Here are 12 essential tips for smart browsing:

1. Use Incognito mode with CTRL+SHIFT+N in Chrome & Edge.
2. Look at address bar carefully. It could be a phishing site.
3. While not foolproof, legitimate sites usually use HTTPS. Check
   for the padlock symbol and the proper domain in the address bar.
4. Consider using multiple web browsers for different activities.
5. Download only from reputable sources and use antivirus software
6. What you post online stays there forever, so share things carefully.
7. Review social media privacy settings to know who can see your stuff.
8. Be wary of deception on social media.
9. Don’t share confidential information, you don’t know who’s looking.
10. Protect your social media accounts from unauthorized access.
11. Always Ask First: Don’t Share Others’ Info Without Permission
12. Avoid saving passwords in the browser; use a password manager.

Here are 12 practical tips to keep your phone safe:

1. Lock your phone with a PIN, pattern, or fingerprint.

2.Avoid public USB charging stations, which can be compromised.

3.Restart your phone every week.

4.Turn off Wi-Fi and Bluetooth® when not in use.

5.Keep your operating system and apps updated.

6.Use Multi-Factor Authentication.

7.Install apps ONLY from the authorized app stores & check app permissions; be wary of camera, mic. contacts & location access.

8.Don’t send and receive sensitive data over public Wi-Fi connections.

9.Log out of sites after you make a payment.

10.Regularly back up your data.

11.Consider blocking call forwarding unless required.

12.Learn how to remotely lock or wipe your phone in case it gets lost.

1. Lack of engagement with the physical environment: When students spend excessive time on devices, they become less engaged with their immediate surroundings. They may fail to notice important details or changes in their environment, which can affect their safety and ability to respond effectively to situations.
2. Reduced social interactions: Over-reliance on devices can lead to decreased face-to-face social interactions. This can hinder the development of important social skills, including reading non-verbal cues, interpreting social dynamics, and understanding situational context.
3. Impaired attention and concentration: Continuous exposure to screens can lead to reduced attention span and difficulties in maintaining focus. This can impact students’ ability to process information from their environment, leading to a decreased situational awareness.
4. Cyberbullying and online risks: Spending excessive time online increases the risk of students becoming victims of cyberbullying or falling prey to online scams, predators, or inappropriate content. Engaging in such experiences can distract students from their immediate surroundings and compromise their situational awareness.

Came across a school incident recently. Please watch this video at the link below:

Situational Awareness

To address these concerns and promote better situational awareness among students, here are some strategies:

1. Encourage device-free activities: Encourage students to participate in activities that do not involve screens, such as outdoor play, sports, hobbies, or creative endeavors. This helps them engage with their physical environment and develop a broader awareness of their surroundings.
2. Educate about online safety: Teach students about responsible internet use, including how to identify and respond to cyberbullying, how to protect personal information online, and how to navigate online risks. By empowering them to make informed choices, they can better manage their online experiences and maintain situational awareness.
3. Foster face-to-face interactions: Create opportunities for students to interact and collaborate in person. Encourage group discussions, teamwork, and classroom activities that promote social engagement and communication. This helps students develop social skills and situational awareness in real-world settings.
4. Set boundaries on screen time: Establish clear guidelines and limits on screen time both at school and at home. Encourage students to take regular breaks from screens, engage in physical activities, and spend time with family and friends. Balancing screen time with other activities helps students maintain a healthier sense of situational awareness.

By promoting a balanced approach to technology use and providing opportunities for students to engage with the physical world and interact face-to-face, educators and parents can help mitigate the negative effects of excessive screen time and support students’ situational awareness.

Today’s blog post is about the latest cybercrime that made headlines in Mumbai, Maharashtra, India. This cybercrime victimized 80 people over a period of 16 days and collectively siphoned off almost 1 crore rupees (99.12 lakhs). This incident serves as a reminder that we need to be cautious before clicking on any link and be careful about sharing our personal and confidential information.

