Latest news with #TarunWig
Time of India
2 days ago
- Business
- Time of India
What is 'WhatsApp Screen Mirroring Fraud' that can empty your bank account in few seconds and simple tips to protect yourself from it
Scammers use sophisticated trick called WhatsApp Screen Mirroring Fraud to steal money and personal information. This scam, which OneCard recently warned its customers about, is dangerous because it can give criminals direct access to your phone and all of your private data. Other than OneCard, all other public and private sector banks too have warned about this scam on numerous occasions. How WhatsApp Screen Mirroring Scam Works The fraud starts with a scammer pretending to be an employee from a trusted company, like a bank. They'll call you and claim there's a problem with your account, creating a sense of urgency. Gaining Your Trust: The fraudster convinces you to resolve the fake "problem" by sharing your phone's screen with them. They'll tell you that this is the only way to "fix" the issue. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like This Could Be the Best Time to Trade Gold in 5 Years IC Markets Learn More Undo Initiating the Theft: The scammer will then guide you through the process of turning on screen-sharing or remote access on your phone. To make it seem legitimate, they'll ask you to start a WhatsApp video call so they can see your screen "better." Stealing Your Information: Once you're on the video call and screen-sharing, they can see everything you do on your phone in real time. They might ask you to open your banking app to "verify" something. The moment you enter your password, PIN, or an OTP, they can see it and steal it. In some cases, fraudsters might also trick you into installing a malicious app that contains a keylogger. This is a type of software that records everything you type on your phone's keyboard, including passwords for your banking apps, social media, and more. Once they have this information, they can take over your accounts and drain your funds. What Experts Say Fortunately, most banking apps in India have adequate protection from these type of frauds. Tarun Wig, Co-Founder and CEO, Innefu Labs, told Economic Tmes, "Most of the top banking apps in India do have security features like secure screen overlays, screen capture lockdown and session timeout capabilities. But the efficacy of these protection measures can differ considerably between platforms." "While certain apps prevent screen sharing or screen recording directly, others might lack strong controls especially on rooted or compromised devices. Additionally, if customers inadvertently provide screen-sharing permissions, some third-party applications can bypass such security measures. It's an area where ongoing innovation and stronger app-level controls are necessary in order to remain ahead of changing fraud schemes." How to protect yourself from WhatsApp screen sharing fraud According to the advisory, here are some dos and don'ts that, if you follow them properly, can help you avoid falling victim to the WhatsApp screen sharing fraud : Things that are Must Dos to Protect Yourself * Verify the authenticity of callers claiming to be from banks or finance companies. * Enable screen-sharing only when absolutely necessary and do it only with trusted contacts. * If you use an Android phone, disable the 'App installations from unknown sources' setting. * Block suspicious numbers immediately and report them to or call 1930. Things you should Never Do * Avoid answering calls from unknown or suspicious numbers. * Never use financial apps (e.g. mobile banking, UPI apps, e-wallets) during screen-sharing. You can also call the cyber crime helpline at 1930 or go to How to protect yourself from social media and all other online frauds * If any unknown person claims that your near or dear ones are in trouble, always confirm by calling them directly on landline or on a different number. * Delete data and restore factory settings on phone while selling or discarding the phone. * Never send private information like bank account details, PINs or passwords through WhatsApp. * Never accept files or begin downloads from messages sent to you by strangers or unknown numbers. * Never respond to suspicious messages that come from unknown numbers. * WhatsApp as a service will never contact you through a WhatsApp message. Never trust any message that claims to come from WhatsApp and demands some payment for the service. * Some scams say they can connect your PC with WhatsApp and send messages from a desktop. Do not believe these, as this is not possible. * Keep automatic downloads disabled, so that you can always keep a check on what is being downloaded. * Avoid using WhatsApp when you are connected to open Wi-Fi networks. These are hunting grounds for malware authors and data sniffers.
