaviour.
Minimise sharing personal information that is very specific to you – for example, your height, weight, and other physical characteristics. A perpetrator can use these pieces of information with your photos to make a fake profile and give it credibility.
Perpetrators often share too much personal information about themselves to build trust. In most of the cases, it is fake. So, you should not fall right into this trap and avoid sharing sensitive information just because the other person is doing so. Perpetrators use this as a tactic to extract information from you.
I have seen cases where perpetrators invest around 3 to 6 months. They aim to give a false sense of safety to the victim. You should not trust someone merely because you know them for 5 months.
You should avoid meeting in person without conducting a comprehensive background check.
If you decide to meet the person you met online, share the meeting specifics with someone you trust.
Endnotes
Online dating platforms can be actually useful when it comes to finding new friends or a partner. However, one must not oversee the possible dangers that may come your way. In such a situation, it becomes imperative for you to be conscious about your online safety. While the tips given above can help you greatly, always think twice before sharing your personal information on online dating platforms. And if you are stuck in a problem, you can always reach out to us!