Apple Releases Critical Updates to Mitigate Zero-Day Vulnerabilities CVE-2024-44308 & CVE-2024-44309

Introduction

AI has penetrated most industries and telecom is no exception. According to a survey by Nvidia, enhancing customer experiences is the biggest AI opportunity for the telecom industry, with 35% of respondents identifying customer experiences as their key AI success story. Further, the study found nearly 90% of telecom companies use AI, with 48% in the piloting phase and 41% actively deploying AI. Most telecom service providers (53%) agree or strongly agree that adopting AI would provide a competitive advantage. AI in telecom is primed to be the next big thing and Google has not ignored this opportunity. It is reported that Google will soon add “AI Replies” to the phone app’s call screening feature. 

How Does The ‘AI Call Screener’ Work?

With the busy lives people lead nowadays, Google has created a helpful tool to answer the challenge of responding to calls amidst busy schedules. Google Pixel smartphones are now fitted with a new feature that deploys AI-powered calling tools that can help with call screening, note-making during an important call, filtering and declining spam, and most importantly ending the frustration of being on hold.  

In the official Google Phone app, users can respond to a caller through “new AI-powered smart replies”. While “contextual call screen replies” are already part of the app,  this new feature allows users to not have to pick up the call themselves. 

• With this new feature,  Google Assistant will be able to respond to the call with a customised audio response.
• The Google Assistant, responding to the call, will ask the caller’s name and the purpose of the call. If they are calling about an appointment, for instance, Google will show the user suggested responses specific to that call, such as ‘Confirm’ or ‘Cancel appointment’.

Google will build on the call-screening feature by using a “multi-step, multi-turn conversational AI” to suggest replies more appropriate to the nature of the call. Google’s Gemini Nano AI model is set to power this new feature and enable it to handle phone calls and messages even if the phone is locked and respond even when the caller is silent.

Benefits of AI-Powered Call Screening

This AI-powered call screening feature offers multiple benefits:

1. The AI feature will enhance user convenience by reducing the disruptions caused by spam calls. This will, in turn, increase productivity.
2. It will increase call privacy and security by filtering high-risk calls, thereby protecting users from attempts of fraud and cyber crimes such as phishing.  
3. The new feature can potentially increase efficiency in business communications by screening for important calls, delegating routine inquiries and optimising customer service. 

Key Policy Considerations

Adhering to transparent, ethical, and inclusive policies while anticipating regulatory changes can establish Google as a responsible innovator in AI call management. Some key considerations for AI Call Screener from a policy perspective are:

1. The AI screen caller will process and transcribe sensitive voice data, therefore, the data handling policies for such need to be transparent to reassure users of regulatory compliance with various laws. 
2. AI has been at a crossroads in its ethical use and mitigation of bias. It will require the algorithms to be designed to avoid bias and reflect inclusivity in its understanding of language. 
3. The data that the screener will be using is further complicated by global and regional regulations such as data privacy regulations like the GDPR, DPDP Act, CCPA etc., for consent to record or transcribe calls while focussing on user rights and regulations. 

Conclusion: A Balanced Approach to AI in Telecommunications

Google’s AI Call Screener offers a glimpse into the future of automated call management, reshaping customer service and telemarketing by streamlining interactions and reducing spam. As this technology evolves, businesses may adopt similar tools, balancing customer engagement with fewer unwanted calls. The AI-driven screening will also impact call centres, shifting roles toward complex, human-centred interactions while automation handles routine calls. They could have a potential effect on support and managerial roles. Ultimately, as AI call management grows, responsible design and transparency will be in demand to ensure a seamless, beneficial experience for all users.

References

• https://resources.nvidia.com/en-us-ai-in-telco/state-of-ai-in-telco-2024-report
• https://store.google.com/intl/en/ideas/articles/pixel-call-assist-phone-screen/ 
• https://www.thehindu.com/sci-tech/technology/google-working-on-ai-replies-for-call-screening-feature/article68844973.ece
• https://indianexpress.com/article/technology/artificial-intelligence/google-ai-replies-call-screening-9659612/ 

‍

Executive Summary:

This report discloses a new cyber threat contributing to the list of threats targeting internet users in the name of "Aarong Ramadan Gifts". The fraudsters are imitating the popular Bangladeshi brand Aarong, which is known for its Bengali ethnic wear and handicrafts, and allure the victims with the offer of exclusive gifts for Ramadan. The moment when users click on the link, they are taken through a fictitious path of quizzes, gift boxes, and social proof, that simply could damage their personal information and system devices. Through knowing how this is done we can educate users to take caution and stop themselves from falling into cyber threats.

