sign in sign up
<<
Home , Police Commissioner

Commissioner Preventive Branch / 05/2019

CYBER CRIME ADVISORY by City Police LEADERSHIP

Dr. K. Venkatesham Commissioner Of Police

Shri. Shivaji Bodkhe Jt. Commissioner of Police

Shri. Ashok Morale Addl. Commissioner of Police (Crime)

Shri. Sambhaji Kadam Deputy Commissioner of Police (EOW & Cyber) PREFACE

Use of Computer Devices, Smart Phones and Internet has become an integral part of our lives. Irrespective of Gender, Age, Profession, Income Group, Everyone has to use the technology whether they want it or not. This inevitability has made us vulnerable to various threats of Cyber Crime.

Anyone can be a victim of Cyber Crime. We at Cyber , Pune City receive complaints of various types of Cyber Crime and investigate them. While investigating the complaints received at Cyber Police Station, Pune City we came to know that most of the incidences could have been averted if the users/complainants had taken necessary precaution.

This is our attempt to create awareness and work proactively on Cyber Crime.

It is our humble request to kindly circulate this advisory to as many people as possible so they will take necessary precaution and will be safe from Cyber Crime.

Be Aware.

Be Safe.

Dr. K. Venkatesham, Commissioner Of Police, Pune City. PROTECTING DIGITAL IDENTITY AND ACCOUNTS

1. KEEP YOUR PASSWORDS HARD TO GUESS.

Don’t keep your password as your name, maiden name, surname, birth date, birth year, Registration number of your vehicle, Mobile number.

Change your passwords at regular intervals. (Maximum of 100 days.)

2. USE A STRONG PASSWORD.

Use a combination of UPPERCASE & LOWERCASE LETTERS, SPECIAL CHARACTERS, & NUMBERS in your password.

Use the password of minimum 12 Characters

3. USE ADDITIONAL SECURITY LAYER-

Use TWO FACTOR AUTHENTICATION for your digital accounts.

Authenticator applications Such as Google Authenticator can be used to add an extra layer of Security to your account.

4. PRIVACY POLICY-

Read the privacy policy of any Digital Platform before creating your account on the same.

Have a privacy policy of your own. Decide what to share and what not to share.

Every Digital Platform including Social Messaging application with Micro blogging sites like Twitter gives you the option to decide what to share and with whom. PROTECTING DIGITAL IDENTITY AND ACCOUNTS

5. UNKNOWN ARE UNWELCOME-

Keep your connections on social media and digital platforms limited to those whom you actually know.

An unknown friend can be an enemy, like A WOLF IN SHEEPS CLOAK.

6. REVIEW YOUR ACCOUNT ACTIVITY-

Review your account activity for any discrepancies.

Check the Devices you logged in with.

7. REPORT-

Report any unusual activity found in your account to your nearest Cyber Cell/ Cyber Police Station & to the concerned portal. PROTECTING COMPUTER DEVICES

1. OPERATING SYSTEM-

Use genuine and licensed operating system. They may cost you but not your security.

Update and install regular patches released by concerned Operating System Provider.

2. USER-

Use strong password and change regularly.

Activate a Boot Password for the Device.

Disable the Guest user option to keep access restricted.

Keep the Administrative rights to only yourself.

3. SOFTWARE-

Don’t install unknown sources software, it may contain malware or Trojans which can compromise the security of your device.

Don’t use unlicensed software’s and patches downloaded from public clouds. PROTECTING DIGITAL IDENTITY AND ACCOUNTS

4. DATA -

Use of encryption for your sensitive data or Files.

Regularly back up your Data to another source (hard disk , cloud etc.)

5. ANTIVIRUS & FIREWALL-

Use licence copy of A good quality antivirus (Which updates regularly )

Always keep Firewall of Operating System ON.

6. CONNECTIONS-

Don’t use unrecognised/ free Internet connections.

Keep your Internet connections password protected with strong Password.