Time of India
27-06-2025
- Business
- Time of India
Digital safety: DoT proposes stricter cybersecurity rules; central Mobile Number Validation Platform to combat fraud
The department of telecommunications (DoT) has proposed sweeping changes to India's telecom cybersecurity framework, allowing it to mandate mobile number or identity verification through a centralised government-run platform, as part of efforts to crack down on online fraud and spoofing. Tired of too many ads? go ad free now According to a draft notification of the amended Telecommunications (Telecom Cyber Security) Rules, 2024, the DoT has suggested creating a 'Mobile Number Validation' (MNV) platform that will be accessible to telecom operators and entities such as banks, financial institutions, and e-commerce companies. As per ET, these authorised stakeholders will be allowed to verify users' mobile numbers by paying a prescribed fee. 'With a view to ensuring telecom cyber security and prevent security incidents, the Central Government shall by itself, or through an agency authorised by the Central Government, establish an MNV platform,' the DoT stated in the notification. The government can also direct device manufacturers to assist in identifying tampered phones using duplicate IMEI numbers, and maintain a database of such compromised devices. The platform will offer tiered pricing for verification requests that government-authorised entities can access it at Rs 1.5 per request, while all others will be charged Rs 3 per validation. Notably, under the draft rules, the government can immediately suspend a mobile number without notice if it believes the action is necessary in the public interest. The changes also give law enforcement agencies and authorised government bodies the ability to collect transaction histories involving mobile numbers from non-telecom entities. Tired of too many ads? go ad free now The draft introduces a new category called 'Telecommunication Identifier User Entities' (TIUEs), which includes all businesses and platforms that use mobile numbers to authenticate customers, such as banks verifying UPI-linked numbers. As per news agency PTI, at least one major bank has already begun piloting the MNV system, flagging numbers involved in fraudulent transactions for 90-day deactivation. Once the period ends, the number's history is deleted to prevent issues for future users. The new cybersecurity rules have triggered debate over their broader implications. While experts recognise the importance of enhanced protection, they also point to potential challenges. 'The proposed Telecom Cybersecurity Amendment Rules 2025 represent a strong policy move toward securing India's digital infrastructure,' said Tarun Wig, co-founder and CEO at Innefu Labs, as quoted by ET. However, he warned of 'potential friction around data privacy, integration complexity, and the cost of compliance, especially for smaller digital platforms and startups.' Wig added, 'Operationalising such a system at scale while ensuring minimal disruption and maximum data protection will be a key challenge.' The DoT has invited public comments on the draft rules within 30 days of publication.
Entrepreneur
13-05-2025
- Business
- Entrepreneur
Apple's Security Flaws: Will They Dent Its Rising Success in India?
In Q1 FY25, Apple registered 23% year-on-year growth in India, its challenge now is sustaining this rise without compromising the trust that built its brand Opinions expressed by Entrepreneur contributors are their own. You're reading Entrepreneur India, an international franchise of Entrepreneur Media. Apple is enjoying its best-ever run in India while simultaneously facing rising concerns over its software security. A recent high-severity warning from the Indian Computer Emergency Response Team (CERT-In) is raising questions around its image for privacy and security. Apple users in India particularly those using devices operating on iOS versions earlier than 18.3 and iPadOS versions before 17.7.3 have been urged to update immediately. CERT-In flagged multiple vulnerabilities that could allow malicious apps to take full control of devices, access sensitive data, or even render them unusable. Affected devices include iPhones from the XS model onwards and a wide range of iPads, including the Pro and Air series. Apple business boom in India Apple shipped a record 3.2 million smartphones in the first quarter of FY25, registering a 23 per cent year-on-year growth, the highest among any brand in the Indian market, according to the International Data Corporation (IDC). For the first time, it entered the top five smartphone brands, even pushing Xiaomi off the list as the latter's market share dropped by 48 per cent year-on-year. Nearly half of Apple's sales came from older generation iPhones, particularly in Tier-2 cities and beyond. This surge was driven by aggressive affordability schemes, including a 24-month no-cost EMI offer, and strategic pricing during festive seasons. Notably, the iPhone 16 alone accounted for 4 per cent of total smartphone shipments in India during the quarter, making it one of the top 5G models alongside Xiaomi Redmi 14C and OPPO K12x. Apple's India revenue is projected to rise by 20 per cent in FY25, with analysts predicting that India will become the iPhone-maker's third-largest market after the US and China within the next two to three years. Apple CEO Tim Cook, speaking after the March quarter earnings, remarked, "We did grow by strong double-digit, and were very, very pleased about it. I see India as an incredibly exciting market, and it's a major focus for us. In terms of the operational side or the supply-chain side, we are producing there—from a pragmatic point of view, you need to produce there to be competitive." A crack in the