Digital Cash

e-Rupee (e₹): The Digital Cash

This is an introductory blog about Digital Rupee.

Reserve Bank of India (RBI) launched a pilot project on digital rupee on November 1, 2022 called e-Rupee (e₹). In the first PHASE, it is valid only for the wholesale transactions for enabling large payments and settlements on the purchase and sale of government securities. Next month, RBI is planning to launch digital rupee for retail segment as well.

One may think that we are already using digital money for our daily transactions, through the means of PhonePe, GPay, Paytm etc.  so some of the obvious questions that come to mind are:

  • How is this digital rupee different from the existing forms of digital money we are using?
  • Is this a cryptocurrency? Has our Government allowed cryptocurrency?
  • Is digital rupee going to replace the currency notes and coins that we are using now?

Let us look at some of the facts and try to understand it better.

The e-Rupee has been issued by RBI, which is India’s Central Bank and hence this is a legal currency. This will be at par with cash, that is rupee notes and coins. So, one can say this is currency in digital form.

Being in digital form, the transactions made using it would be much faster, easier and cheaper.
However, the difference being that the digital payments that we currently make using PhonePe, GPay, Paytm etc. are done using our bank account. With each transaction we make, the app we use goes to the server of our bank, initiates the transaction, the bank server confirms the payment and then the transaction goes to the recipients’ bank account and when the receipt is confirmed by recipient’s bank account that is when finally, the transaction is completed. So, we can imagine the bank servers are always very busy dealing with millions of transactions and this scale of transactions impact the servers severely.

Now let us look at how the transaction will be processed in case of e-Rupee? Here, these will not be processed through banks but will be processed on blockchain, which offers distributed ledger technology. On Blockchain, because of the distributed ledger technology, the transactions will be processed at great speed. As a matter of fact, to use e-Rupee, we do not even need a bank account. I had explained above that e-Rupee is like cash in digital form, and when we use cash we simply use it without going to the bank.

While e-Rupee uses the Blockchain technology but it is very different from cryptocurrency. Unlike cryptocurrency, e-Rupee is issued by India’s Central Bank, the RBI and not by a private player. With cryptocurrency, any private individual can compete to mine and create value in the cryptocurrency but here, since it is issued by RBI, mining is not possible. In crypto, the value is determined by the market forces hence its value always fluctuates, whereas, with e-Rupee, there will not be any change in face value over a period. The biggest fear that lies with cryptocurrency is completely eliminated here. For example, a 2,000 Rupee worth of e-Rupee value will always be worth Rs. 2,000. And since it is issued by the RBI, it is sovereign with a guarantee for its face value.

When the e-Rupee becomes available for retail transactions, how do we get it? What we know now is that e-Rupee will be distributed entirely by Commercial Banks and that you do not need to have a bank account with the bank to transact in e-Rupee. It is understood that we will be able to withdraw digital tokens/ e-Rupee from banks in the similar way as we withdraw physical cash (except that we will not need a bank account to withdraw e-Rupee). We will see specially created electronic wallets for receiving, storing and transferring the digital rupee in the form of electronic tokens.

Now comes the smart question. Since this will be stored in an electronic wallet, what kind of interest will it offer?  Sorry, but there won’t be any interest. As mentioned above, digital rupee is just a digital form of physical cash and since physical cash does not bear any interest, e-Rupee will also not bear any interest.

Now, is it mandatory to switch to e-Rupee once RBI launches it for retail transactions? The answer is No. e-Rupee will coexist along with the other forms of digital payments and also along with physical form of rupee like currency notes and coins. There is absolutely no compulsion to convert to e-Rupee.

So then what are the benefits for switching to e-Rupee?

  1. The transaction cost with e-Rupee will be much less compared to present day NEFT or RTGS, especially when you are transferring large amounts.
  2. The transaction with e-Rupee will be much faster compared to any other digital payment as e-Rupee runs on blockchain technology
  3. When the use of digital rupee picks up speed and becomes popular then government can spend less amount on printing and distributing the physical cash.