Don’t use unrecognised USB drives for DATA transfer. SMART PHONE SECURITY

1. Enable AUTO LOCK and a strong Pass code. Consider changing it frequently.

2. Record your Phone’s Unique ID number (IMEI).

3. Make sure you LOGOFF from banking and other important apps in your mobile phone after use.

4. Consider installing TRUSTED TRACKING SOFTWARE.

5. Keep your phone ENCRYPTED to increase the security level.

6. Regularly BACKUP your phone.

7. REPORT THEFT of your mobile phone to your bank and nearest police station immediately. 12. CHANGE your important passwords 8. Try to locate your phone via GPS. You can immediately. use ANDROID MANAGER for Android 13. TRY NOT TO SELL your old Smartphone’s Smartphone’s and FIND MY IPHONE for to strangers as the data may be recovered Apple Phones. although deleted. 9. Block your SIM card and apply for a 14. Don’t keep very PERSONAL, PRIVATE duplicate SIM Card. PHOTOGRAPHS, VIDEOS, and DOCUMENTS 10. You can REMOTELY WIPE your personal data on Phone as losing it will put your privacy in from phone. danger.

11. Don’t forget to REMOTELY LOCK your phone. E-MAIL SECURITY

1. While creating an email account choose security question and its answer carefully and remember it.

2. Use STRONG PASSWORD, with TWO FACTOR AUTHENTICATION for E-Mail Log in.

3. Change your password regularly.

4. Don’t save your password in any browser.

5. Don’t share your password with anyone.

6. Don’t open MALICIOUS/UNKNOWN mail attachments as it may contain MALWARE/ TROJAN.

7. Don’t open URL’s Received from unknown mail id/ Sources.

8. Regularly update your spam filter.

9. Don’t use the mail id connected with your financial accounts to create social media accounts.

10. Regularly check your account activity for any suspicious login/ login attempts.

11. Report any discrepancies found while operating the account to nearest cyber police station and mail service provider. WHATSAPP SECURITY

1. Always read the TERMS AND CONDITIONS 8. Disable the AUTOMATIC DOWNLOADS of before downloading any app. WhatsApp.

2. Enable TWO FACTOR AUTHENTICATION 9. DEACTIVATE WhatsApp if you lose your to ensure that nobody can set up your phone. WhatsApp without knowing the six digit 10. Avoid using WhatsApp on PUBLIC WI-FI code. NETWORKS. 3. Don’t download any files or Click on 11. REGULARLY UPDATE your WhatsApp any links received from STRANGERS or application from Google Play Store/ Apple UNKNOWN WHATAPP NUMBERS. Store to get the latest updates and security 4. Manage WhatsApp Web effectively, Log Out benefits. of All Computers before closing the tabs.

5. BLOCK AND REPORT the Unknown Numbers sending unwanted information.

6. Never send private Information Like bank account PIN, OTP, PASSWORD through WhatsApp.

7. Keep your PRIVACY POLICY of WhatsApp update. Restrict access to your PROFILE PIC to only your contacts. WEB BROWSING SECURITY

1. Always USE SECURED WEB BROWSERS which enables safe browsing over internet.

2. Use INCOGNITO TABS for Internet Banking and Transaction Purposes.

3. Keep your OS and Browser software up to date with the LATEST VERSIONS & SECURITY PATCHES.

4. Use STRONG PASSWORDS and NEVER STORE PASSWORDS in your Browser.

5. BLOCK POP-UPS AND SCRIPTS to maintain your privacy.

6. Optimize your browsers settings to protect 8. CLEAR BROWSING ACTIVITY on regular your device form MALICIOUS ATTACKS. basis to avoid threat to confidential 7. Make sure the URL of the websites has information. “HTTPS://” A PADLOCK ICON. 9. Don’t use UNSECURE SITES for downloading songs, wallpapers, images, videos or movies etc.