The cyber fraudsters duped 80 individuals who had their own bank accounts. They were sent messages of account deactivation or suspension due to KYC update pending or PAN card not updated, but the messages were not sent by the bank but by the fraudsters! As a result, these individuals lost money from their accounts.

Authorities have not found any data leak from the bank’s side, but they are still investigating the point of data leak that put these 80 individuals in this situation. It is uncertain whether these individuals will get their money back from the bank, as they clicked on the link without verifying and divulged their account information, despite constant warnings from banks. The Cyber Crime Unit of the Mumbai Crime Branch has taken up the case and hopes to achieve a breakthrough.

The list of individuals who were duped in this crime includes actor-politician Nagma, actor Malavika aka Shweta Menon, as well as other professionals, students, housewives, and retired senior citizens.

The Cyber Crime Unit is equipped with all the technical details to carry out the probe. They have issued warnings to customers to not panic on receiving such messages and instead get in touch with their respective banks personally instead of searching for the numbers on the internet.

The team is finding out and tracking from which subsidiary sub-lending financial institutions the data breach has occurred. They have also found the module of the organized crime syndicate involved in the fraud. However, it is too early to disclose their details. The total cases registered in the city till date tallied at 80.

In order to track down the scamsters, the Cyber Crime Unit has sought details of the 300 fake accounts and the 100 SIMs the fraudsters procured using fake documents. DCP (Mumbai-Cyber Crime) Dr. Balsing Rajput shared that no banks or financial institutions or service providers will warn anyone of the suspension of their accounts.

We hope this post helps you stay alert and safe while navigating the cyber world. Remember, always be cautious before clicking on any link and never share your personal or confidential information without verifying the source.

ChatGPT, launched on November 30, 2022 has taken the world of technology by storm. After just two months, the AI chatbot has built a base of 100 million active users. A study from investment bank UBS says that ChatGPT’s growth rate makes it one of the fastest-growing apps in history.

ChatGPT is an AI language model and an incredible technology that is revolutionizing the way we interact with machines. For junior students who are just beginning to explore the world of technology, ChatGPT is an exciting and accessible way to learn about the possibilities of this rapidly advancing field of Artificial Intelligence.

At its core, ChatGPT is a language model that has been trained on a vast amount of data from the internet. This means that it is able to generate responses to user queries that are not only accurate but also contextually appropriate. It can converse on a wide range of topics, from science and technology to sports and entertainment, and can even help with homework assignments.

One of the great things about ChatGPT is that it is available to anyone with an internet connection, which means that students can access its vast stores of knowledge from anywhere in the world. This makes it an incredibly valuable tool for learning, as it provides students with instant access to information that would have been difficult to find otherwise.

Another important aspect of ChatGPT is its ability to adapt and learn from user interactions. As students engage with the model and ask it questions, it is able to refine its responses and become even more accurate over time. This means that the more students use ChatGPT, the more valuable it becomes as a learning tool. Hence, ChatGPT can also provide personalized recommendations based on a student’s learning history, helping them to improve their academic performance over time.

We all have done our schooling and one thing that has remained consistent throughout the past is the “Homework”.  Using ChatGPT, it becomes much easier finishing the homework. For example, a student gets a homework assignment to write a 4 page essay on certain topic. Getting this done using ChatGPT will not even take a minute.

Now, some schools in the US and other countries are discouraging their students from using ChatGPT at this stage. But, some other schools are teaching their students about the tool, what to learn from it, what are the purposes they should use it for and NOT use it for, as they do not want for their students to miss out on the opportunity to use and learn about ChatGPT.

Overall, ChatGPT is an exciting and powerful technology that has the potential to transform the way we learn and interact with machines. For junior students who are just beginning to explore the world of AI, it is an accessible and user-friendly tool that can help them discover the possibilities of this rapidly evolving field. By leveraging the power of ChatGPT, students can gain access to vast stores of knowledge and explore the world in new and exciting ways.

Updated on March 16, 2023

As ChatGPT became available online, it became extremely popular and in just matter of days, almost everyone online wanted to use ChatGPT. It is often found being used at its max capacity levels and users have to wait for it to become available at times. As a result, ChatGPT Plus has been recently launched.

