BLOG ON - Digital Arrest Scam

Digital arrest scams involve fraudsters impersonating law enforcement officials and threatening victims with false arrest warrants or legal actions unless they make immediate payments or share sensitive personal information. These scams are typically executed through phone calls, emails, or text messages, creating fear and urgency to manipulate victims.

In recent years, India has witnessed a surge in the “digital arrest” scam. The cyber fraudsters target victims with phone calls, alleging involvement in suspicious activities – often centered around parcels containing illegal items. The scammers use scare tactics, claiming the victim is under “digital arrest”.

The consequences of this scam are severe. Many victims, succumbing to pressure, end up transferring significant sums of money to the scammers. These financial losses can be devastating, impacting individuals and families.

Dangers of digital arrest scam include:

Financial loss:

  • Scammers often demand immediate payment, leading to significant financial loss. Victims may be tricked into making payments through methods that are hard to trace or recover.

Identity theft :

  • In some cases, scammers ask for personal information, such as Social Security numbers, bank account details, or passwords. This can result in identity theft, with long-term consequences like fraudulent transactions or new accounts being opened in the victim's name.

Emotional distress:

  • The fear of being arrested, even for a fabricated crime, can cause extreme emotional stress. Victims may experience anxiety, panic attacks, or a sense of helplessness.

Emotional distress:

  • Scammers might ask victims to click on malicious links or download files that contain malware. This could lead to further issues, like hackers gaining access to the victim’s device, personal data, or online accounts.

Reputational damage:

  • In some cases, especially when scammers obtain personal or professional information, they may threaten to leak sensitive data or make false public accusations. This can harm a victim’s reputation, both personally and professionally.

Vulnerability to future scams:

  • Once a person has fallen victim to a digital arrest scam, they may be added to a "sucker list," making them a target for future scams. Scammers may sell or share this information with other criminals.

Safety and security measures

It is essential to stay informed and proactive to protect yourself from such scams in digital world. Mentioned below are a few key safety measures that can help you safeguard against digital scams.

  • Stay calm: Remember that legitimate law enforcement agencies will never contact you regarding a case over the phone or request immediate payment. Take a moment to breathe and assess the situation.

  • Do not engage with the scammer: Feel empowered to end any suspicious call immediately. If you receive a text or email that seems dubious, delete it without responding. Avoid clicking on any links or replying to messages.

  • Verify the caller’s identity: If you have concerns about a potential legal matter, contact the relevant agency directly using their official phone number, which can be found on their official websites. Do not use any number provided by the caller.

  • Report the incident: Inform local authorities about the scam attempt. You can report it to your local police station or file a complaint online through the National Cyber Crime Reporting Portal (https://cybercrime.gov.in/)

  • Be cautious with Personal Information: Never share sensitive information, such as bank account details or passwords, over the phone or via email. Protect your personal data vigilantly.

  • Educate yourself and others: Stay informed about common scams and share this knowledge with friends and family to help them recognize and avoid similar threats.

  • Use Security Software: Install and maintain reputable antivirus and anti-malware software on your devices to protect against malicious attacks.

  • Monitor Financial Accounts: Regularly check your bank and credit card statements for any unauthorized transactions. Report suspicious activity immediately.

    Source - www[dot]staysafeonline[dot]in

BLOG ON - PHISHING

Phishing is a form of social engineering attack to gain access to information through misrepresentation. In Phishing attack fraudsters create e-mails that look as though it is from a legitimate organization (e.g. bank, reputed institution, company etc.,) which contains link to fake web site that replicates the real one or may have malicious attachments. Most of these phishing emails are created to trick the target into divulging sensitive information and doing what the fraudster wants.

Example of Phishing websites

How to Identify a Phishing Email

The email will probably warn user of a serious problem that requires immediate attention. It may use phrases, such as "Immediate attention required," or "Please contact us immediately about your account and also they may threaten consequences if user fail to respond.

For Example: Let's have a look at a Phishing email sent in the name of Ministry of Health and Family Welfare (MOHFW). At a glance, this email might look real, but actually it is not. When observe clearly, there are a few warning signs that indicate that the mail is a fake email.

  • The subject of the fraud email would be: free COVID-19 testing for all the residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad inciting them to provide personal information.

  • The mail referred the ministry as’ ministry of health and family wellfare, government of india’ where the it should have been ‘Ministry of Health and Family Wellfare, Government of India’

  • The mail is commonly addressed as ‘Dear Citizen’, which is a warning sign

  • The mail is addressed from ‘Ministry of Health and family welfare’ with no specific designation mentioned

  • Ministries under Government of India will only give notification through trusted government sources regarding wellfare packages announced for citizens and will not send personal emails to individuals seeking personal data.