10. Don’t use or install Add-ons to your browser from UNTRUSTED SOURCE.

11. Be selective about BOOKMARKING SITES & Saving WEBPAGES.

12. Use Virtual Private Networks (VPN) and VPS while using PUBLIC NETWORKS like WI-FI. MAN IN MIDDLE FRAUDS

Industries , Businesses, Firms, NGO, Government organisations & Individuals face this type of frauds. Man In Middle is referred to a persons/ persons when the communication (mostly email) is been compromised by the same for Monetary gain. In this type the hacker/attacker/ cyber criminal gains the access of one or both the parties e-mail communication of deal, transaction and intervenes at the moment when a transactions is due. The hacker/attacker intervenes the communication and changes the payment details (i.e. bank account number by conveying false reasons like, auditing, income tax issues, & in cases of individuals a fake emergency is used for asking money.) The person executing the transaction are kept under impression that they are communicating with the genuine person . The e-mail id’s of the victim are forged so carefully to mislead the transaction executor. Businesses having overseas business relationship lose the bigger amounts if they are not aware and careful to these type of frauds. In some instances Cyber Police Station is been able to successfully freeze the funds sent overseas when the issues were reported at the earliest. MAN IN MIDDLE FRAUDS ADVISORY

6. If you receive a mail of change in account number for payment verify the request by calling the concerned personnel.

7. Check the incoming mails domain and reply path regularly while making a transaction.

8. Report the discrepancies in your mail account login and suspicious mails to your nearest Cyber Police Station.

9. Read the Advisory notes of E-Mail Security and Device Security and follow them to be safe from being a victim.

1. Always keep your mail security update and review the account logins.

2. Check the mail forwarding rules set for your mail communication.

3. Educate and make aware the people from accounting who generally executes the transactions. They are most vulnerable due to lack of awareness of these type of frauds.

4. Confirm the transaction request over telephonic verification once received.

5. Don’t change your account numbers to receive payments until its inevitable and inform your customer/ paying party about the same over telephone. MATRIMONY FRAUDS

As we are going Digital every coming day the Digital method of Matchmaking is being adopted by lot of to be Bride and Grooms along with their parents. There are multiple websites providing the database for matchmaking for everyone. At Cyber Police Station we have recorded multiple cases of Men and Women from various marriageable age groups being cheated by the prospective Bride & Grooms for money. We have successfully investigated and arrested the accused in the same cases.- A married couple from was arrested a year ago in such cases where they have created multiple fake accounts on different matrimonial sites and have used downloaded photos from Google and other social media sites. They were honey trapping the prospective grooms for money and have cheated more than a dozen men. Social Engineering – a term which is used for the modus operandi of the Cyber Criminal who acquires every minute details available over Cyber Space about the target and gains the trust by showing the similar interests, dreams, goals, future plans, Ambitions as the target. Once the trust is gained then by Fake Medical/ business/ economic Emergencies, they acquire money from the target and keep asking for it until the victim understands that he/she is been cheated. MATRIMONY FRAUDS ADVISORY

1. Always keep your mail security update and review the account logins.

2. Check the mail forwarding rules set for your mail communication.

3. Educate and make aware the people from accounting who generally executes the transactions. They are most vulnerable due to lack of awareness of these type of frauds.

4. Confirm the transaction request over telephonic verification once received.

5. Don’t change your account numbers to receive payments until its inevitable and 7. Check the incoming mails domain and reply inform your customer/ paying party about path regularly while making a transaction. the same over telephone. 8. Report the discrepancies in your mail 6. If you receive a mail of change in account account login and suspicious mails to your number for payment verify the request by nearest Cyber Police Station. calling the concerned personnel. 9. Read the Advisory notes of E-Mail Security and Device Security and follow them to be safe from being a victim. OLX FRAUD ADVISORY