Let us extend a warm welcome to e-Rupee for wholesale transactions and look forward to welcome the launch of e-Rupee for retail transactions.

Identify a Fake Facebook Profile

HOW TO IDENTIFY A FAKE FACEBOOK PROFILE

The company Meta, previously called Facebook, owns four of the most popular social media platforms worldwide, WhatsApp, Facebook Messenger, Facebook, and Instagram.  This post is focused on Facebook.

In the first quarter of 2022, Facebook took action on 1.6 billion fake accounts, In the first quarter of 2019, a record figure of approximately 2.2 billion fake accounts were removed by the social media platform.
In India alone, there are nearly 239.65 million Facebook users, making it the leading country in terms of Facebook audience size. So, one can imagine, the larger the user base, the larger is the number of scammers.

The vast majority of those deleted accounts were automated accounts that are often created by software programs. We all know that bots have been used for years to manipulate people. The good news is that in recent years, Facebook, Twitter and other tech companies have gotten much better at catching bots.

However, the challenge still lies when real humans create the fake accounts. In such cases, these social media companies have a much harder time catching them because such accounts are hard to identify, as they do not carry the same revealing digital signs of a bot. Approaches to find such accounts remain imperfect.  So, what can we do about it?

This means WE MUST OWN RESPONSIBILITY TO STAY SAFE. Here are some tips that can help you identify fake Facebook profiles.

FIRST & FOREMOST: TRUST BUT VERIFY
This means Do Not talk to strangers online. If you do not know them or recognize them, DO NOT accept friend request. These fake accounts would generally have an attractive photo because attractive photos entice people to befriend the account.

DO A REVERSE IMAGE SEARCH
If you want to know more, then the best way to identify a fake Facebook profile is to save the profile photo, and then do a reverse image search using https://www.google.com/imghp?hl=EN or www.tineye.com, and there are few more options that you may use to do a reverse image search. Doing so would reveal if the profile photo is real or fake? Such an exercise will show all the places where the photo has been used and it will be easy for you to spot if the profile photo is real or fake.

SEEING YOUR FRIENDS ALREADY BEING FRIENDS WITH STRANGER’S ACCOUNT DOES NOT MEAN ACCOUNT IS REAL
It is also important to remember that if you find such accounts already friends with your friends, it does not mean the accounts is genuine or real. Please know that fake accounts can connect with your friends as well as you. If you are unsure about an account, DO NOT accept the friend request, but send a message and enquire how does this person know you or where did you meet? Chances are such accounts will never respond, and if you do get a response, verify the correctness of the response.

Some of the other ways to spot a fake profile are:

  • Check if the picture truly looks real or appears to be taken from the internet
  • Check for group pictures on the account. Fake accounts would not have many group pictures
  • The information shared in the profile would seem far from real
  • Generally, fake accounts would not have wall posts on the Facebook page
  • Messages would be far from practical. You might find them too nice or too good to be true
  • Fake accounts are mostly fairly new accounts and not an old account
  • Fake accounts may have no friends or they may have very few friends.

Remember, you can identify fake accounts, just stay alert!

Digital Literacy is the Key

DIGITAL LITERACY IS THE KEY TO FUTURE

Digital Literacy and Its' Relevance

DIGITAL LITERACY AND ITS’ RELEVANCE

Digital literacy- a term of immense relevance in the present. According to the UNICEF, it refers to the knowledge, skills and attitudes that allow one to be both safe and empowered in an increasingly digital world. The present scenario of digitalization broadly includes learning, researching, socializing and participating. With almost all aspects of education being covered digitally, digital literacy plays a vital role. One should be digitally literate to not only use the internet wisely but to use it with safety too. Cyber safety, hence is also an important aspect of being a digital literate. An individual needs to be cautious and alert of the various cyber-crimes/ threats that he/ she might be exposed to, while making use of the internet. As correctly said by the UNICEF, digital literacy allows one to be both safe and empowered in this digital World. While most of us are aware of how we are digitally empowered, many do not know how their safety is a threat.