Reserve Bank of India (RBI) launched a pilot project on digital rupee on November 1, 2022 called e-Rupee (e₹). In the first PHASE, it is valid only for the wholesale transactions for enabling large payments and settlements on the purchase and sale of government securities. Next month, RBI is planning to launch digital rupee for retail segment as well.

One may think that we are already using digital money for our daily transactions, through the means of PhonePe, GPay, Paytm etc.  so some of the obvious questions that come to mind are:

• How is this digital rupee different from the existing forms of digital money we are using?
• Is this a cryptocurrency? Has our Government allowed cryptocurrency?
• Is digital rupee going to replace the currency notes and coins that we are using now?

Let us look at some of the facts and try to understand it better.

The e-Rupee has been issued by RBI, which is India’s Central Bank and hence this is a legal currency. This will be at par with cash, that is rupee notes and coins. So, one can say this is currency in digital form.

Being in digital form, the transactions made using it would be much faster, easier and cheaper.
However, the difference being that the digital payments that we currently make using PhonePe, GPay, Paytm etc. are done using our bank account. With each transaction we make, the app we use goes to the server of our bank, initiates the transaction, the bank server confirms the payment and then the transaction goes to the recipients’ bank account and when the receipt is confirmed by recipient’s bank account that is when finally, the transaction is completed. So, we can imagine the bank servers are always very busy dealing with millions of transactions and this scale of transactions impact the servers severely.

Now let us look at how the transaction will be processed in case of e-Rupee? Here, these will not be processed through banks but will be processed on blockchain, which offers distributed ledger technology. On Blockchain, because of the distributed ledger technology, the transactions will be processed at great speed. As a matter of fact, to use e-Rupee, we do not even need a bank account. I had explained above that e-Rupee is like cash in digital form, and when we use cash we simply use it without going to the bank.

While e-Rupee uses the Blockchain technology but it is very different from cryptocurrency. Unlike cryptocurrency, e-Rupee is issued by India’s Central Bank, the RBI and not by a private player. With cryptocurrency, any private individual can compete to mine and create value in the cryptocurrency but here, since it is issued by RBI, mining is not possible. In crypto, the value is determined by the market forces hence its value always fluctuates, whereas, with e-Rupee, there will not be any change in face value over a period. The biggest fear that lies with cryptocurrency is completely eliminated here. For example, a 2,000 Rupee worth of e-Rupee value will always be worth Rs. 2,000. And since it is issued by the RBI, it is sovereign with a guarantee for its face value.

When the e-Rupee becomes available for retail transactions, how do we get it? What we know now is that e-Rupee will be distributed entirely by Commercial Banks and that you do not need to have a bank account with the bank to transact in e-Rupee. It is understood that we will be able to withdraw digital tokens/ e-Rupee from banks in the similar way as we withdraw physical cash (except that we will not need a bank account to withdraw e-Rupee). We will see specially created electronic wallets for receiving, storing and transferring the digital rupee in the form of electronic tokens.

Now comes the smart question. Since this will be stored in an electronic wallet, what kind of interest will it offer?  Sorry, but there won’t be any interest. As mentioned above, digital rupee is just a digital form of physical cash and since physical cash does not bear any interest, e-Rupee will also not bear any interest.

Now, is it mandatory to switch to e-Rupee once RBI launches it for retail transactions? The answer is No. e-Rupee will coexist along with the other forms of digital payments and also along with physical form of rupee like currency notes and coins. There is absolutely no compulsion to convert to e-Rupee.

So then what are the benefits for switching to e-Rupee?

1. The transaction cost with e-Rupee will be much less compared to present day NEFT or RTGS, especially when you are transferring large amounts.
2. The transaction with e-Rupee will be much faster compared to any other digital payment as e-Rupee runs on blockchain technology
3. When the use of digital rupee picks up speed and becomes popular then government can spend less amount on printing and distributing the physical cash.

Let us extend a warm welcome to e-Rupee for wholesale transactions and look forward to welcome the launch of e-Rupee for retail transactions.