OLX is a digital platform which provides 2. Do not believe any claims or promises made interaction between buyer and seller. It has by the buyer. (it is observed that fraudsters observed that lot of people are getting cheated are impersonating as army personnel and by the criminals who pose themselves as send their forged identification) sellers of goods like mobiles, motor cycles and 3. If you are selling something and had other household goods. advertised it on OLX or similar platform People contact these sellers and interact for then – purchasing the item. On promise of delivering Don’t provide sensitive information to the the goods to the buyer, the fake sellers/ buyer. criminals take the payment from buyer in advance. After getting the payment they cut-off Avoid meeting with the buyer alone. the contact with buyer or keep making or keep If you are selling a bike, be aware of motor giving false promises to refund the amount. cycle thieves as they might run away with TO AVOID BEING VICTIM IN THIS KIND OF your bike while taking a test ride. CASES FOLLOWING PRECAUTIONS NEED TO 4. While making transaction on Google pay BE TAKEN: make sure you are not accepting the request 1. Don’t make any payment to the seller to send money from your account. without physically inspecting and meeting with the buyer. MOBILE WALLETS ADVISORY

With the Digital Payment systems and attractive offers from Mobile Wallets companies the use of mobile Wallets is a popular choice. It is being used by a large population for going cashless, booking tickets, mobile recharges & paying bills. It has become a target for Cyber Criminals due to its popularity. By impersonating as an executive from mobile wallet companies or by faking themselves as potential buyers fraudsters ask to accept the payment request

To safeguard our mobile wallets following precautions are advised-

Use authentic source such as Google Play Store, Apple Store to download the mobile wallet .

Read and understand the functioning of mobile wallet you are using.

Don’t save any DEBIT / CREDIT CARDS to the wallet.

In case of Google Pay you can SEND money or REQUEST money from another Google pay user. Understand the difference between them to be safe.

Don’t share any OTP generated by your mobile wallet service provider with anyone.

Logout of Mobile Wallet after use and keep it locked with a password. NIGERIAN FRAUDS

Nigerian Nationals are Infamous for Cyber One best example of Nigerian Frauds is the Frauds and Cheating cases as they have been victim get in touch with Nigerian Prince / arrested for their Involvement in multiple types Princess/ Businessman over e-mail or social of Cyber Crimes all over the World. For e.g. – media. They claim that they want to transfer their funds in our country and ask for help . In l Oil Fraud return they offer a huge amount as commission/ l Seed Fraud, gift. If the victim becomes greedy and agrees to it then they contact the victim as bank Of The l Face book friendship Gift Fraud Fraudster and ask for payment to release the l Matrimonial Frauds funds. Once victim gets hooked to their scam they try to extract as much money as possible l Man In Middle Frauds from Victim by false promises and reasons. l Lottery Fraud, l Nigerian Prince/ princess etc. NIGERIAN FRAUDS

The technique used by most of the Nigerians is 4. You cant win a lottery if you haven’t bought Social Engineering. They collect every available the ticket. Be aware of mails and messages detail of the target and then contact the target which claims that you have won a lottery over social media to become friends. They gain or won a lucky draw (which you never the trust of the target as a friend, Businessman, participated). or as a authentic executive of a company buying 5. Don’t accept unknown peoples request to raw material from . be friends or as connections over social People often fall prey to these kind of frauds media. due to their GREED. 6. No Government Official will ask to pay money for releasing a package/ parcel arrived at Airport sent from overseas to you.

ADVISORY-

1. Be aware of the Nigerian Frauds.

2. Don’t reply to mails which claims to be from Prince, Princess or any businessman to whom you haven’t contacted .

3. No company will ask an unknown individual to buy any kind of Seeds, Medicines, Oils or medicinal quality plants and they definitely wont purchase it for a larger price from you. CYBER POLICE STATION PUNE CITY

l If you encounter any of the Cyber Crime or unfortunately become a victim of Cyber Crime, you can report it to us and we will investigate. l If you need any information about Cyber Crime you are welcome to visit the Cyber Police Station.

Cyber Police Staiton Pune City Police Head Quarter, Shivaji Nagar, Pune 411005. Contact : 020 2971 0097 Email : [email protected]

Useful Websites

Visit

www.punecitypolice.gov.in www.cybercrime.gov.in | www.cyberswachhtakendra.gov.in

for more information on Cyber Crime.

Follow

@PuneCityPolice | @CyberDost

on Twitter to get latest updates on Cyber Crime and Tips to Prevent it.