Digital literacy is not just a requirement, but a right. Hence the present generations must make themselves literate and educated enough to be aware of all facets of this term called ‘digital literacy’. In a World dominated by internet and surfing skills, we ought to make ourselves both, empowered and safe! While empowering ourself we should never neglect the most important feature of this digital World to “Be Safe”.

As today we all know that without technology we could not survive during this pandemic only technology made our lives go smooth, and this has made us get over from this toughest time of the century. Online classes made our students learn new aspects of life in new dimension. All the offices work 24 X 7 with the work from home feature and saved on the electricity and other office cost as per other basic needs there.
New learning from home research, Innovation and creation displayed its new dimension with the technical proficient staff and workaholics. Teaching learning and self-development has opened new windows for every innovator with the help of Communication Collaboration and Participation.
While learning, Innovating and achieving through Digital Literacy ones digital Identity should be always kept safe as it’s the concern of their wellbeing and safety and security.

Ms. Ritu Kaushik
Multimedia Professional
Bluebells School International
New Delhi, 110048

Death By a Click (TV 9 Story)

DEATH BY A CLICK – THE TV 9 STORY

You work for an organization and you get a legitimate looking email asking you to click on a link to install a critical “IT Update”. What should you do? Decide after reading the following blog.

Let the story of TV 9 Channel unfold.

It happened on March 28, 2021, a Sunday afternoon. Australian Channel 9 TV posted a tweet which indicated that it was under a cyber-attack. This attack rendered them unable to broadcast their popular weekend show “‘NRL Sunday Footy Show”.

This attack affected Channel 9 TV network’s ability to “produce its news and current affairs content”. Later in an article, Channel 9 News had described the outage as a sophisticated and calculated attack that fundamentally disrupted how the network delivered and presented news.

Thankfully, Channel 9 had an in-house business continuity plan in place which made it possible to air all predetermined broadcasts while they continued dealing with the situation.

The big question is, what had happened and how did it happen?

Media reports indicated a malware spread through devices at Channel 9’s Sydney headquarters, which affected data and production systems.

Malware is a computer software such as a virus that the target does not know about or want and is designed with the purpose of damaging the targeted computer or computer network works

Media at the time also reported through its very credible sources that the attacker(s) had acquired access to the headquarters even before that Sunday. A possibility was mentioned that fake “IT Updates” were sent to users’ at the headquarters and when they clicked on that link to install an update/repair, the malware was installed.

One kind of malware is, Ransomware. Ransomware attacks the target computer or network and it locks down the data and the systems on the network until a ransom is paid. The cyber-attack on Channel 9 had all traits matching a ransomware attack.

Ransomware attacks often start with a phishing attack, in which large numbers of emails/messages are sent to users  at an organization. Phishing emails are designed to look like they are coming from a legitimate source and in an attempt to further make it look credible, the emails/messages  often include seemingly privileged information like user’s names, departments etc.

Once installed, ransomware generally encrypts all important data, including important files and even entire systems, leaving  them inaccessible by the users. Ransomware often targets emails and commonly used file types such as Pdf files, Spreadsheets, Presentations, and/or Word documents.

Very often the attackers have financial motive, and they typically demand for a ransom in exchange for releasing the locked-out data. Once a ransom is paid, they typically release a “key” to unlock the data.

Avoiding Ransomware Attack

Firstly, it is important to stop such attacks and for the purpose, it is very important for all organizations to make sure their network is secure and there are no vulnerabilities through which attacker(s) can acquire access to the network, to systems and to users/devices.

Secondly, it is also important to educate the staff on the dangers of clicking on links without making sure it is coming from a genuine source.

Thirdly, it is important to have an in-house business continuity plan in place.