False Claim:

The false message accompanied by a link on social media, claims that Aarong, one of the most respected brands in Bangladesh for their exquisite ethnic wear and handicrafts, is providing Ramadan gifts exclusively through online promotion. And while that may be the facade of the scam, its real aim is to lead users to click on harmful links that may end up in their personal data and devices being compromised.

‍

The Deceptive Journey:

• The Landing page starts with a salutation and a catchy photo of Aarong store, and later moves ahead encouraging the visitors to take a part of a  short quiz to claim the gift. This is designed for the purpose of creating a false image of authenticity and trustworthiness.
• A certain area at the end of the page looks like a social media comment section, and users are posting the positive impacts the claim has on them. This is one of the techniques to build the image of a solid base of support and many partakers.
• The quiz starts with a few easy questions on how much the user knows about Aarong and their demographics. This data is vital in the development of more complex threats and can be used to address specific targets in the future.
• After the user hits the OK button, the screen displays a matrix of the Gift boxes, and the user then needs to make at least 3 attempts to  attain the reward. This is a commonly used approach which allows the scammer to keep users engaged longer and increases the chances of making them comply with the fraudulent scheme.
• The user is instructed to share the campaign on WhatsApp from this point of the campaign, and the user must keep clicking the WhatsApp button until the progress bar is complete. This is a way to both expand and perpetuate the scam, affecting many more users.
• After completing the steps, the user is shown instructions on how to claim the prize.

The Analysis:

• The home page and quiz are structured to maintain a false impression of genuineness and proficiency, thus allowing the victims to partake in the fraudulent design. The compulsion to forward the message in WhatsApp is the way they inspire more and more users and eventually get into the scam.
• The final purpose of the scam could be to obtain personal data from the user and eventually enter their devices, which could lead to a higher risk of cyber threats, such as identity theft, financial theft, or malware installation.
• We have also cross-checked and as of now there is no well established and credible source or any official notification that has confirmed such an offer advertised by Aarong.
• The campaign is hosted on a third party domain instead of the official Website, this raised suspicion. Also the domain has been registered recently.
• The intercepted request revealed a connection to a China-linked analytical service, Baidu in the backend.

‍

• Domain Name: apronicon.top
• Registry Domain ID: D20231130G10001G_13716168-top
• Registrar WHOIS Server: whois.west263[.]com
• Registrar URL: www.west263[.]com
• Updated Date: 2024-02-28T07:21:18Z
• Creation Date: 2023-11-30T03:27:17Z  (Recently created)
• Registry Expiry Date: 2024-11-30T03:27:17Z
• Registrar: Chengdu west dimension digital
• Registrant State/Province: Hei Long Jiang
• Registrant Country: CN (China)
• Name Server: amos.ns.cloudflare[.]com
• Name Server: zara.ns.cloudflare[.]com

Note: Cybercriminal used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory:

• Do not open those messages received from social platforms in which you think that such messages are suspicious or unsolicited. In the beginning, your own discretion can become your best weapon.
• Falling prey to such scams could compromise your entire system, potentially granting unauthorized access to your microphone, camera, text messages, contacts, pictures, videos, banking applications, and more. Keep your cyber world safe against any attacks.
• Never, in any case, reveal such sensitive data as your login credentials and banking details to entities you haven't validated as reliable ones.
• Before sharing any content or clicking on links within messages, always verify the legitimacy of the source. Protect not only yourself but also those in your digital circle.
• For the sake of the truthfulness of offers and messages, find the official sources and companies directly. Verify the authenticity of alluring offers before taking any action.

Conclusion:

Aarong Ramadan Gift scam is a fraudulent act that takes advantage of the victims' loyalty to a reputable brand. The realization of the mechanism used to make the campaign look real, can actually help us become more conscious and take measures to our community not to be inattentive against cyberthreats. Be aware, check the credibility, and spread awareness to others wherever you can, to contribute in building a security conscious digital space.

‍

Executive Summary:

In the digital world, people are becoming targets more and more of online scams, which rely on deception. One of the ways the social media is being used for the elections in recent time, is the "BJP - Election Bonus" offer that promises a cash prize of Rs. 5000 or more, through some easy questionnaire. This article provides the details of this swindle and reveals its deceptive tricks as well as gives a set of recommendations on how to protect yourself from such online fraud, especially during the upcoming elections.

False Claim:

The "BJP - Election Bonus" campaign boasts that by taking a few clicks of the mouse, users will get a cash prize. This scheme is nothing but a fake association with the Bharatiya Janata Party (BJP)’s Government and Prime Minister Shri Narendra Modi and therefore, it uses the images and brands of both of them to give the scheme an impression of legitimacy. The imposters are taking advantage of the public's trust for the Government and the widespread desire for remuneration to ensnare the unaware victims, specifically before the upcoming Lok Sabha elections.