Let the story of TV 9 Channel unfold.

It happened on March 28, 2021, a Sunday afternoon. Australian Channel 9 TV posted a tweet which indicated that it was under a cyber-attack. This attack rendered them unable to broadcast their popular weekend show “‘NRL Sunday Footy Show”.

This attack affected Channel 9 TV network’s ability to “produce its news and current affairs content”. Later in an article, Channel 9 News had described the outage as a sophisticated and calculated attack that fundamentally disrupted how the network delivered and presented news.

The technology that brings you 9 News every night is under attack by hackers.

Whether it’s criminal sabotage or the work of a foreign nation is still being investigated, but this attack could reveal a nationwide vulnerability. @MarkWBurrows #9News pic.twitter.com/YL8l1DLNVV

— 9News Australia (@9NewsAUS) March 28, 2021

Thankfully, Channel 9 had an in-house business continuity plan in place which made it possible to air all predetermined broadcasts while they continued dealing with the situation.

The big question is, what had happened and how did it happen?

Media reports indicated a malware spread through devices at Channel 9’s Sydney headquarters, which affected data and production systems.

Malware is a computer software such as a virus that the target does not know about or want and is designed with the purpose of damaging the targeted computer or computer network works

Media at the time also reported through its very credible sources that the attacker(s) had acquired access to the headquarters even before that Sunday. A possibility was mentioned that fake “IT Updates” were sent to users’ at the headquarters and when they clicked on that link to install an update/repair, the malware was installed.

One kind of malware is, Ransomware. Ransomware attacks the target computer or network and it locks down the data and the systems on the network until a ransom is paid. The cyber-attack on Channel 9 had all traits matching a ransomware attack.

Ransomware attacks often start with a phishing attack, in which large numbers of emails/messages are sent to users  at an organization. Phishing emails are designed to look like they are coming from a legitimate source and in an attempt to further make it look credible, the emails/messages  often include seemingly privileged information like user’s names, departments etc.

Once installed, ransomware generally encrypts all important data, including important files and even entire systems, leaving  them inaccessible by the users. Ransomware often targets emails and commonly used file types such as Pdf files, Spreadsheets, Presentations, and/or Word documents.

Very often the attackers have financial motive, and they typically demand for a ransom in exchange for releasing the locked-out data. Once a ransom is paid, they typically release a “key” to unlock the data.

Avoiding Ransomware Attack

Firstly, it is important to stop such attacks and for the purpose, it is very important for all organizations to make sure their network is secure and there are no vulnerabilities through which attacker(s) can acquire access to the network, to systems and to users/devices.

Secondly, it is also important to educate the staff on the dangers of clicking on links without making sure it is coming from a genuine source.

Thirdly, it is important to have an in-house business continuity plan in place.

In case of an attack, in-house continuity plan needs to be initiated, backups will need to be retrieved, and specific vulnerabilities needs to be identified and fixed/repaired immediately.

Sharing posts about where we are and what we are doing keeps our near and dear ones excited and updated. Of course, it keeps us motivated.

Reports indicate that just few years ago, almost 80% smart phone users were using phones with location services enabled, the trend has now changed in the western world but in developing countries, still a very large number of users are not aware about the location services and privacy. Those in the IT world have known for a long time that every time we go online, we are leaving our digital footprint out there.

Some of us also think what all is secure and what is not so secure? When people innocently share their kid’s birthday photos, school graduation pics with other details, they do so thinking there is nothing to worry about! They think who is looking at these details?

But, little they know while staying online is a need but then staying secure while online is also a need. It is like driving on the road, while there is a need to be on the road to travel from one place to another but there is also a need to take all precautions to stay safe on the road.

Let us talk about Cyber Security – this is something that needs attention of everyone because in today’s day and age, Cyber Security must fall into everyone’s “need to understand and comply” scope.

Today all across the world, businesses have their presence online – directly or indirectly. Majority of business have some presence online When all our clients are online, where else would we promote our business? So, many of the marketing campaigns are happening online.