In case of an attack, in-house continuity plan needs to be initiated, backups will need to be retrieved, and specific vulnerabilities needs to be identified and fixed/repaired immediately.

Alert! Are you being Watched?

ALERT: YOU ARE BEING WATCHED!

Almost every day, we go online so we can keep in touch with the world and based on our interests, we either watch news, stock market, or spend time on social media and look at what is new and who is doing what? What is happening around us, what is the latest & the greatest, what are the new inventions, ideas and trends? Professionals go online to stay updated on the professional front.

Sharing posts about where we are and what we are doing keeps our near and dear ones excited and updated. Of course, it keeps us motivated.

Reports indicate that just few years ago, almost 80% smart phone users were using phones with location services enabled, the trend has now changed in the western world but in developing countries, still a very large number of users are not aware about the location services and privacy. Those in the IT world have known for a long time that every time we go online, we are leaving our digital footprint out there.

Some of us also think what all is secure and what is not so secure? When people innocently share their kid’s birthday photos, school graduation pics with other details, they do so thinking there is nothing to worry about! They think who is looking at these details?

But, little they know while staying online is a need but then staying secure while online is also a need. It is like driving on the road, while there is a need to be on the road to travel from one place to another but there is also a need to take all precautions to stay safe on the road.

Let us talk about Cyber Security – this is something that needs attention of everyone because in today’s day and age, Cyber Security must fall into everyone’s “need to understand and comply” scope.

Today all across the world, businesses have their presence online – directly or indirectly. Majority of business have some presence online When all our clients are online, where else would we promote our business? So, many of the marketing campaigns are happening online.

All these businesses also need to understand, and follow cyber security norms and stay safe. What all are we sharing online in our marketing campaign?  For example, If we are sharing our IT/Network structure, hackers will know how to crack it.

Simply put, all the information put out online is “publicly available information”. In the world of cyber security, this is called open source intelligence (OSINT). Here, open source means that the sources that provide information are open/public. OSINT is an important part of Recon (Reconnaissance).

Different stages in Cyber Security are,

  1. Pre Security
  2. Offensive Pen testing
  3. Cyber Defense

For Cyber Security professionals, working at any of the above stages, Recon is the very first step taken whenever they get ready to perform Vulnerability Assessment or Penetration Testing. While Active Recon includes direct interaction with the target, Passive Recon includes finding and using the information available on the web.

For Passive Recon, there are some very powerful tools available that will check the target’s online presence, from various different domains, social media platforms, what all has been shared, when it was shared, patterns are set and noted, Pictures and Videos are retrieved and these tools help Cyber Security professionals put very important, and sometimes, private and sensitive information together. These professionals are then able to join the dots and infer the underlying secrets/information.

OSINT or Recon tools are not magical. They only pull out publicly available information and put it together for these professionals to join the dots. Many a times, to start the Recon, all the professionals have with them is a name, or if they are lucky, an email address, or a domain. They start digging with it and in very little time they have a great amount of intel with them.

Once they know something like a website they can use, they will try and find out weaknesses, if any, that they can exploit. This is the process of Vulnerability Assessment. A part of the website might be weak/vulnerable or using some outdated technology, and becomes vulnerable.

Once a vulnerability is found, the next process of Penetration testing begins. Here, those vulnerabilities are targeted and exploited. The experts try and get into the target’s network, system, database, based on the type of vulnerability. Once they are in, they will try and exploit it, causing damage to the target’s  assets. Many a times, cookies from a device give away access to sensitive data.

To stay safe, it is important to clear your browsing history from time to time. Delete all cookies from your device from time to time. When you are using your browser to look at confidential, private or sensitive information, it is not a bad idea to use Incognito mode. Today we have the options available for using encrypted emails.

Firewalls will protect you when you are approached from an unknown website. Antivirus software are available for your further protection and there are range of protective software available. These are the most common, easily available and easy to implement security measures that we should follow.