‍

The Deceptive Scheme:

• Tempting Social Media Offer: The fraud begins with an attractive link on the social media platforms. The scammers say that the proposal is related to the Bharatiya Janata Party (BJP) with the caption of “The official party has prepared many gifts for their supporters.” accompanied by an image of  the Prime Minister Shri Narendra Modi.

• Luring with Money: The offer promises to give Rs.5,000 or more. This is aimed at drawing in people specifically during election campaigns; and people’s desire for financial gain.

• Tricking with Questions: When the link is clicked, the person is brought to the page with the simple questions. The purpose of these questions is to make people feel safe and believe that they have been selected for an actual government’s program.

• The Open-the-Box Trap: Finally, the questions are answered and the last instruction is to open-the-box for the prize. However, this is just a tactic for them to make you curious about the reward.

• Fake Reward and Spreading the Scam: Upon opening the box, the recipient will be greeted with the text of Rs. 5000. However, this is not true; it is just a way to make them share the link on WhatsApp, helping the scammers to reach more victims.

The fraudsters use political party names and the Prime Minister's name to increase the plausibility of it, although there is no real connection. They employ the people's desire for monetary help, and also the time of the elections, making them susceptible to their tricks.

Analytical Breakdown:

• The campaign is a cleverly-created scheme to lure people by misusing the trust they have in the Government. By using BJP's branding and the Prime Minister's photo, fraudsters aim to make their misleading offer look credible. Fake reviews and cash reward are the two main components of the scheme that are intended to lure users into getting involved, and the end result of this is the path of deception.
• Through sharing the link over WhatsApp, users become unaware accomplices that are simply assisting the scammers to reach an even bigger audience and hence their popularity, especially with the elections around the corner.
• On top of this, the time of committing this fraud is very disturbing, as the election is just round the corner. Scammers do this in the context of the political turmoil and the spread of unconfirmed rumors and speculation about the upcoming elections in the same way they did earlier. The fraudsters are using this strategy to take advantage of the political affiliations by linking their scam to the Political party and their Leaderships.

• We have also cross-checked and as of now there is no well established and credible source or any official notification that has confirmed such an offer advertised by the Party.

• Domain Analysis: The campaign is hosted on a third party domain, which is different from the official website, thus creating doubts. Whois information reveals that the domain has been registered not long ago. The domain was registered on 29th march 2024, just a few days back.   

• Domain Name: PSURVEY[.]CYOU
• Registry Domain ID: D443702580-CNIC
• Registrar WHOIS Server: whois.hkdns.hk
• Registrar URL: http://www.hkdns.hk
• Updated Date: 2024-03-29T16:18:00.0Z
• Creation Date: 2024-03-29T15:59:17.0Z (Recently Created)
• Registry Expiry Date: 2025-03-29T23:59:59.0Z
• Registrant State/Province: Anhui
• Registrant Country: CN (China)
• Name Server: NORMAN.NS.CLOUDFLARE.COM
• Name Server: PAM.NS.CLOUDFLARE.COM

Note: Cybercriminals used Cloudflare technology to mask the actual IP address of the fraudulent website.

CyberPeace Advisory and Best Practices:

• Be careful and watchful for any offers that seem too good to be true online, particularly during election periods. Exercise caution at a high level when you come across such offers, because they are usually accompanied by dishonest schemes.

• Carefully cross-check the authenticity of every campaign or offer you’re considering before interacting with it. Do not click on suspicious links and do not share private data that can be further used to run the scam.

• If you come across any such suspicious activity or if you feel you have been scammed, report it to the relevant authorities, such as the local police or the cybercrime section. Reporting is one of the most effective instruments to prevent the spread of these misleading schemes and it can support the course of the investigations.

• Educate yourselves and your families on the usual scammers’ tricks, including their election-related strategies. Prompt people to think critically and a good deal of skepticism when they meet online offers and promotions that evoke a possibility to obtain money or rewards easily.

• Ensure that you are always on a high level of alert as you explore the digital field, especially during elections. The authenticity of the information you encounter should always be verified before you act on it or pass it over to someone else.

• In case you have any doubt or worry regarding a certain e-commerce offer or campaign, don’t hesitate to ask for help from reliable sources such as Cybersecurity experts or Government agencies. A consultation with credible sources will assist you in coming up with informed decisions and guarding yourself against being navigated by these schemes.

Conclusion:

The "BJP - Election Bonus" campaign is a real case study of how Internet fraud is becoming more popular day by day, particularly before the elections. Through the awareness of the tactics employed by these scammers and their abuse of the community's trust in the Government and political figures, we can equip ourselves and our communities to avert becoming the victim of such fraudulent schemes. As a team, we can collectively strive for a digital environment free of threats and breaches of security, even in times of high political tension that accompany elections.

‍