fortress? While Apple has long marketed itself as a privacy-first company, the recent vulnerabilities shake the very foundation of its competitive edge. "These flaws expose users to significant risks, allowing malicious applications to potentially render devices inoperable or 'brick' them," explained Tarun Wig, Co-founder and CEO of Innefu Labs. "These vulnerabilities, if exploited, could enable unauthorised access to sensitive user data such as financial details, personal communications, and more." The severity of the flaws isn't just in their potential damage but in their reach. Unlike high-profile attacks like Pegasus, which targeted individuals of interest using zero-click exploits, these vulnerabilities can impact a broad user base. Pegasus, for example, used a flaw called "FORCEDENTRY" in Apple's iMessage service. In contrast, Wig said, the current vulnerabilities span multiple system components such as Apple Intelligence Reports, CoreBluetooth, and TCC (Transparency, Consent, and Control) frameworks. "These flaws are less targeted but equally dangerous. They pose a broader risk to the general user base." Threats for enterprises The implications for businesses are particularly alarming. In India, where more professionals now use iPhones for business, the stakes are high. "Apple vulnerabilities are a significant risk for enterprises, especially for executives, potentially leading to sensitive data breaches or network infiltration," said Advocate (Dr.) Prashant Mali, Cyber Crime Expert. While suggesting measures, Mali said, "Key measures include mandatory and timely software updates, robust Mobile Device Management (MDM), security awareness training, multi-factor authentication (MFA), and a clear incident response plan." While Apple's swift patching response is commendable, Mali argued that it's not enough. "Apple's quick release of patches is vital and effective for known threats…however, the ongoing discovery of significant vulnerabilities suggests that while patching is necessary, continuous efforts in secure development and system architecture are also important." Will buyers rethink loyalty? Despite the security concerns, Apple's momentum in India doesn't appear to be slowing down. In fact, it continues to dominate the premium and ultra-premium segments, while also making inroads into Tier-2 markets, where the social prestige associated with Apple remains a powerful draw. On the other hand, in Q1 FY25, Vivo led the overall smartphone market in India with a 19.7 per cent share, followed by Samsung and Oppo. Until other brands offer comparably robust security solutions, Apple may still be perceived as the safer option. The question now is not whether Apple can grow in India—it clearly can—but whether it can do so without compromising the very trust that brought it here.
Economic Times
08-05-2025
- Business
- Economic Times
Cyber sleuths ramp up vigil on critical infra as Pakistan conflict spills online
Live Events Central and state cybersecurity agencies are on high alert as escalating Indo-Pakistan tensions are expected to fuel major cyber threats and misinformation campaigns over the next few signs of heightened threat activity have already emerged across utilities such as oil and gas, electricity grids, and telecom networks, particularly in states bordering conflict zones and the national capital, cybersecurity experts tracking the events told Wednesday morning, soon after India carried out a series of air strikes on terror infrastructure sites in Pakistan-occupied Kashmir and Pakistan, cybersecurity consultants and digital forensics teams issued advisories to banks, stock exchanges, and key digital public platforms like Aadhaar and UPI, urging immediate shutdown of non-essential systems and ramped-up Stock Exchange and BSE have temporarily restricted access to their website for international users."The cyber threat was particularly very high yesterday. The restriction for foreign IP (Internet protocol) addresses will continue until further notice," said a person close to the has been restricted since 1 pm yesterday. However, if there is any specific request from a client then exchanges are considering it, sources exchanges took the decision after consulting declined to comment. A spokesperson for BSE said: "BSE being a critical market infrastructure institution (MII) proactively and continuously monitors risks at domestic and international level for potential cyber threats. Based on such monitoring of cyber traffic, as a precautionary and protective measure, websites / locations are blocked to protect users and systems. The monitoring is dynamic and access is restored on a case to case basis subject to assessment of the threat." Tarun Wig, cofounder and CEO of Delhi-based information security provider Innefu Labs, said, "Given the tit-for-tat nature of these cyber exchanges, we assess that tensions are likely to remain high or even intensify."Innefu Labs' clients include the Defence Research and Development Organisation (DRDO), the Reserve Bank of India (RBI), and the Central Reserve Police Force (CRPF) among others."India's cyber defence agencies have rapidly mobilised," Wig said. "CERT-In and other cells are on high alert, implementing system hardening and AI-enabled monitoring. Real-time intrusion detection and incident response have been scaled up."According to Kaspersky's Cyberthreat Live Map, India has experienced a noticeable surge in cyberattacks since May 5, warn that the fallout could surpass the cyber impact seen after the 2019 Pulwama attack, with recent detections of sophisticated malware and spear-phishing campaigns, suggesting a well-coordinated analysts note that offensive cyber operations often mirror geopolitical flare-ups, so further spikes in hacking incidents are expected.