As a common practice, companies pay the ethical hackers to find vulnerabilities in their system and some companies even pay them to penetrate into the company’s internal assets and see what kind of exploitations are they vulnerable to. If hacker is able to find vulnerabilities on the target’s request, the proof is shared with the target to enhance the security and eliminate the vulnerabilities.

To summarize, we agree that staying online is a need and that staying secure while online is a need too. Cyber Security, I think, should have a place in everybody’s “need to understand and comply” scope.

Stay Online, Stay Safe!

Author: Shital Rai

LinkedIn: www.linkedin.com/in/shitalrai

No Privacy!

THERE IS NO PRIVACY OUT THERE

 

What are the dangers kids face when they go online?
Online predators steal peoples’ identities, post inappropriate photos, pretend to be someone they are not, do cyberbullying activities, etc., etc. If this happens to a kid, imagine the kind of overwhelming negative impact it can have on the kid’s emotional and physical well-being.

Read More

Cyber Security

CYBERSECURITY: THE ONLY SOLUTION TO INCREASING PERILS OF CYBERCRIME

Our world is becoming more and more dependent on digital technologies. In my previous blog, Alert:You are being watched!, we looked at how vulnerable we are and hence the need to stay alert while we are online . While digital technology is creating lot many opportunities, it also brings the perils of cybercrime, which is affecting organizations and governments all across the globe.

The most challenging part with cybercrime is that the risk landscape is constantly changing. As technology advances, this challenge keeps intensifying. As existing hacking tools enhance and new tools come in to play, securing networks becomes more challenging.

Cybersecurity is the only solution to protect your digital data and resources by mitigating security threats and vulnerabilities originating from cybercrime.

So, what are we dealing with?

Some of the most common cyber security threats are ransomware, malware, phishing and theft of personal and confidential data etc. Data breaches tops the list.

 Phishing and Trojan Horse attacks: Attacker sends malicious emails that appear to be originating from credible sources such as banks or similar credible organizations. When the recipient opens such emails, and/or attachments and/or clicks on a link in it, the malware enter target’s network and steals or damage personal, sensitive and confidential information, customer details, intellectual property and more. Hackers might steal, delete, or corrupt data. Stolen data is either used for by hackers for their intended purpose or it might even get posted on the DarkNet for sale, or just get posted online for anyone to see.

  • DOS – Denial of Service attacks: In a DOS attack, hackers penetrate into target’s network and they send so many messages that overwhelms the target’s network system, this prevents the authorized users from getting an access to the system and can create server outages and monetary loss and undue excessive pressure on the IT staff.
  • Ransomware: As the name indicates, the purpose of this type of attack is to hold the target to ransom. Hackers penetrate into target’s network and they encrypt data files on the target’s network. A ransom in terms of monetary payment is demanded in exchange for access to data files.

    So, what all can be done to protect ourselves?

Many insurance companies offer cybersecurity policies that provide coverage from activities such as identity theft, unauthorized transactions, and more. Two types of coverage is generally available.

(1) Vendor Indemnity Insurance for cybersecurity vendors and
(2) Third-Party Cybersecurity Insurance for businesses with a risk profile higher than average.

The cost on these policies can be extremely high because of the frequency of attacks.

Below are some very simple and easy to follow recommendations that can go a long way.

  1. Restricted Access Policy- Employees  should have access to only the part of data they need to work with. Access to data and resources should be on need-to-know-basis.
  2. Keep operating systems and other software up to date. An outdated software can become an easy entry point for hackers.
  3. Strong Password. It is a good idea to to have 12 characters password that has upper case letter(s), lower case letter(s), number(s) and special character(s).
  4. Network administrators to ensure safety of the network by frequently changing network passwords.
  5. Install firewall and protective software like antivirus, antimalware, antispyware.
  6. Regularly scan devices for malware
  7. Train all employees on cyber security.