All these businesses also need to understand, and follow cyber security norms and stay safe. What all are we sharing online in our marketing campaign?  For example, If we are sharing our IT/Network structure, hackers will know how to crack it.

Simply put, all the information put out online is “publicly available information”. In the world of cyber security, this is called open source intelligence (OSINT). Here, open source means that the sources that provide information are open/public. OSINT is an important part of Recon (Reconnaissance).

Different stages in Cyber Security are,

1. Pre Security
2. Offensive Pen testing
3. Cyber Defense

For Cyber Security professionals, working at any of the above stages, Recon is the very first step taken whenever they get ready to perform Vulnerability Assessment or Penetration Testing. While Active Recon includes direct interaction with the target, Passive Recon includes finding and using the information available on the web.

For Passive Recon, there are some very powerful tools available that will check the target’s online presence, from various different domains, social media platforms, what all has been shared, when it was shared, patterns are set and noted, Pictures and Videos are retrieved and these tools help Cyber Security professionals put very important, and sometimes, private and sensitive information together. These professionals are then able to join the dots and infer the underlying secrets/information.

OSINT or Recon tools are not magical. They only pull out publicly available information and put it together for these professionals to join the dots. Many a times, to start the Recon, all the professionals have with them is a name, or if they are lucky, an email address, or a domain. They start digging with it and in very little time they have a great amount of intel with them.

Once they know something like a website they can use, they will try and find out weaknesses, if any, that they can exploit. This is the process of Vulnerability Assessment. A part of the website might be weak/vulnerable or using some outdated technology, and becomes vulnerable.

Once a vulnerability is found, the next process of Penetration testing begins. Here, those vulnerabilities are targeted and exploited. The experts try and get into the target’s network, system, database, based on the type of vulnerability. Once they are in, they will try and exploit it, causing damage to the target’s  assets. Many a times, cookies from a device give away access to sensitive data.

To stay safe, it is important to clear your browsing history from time to time. Delete all cookies from your device from time to time. When you are using your browser to look at confidential, private or sensitive information, it is not a bad idea to use Incognito mode. Today we have the options available for using encrypted emails.

Firewalls will protect you when you are approached from an unknown website. Antivirus software are available for your further protection and there are range of protective software available. These are the most common, easily available and easy to implement security measures that we should follow.

As a common practice, companies pay the ethical hackers to find vulnerabilities in their system and some companies even pay them to penetrate into the company’s internal assets and see what kind of exploitations are they vulnerable to. If hacker is able to find vulnerabilities on the target’s request, the proof is shared with the target to enhance the security and eliminate the vulnerabilities.

To summarize, we agree that staying online is a need and that staying secure while online is a need too. Cyber Security, I think, should have a place in everybody’s “need to understand and comply” scope.

Stay Online, Stay Safe!

Author: Shital Rai

LinkedIn: www.linkedin.com/in/shitalrai

The most challenging part with cybercrime is that the risk landscape is constantly changing. As technology advances, this challenge keeps intensifying. As existing hacking tools enhance and new tools come in to play, securing networks becomes more challenging.

Cybersecurity is the only solution to protect your digital data and resources by mitigating security threats and vulnerabilities originating from cybercrime.

So, what are we dealing with?

Some of the most common cyber security threats are ransomware, malware, phishing and theft of personal and confidential data etc. Data breaches tops the list.

 Phishing and Trojan Horse attacks: Attacker sends malicious emails that appear to be originating from credible sources such as banks or similar credible organizations. When the recipient opens such emails, and/or attachments and/or clicks on a link in it, the malware enter target’s network and steals or damage personal, sensitive and confidential information, customer details, intellectual property and more. Hackers might steal, delete, or corrupt data. Stolen data is either used for by hackers for their intended purpose or it might even get posted on the DarkNet for sale, or just get posted online for anyone to see.

• DOS – Denial of Service attacks: In a DOS attack, hackers penetrate into target’s network and they send so many messages that overwhelms the target’s network system, this prevents the authorized users from getting an access to the system and can create server outages and monetary loss and undue excessive pressure on the IT staff.
• Ransomware: As the name indicates, the purpose of this type of attack is to hold the target to ransom. Hackers penetrate into target’s network and they encrypt data files on the target’s network. A ransom in terms of monetary payment is demanded in exchange for access to data files.