  • When a user clicks on the link mentioned in the email, they will be redirected to malicious websites which asks them enter their personal information.

  • The link mentioned in the email is shortened url without https indicating that the link is not secure.

Precautions

  • Don't respond to spam mails without verification of the e-mail origin.

  • Don't deposit money unless the candidate is interviewed personally by the company.

  • Don't try to get job through back door methods by paying money which promises to provide employment, which will cheat users.

  • Check with original company website for any job offers before proceeding.

  • Talk over phone with the company to ascertain, before depositing the money in their account, whether there is change of previous a/c details and name of the company.

  • Maintain two step verification code to sign into account (Mobile alert).

  • Whenever the fraud is noticed immediately inform the original company.

  • Don’t respond to spam e-mails without verification of the e-mail origin (Header)

Best Practices

  • Web browsers have free add-ons (or "plug-ins") that can help detect phishing sites. Install those plugins to protect from fake websites.

  • Exercise caution if a message sounds or a website looks suspicious, is out of the ordinary or unexpected, or contains an offer that is too good to be true.

  • Don’t use email to send personal or financial information, and delete any emails that ask to confirm or divulge personal or financial information.

  • Do not access account or use Credit card or Debit card from computers in public places.

  • Avoid giving out personal information in random websites or survey forms if do not really know the purpose of sharing.

  • Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in antivirus, firewall, and filtering services. Update spam filters with latest spam mail contents.

  • Always send confidential information in encrypted format using techniques such as Pretty Good Encryption (PGP) etc., wherein only sender and receiver can see the information.

  • Any unusual activity or attack should be reported immediately at CERT-In With the relevant logs, email headers for the analysis of the attacks and taking appropriate actions further.

  • To check the integrity of e-mail, Log on to http://www[dot]cyberforensics[dot]in and click on e-mail Tracer.

    Source - www[dot]staysafeonline[dot]in

Blog on Whatsapp SCAMam

Social media users are reporting a new WhatsApp scam that logs out a person from the messaging service and makes them lose all access to their accounts, including messages, contacts, media, and files stored. Once the perpetrators gain control of the victim’s WhatsApp account, they repeat the process with the victim’s contacts.

How does the scam work?

Multiple users on X described receiving normal WhatsApp texts from friends, family members, or acquaintances they had already added as contacts.

The WhatsApp message from their seemingly trusted contact asked the user to check their messages for an OTP or verification code that was sent to them by mistake, and then share the details over WhatsApp.

Users would naturally look for the OTP and share the security credentials without thinking about it too much, since the request was coming from a trusted sender.

Later, however, the user would be logged out of all their WhatsApp accounts - across devices - and would struggle to regain access to the hijacked account.

HOW TO SECURE

To better secure your WhatsApp account, follow these tips:

Never share your registration code or two-step verification PIN with others.

Enable two-step verification and provide an email address in case you forget your PIN.

Set a voicemail password on your phone that's difficult to guess to prevent anyone from accessing your voicemail.

Check your linked devices regularly. Go to WhatsApp Settings > Linked Devices to review all devices linked to your account. To remove a linked device, tap the device > Log Out.

Set a device code and be aware of who has physical access to your phone. Someone who has physical access to your phone might use your WhatsApp account without your permission.

It’s possible to add WhatsApp to your Accounts Center. If you believe that someone else has access to the Facebook, Instagram, or Meta account in your Accounts Center, and has used one of those accounts to access your WhatsApp account, reach out to the Support team of the impacted account to help recover your account. You can also temporarily remove your WhatsApp account from Accounts Center until all of your accounts are secured. Learn more about Accounts Center here.

It’s also recommended to review your accounts by navigating to WhatsApp Settings > Accounts Center. If you notice a suspicious account in your Accounts Center, you can remove it by following the steps in this Meta Help Center article.

We recommend you share this advice with friends and family to help secure their WhatsApp accounts.

Note:

If you receive unrequested emails to reset your two-step verification PIN or registration code, don't click on any links. Someone could be attempting to access your phone number on WhatsApp.

If you see the message “Your phone number was registered with WhatsApp on a new device” when you open WhatsApp, follow the onscreen steps to recover your account. Learn more about account recovery.

For Advisories

© 2025. All rights reserved by Vivasvan Cyber Security.

Vivasvan Cyber Security Policies

Vivasvan Cyber Security Compliance

Vivasvan Cyber Security Trademark(s)

Vivasvan Cyber Security Copyright(s)

Vivasvan Cyber Security Team

Vivasvan Cyber Security Advisories

Vivasvan Cyber Security Communication Matrix

Vivasvan Cyber Security Legal