    If you rely on the internet for communication and for carrying out daily operations, you must use cybersecurity measures to safe guard your data and resources.

Author: Shital Rai

LinkedIn: www.linkedin.com/in/shitalrai

Protecting yourself from PHISHING attacks

BEWARE OF PHISHING SCAMS

Phishing emails are one of the most used types of malicious emails. A phishing fraud happens when the fraudster tries to trick someone to steal sensitive data. This type of cybercrime usually happens by email, and generally has doubtful, dubious, and urgent requests.

According to the United States Federal Bureau of Investigation (FBI), phishing is the most common cyberattack in the world, with the largest number of victims.

 Following are some of the ways to spot a malicious email:

  • Sender’s Address is Wrong or Suspicious
    Verify correctness of sender’s address. Cyber criminals cheat through little things, so you must pay attention to minute details. Most of the times, it is just one letter that makes all the difference. For example, the correct email should be [email protected] but you may get mail from [email protected] (pay attention to extra i).

    This tactic’s name is spoofing. It is widely used in malicious emails. According to the FBI, spoofing frauds caused more than USD 300 million in losses in 2019.

  • Dangerous Links and Call-to-Action Buttons
    Fraudsters use malicious links as one of the main ways to commit fraud. So, do not click on a link or call to action button immediately, unless you have verified the genuineness of the link.

    One of the easiest way to check the genuineness of the link is to hover over the link(s) without clicking. Pay attention and examine the address that appears on hovering over the link. Make sure this address is authentic. If something looks suspicious, do not click. Fraudsters impersonate famous brands, like NetflixAppleAmazon, and Microsoft, for example.

    The header image of this blog shows a notice from NETFLIX asking to update the payment method. For those who are not aware, it may seem a genuine email from NETFLIX, but hovering on the link Login to Netflix would show this is NOT from NETFLIX and uninformed & innocent people may end up entering their NETFLIX information and bank details thinking they are paying to NETFLIX and may lose all their money in the Bank.

  • Stay Away from Attachments from Unknown Sources
    To stay safe, make it a practice to NEVER IMMEDIATELY OPEN an attachment that you were not expecting. If it is from someone unknown to you, you may want to delete the email. Even when the mail appears to be from someone you know, please still check the email before opening the file. If in doubt, it will be wise to contact the sender to confirm that the email is legitimate.
  • Look for Spelling and Grammar errors
    Be suspicious of emails that have misspellings or grammar errors. Typing errors are generally an indication of a malicious email.
  • If It Sounds Too Good To Be True It Probably Is/Isn’t”
    If you receive an email with promises of big profits and little or no investment, then the law of the average says that it is not true. Cyberspace is full of spam, phishing, and other types of malicious emails that promise inheritance, lottery prizes, and great giveaways. Beware!
  • Be Guarded when you see Urgent Emails and Requests for Sensitive Information
    It is common sense that if an issue is very urgent, the person will call or will try to meet in person, if possible.

    Be suspicious of emails you receive from unknown people with the subject As Soon As Possible (ASAP) or URGENT or if that requires you to share sensitive information. Those are a sign of fraud or malicious email.

Protecting yourself from PHISHING attacks

PROTECTING YOURSELF AGAINST PHISHING ATTACKS

You can protect yourself against a large number of Phishing Attacks by adopting following behaviors/practices:

  • Always hover over the link in an email to see the destination URL before you click on it. Many times the email link would show legitimate name but on hovering, it would show the real name/ real destination
  • Before taking suggested action, always scrutinize the content of the email. If unsure, do not take immediate action, talk to someone who knows better
  • Ask your elders/ teachers if you are unsure about the legitimacy of an email on which you want to act
  • Scan all hyperlinks in incoming email messages to determine if they’re malicious
  • Don’t depend browser’s Block or Allow lists, especially since attackers can exploit legitimate sites and services to evade these lists
  • Implement advanced email security that can analyze the nature of an email message and ascertain its true intent.