    So, what all can be done to protect ourselves?

Many insurance companies offer cybersecurity policies that provide coverage from activities such as identity theft, unauthorized transactions, and more. Two types of coverage is generally available.

(1) Vendor Indemnity Insurance for cybersecurity vendors and
(2) Third-Party Cybersecurity Insurance for businesses with a risk profile higher than average.

The cost on these policies can be extremely high because of the frequency of attacks.

Below are some very simple and easy to follow recommendations that can go a long way.

1. Restricted Access Policy- Employees  should have access to only the part of data they need to work with. Access to data and resources should be on need-to-know-basis.
2. Keep operating systems and other software up to date. An outdated software can become an easy entry point for hackers.
3. Strong Password. It is a good idea to to have 12 characters password that has upper case letter(s), lower case letter(s), number(s) and special character(s).
4. Network administrators to ensure safety of the network by frequently changing network passwords.
5. Install firewall and protective software like antivirus, antimalware, antispyware.
6. Regularly scan devices for malware
7. Train all employees on cyber security.

    If you rely on the internet for communication and for carrying out daily operations, you must use cybersecurity measures to safe guard your data and resources.

Author: Shital Rai

LinkedIn: www.linkedin.com/in/shitalrai

According to the United States Federal Bureau of Investigation (FBI), phishing is the most common cyberattack in the world, with the largest number of victims.

 Following are some of the ways to spot a malicious email:

• Sender’s Address is Wrong or Suspicious
  Verify correctness of sender’s address. Cyber criminals cheat through little things, so you must pay attention to minute details. Most of the times, it is just one letter that makes all the difference. For example, the correct email should be [email protected] but you may get mail from [email protected] (pay attention to extra i).

  This tactic’s name is spoofing. It is widely used in malicious emails. According to the FBI, spoofing frauds caused more than USD 300 million in losses in 2019.

• Dangerous Links and Call-to-Action Buttons
  Fraudsters use malicious links as one of the main ways to commit fraud. So, do not click on a link or call to action button immediately, unless you have verified the genuineness of the link.

  One of the easiest way to check the genuineness of the link is to hover over the link(s) without clicking. Pay attention and examine the address that appears on hovering over the link. Make sure this address is authentic. If something looks suspicious, do not click. Fraudsters impersonate famous brands, like Netflix, Apple, Amazon, and Microsoft, for example.

  The header image of this blog shows a notice from NETFLIX asking to update the payment method. For those who are not aware, it may seem a genuine email from NETFLIX, but hovering on the link Login to Netflix would show this is NOT from NETFLIX and uninformed & innocent people may end up entering their NETFLIX information and bank details thinking they are paying to NETFLIX and may lose all their money in the Bank.

• Stay Away from Attachments from Unknown Sources
  To stay safe, make it a practice to NEVER IMMEDIATELY OPEN an attachment that you were not expecting. If it is from someone unknown to you, you may want to delete the email. Even when the mail appears to be from someone you know, please still check the email before opening the file. If in doubt, it will be wise to contact the sender to confirm that the email is legitimate.

• Look for Spelling and Grammar errors
  Be suspicious of emails that have misspellings or grammar errors. Typing errors are generally an indication of a malicious email.

• If It Sounds Too Good To Be True It Probably Is/Isn’t”
  If you receive an email with promises of big profits and little or no investment, then the law of the average says that it is not true. Cyberspace is full of spam, phishing, and other types of malicious emails that promise inheritance, lottery prizes, and great giveaways. Beware!

• Be Guarded when you see Urgent Emails and Requests for Sensitive Information
  It is common sense that if an issue is very urgent, the person will call or will try to meet in person, if possible.

  Be suspicious of emails you receive from unknown people with the subject As Soon As Possible (ASAP) or URGENT or if that requires you to share sensitive information. Those are a sign of fraud or malicious email.