#FactCheck - Debunking the AI-Generated Image of an Alleged Israeli Army Dog Attack

Introduction

A recent massive scam has been uncovered in the Indian state of Gujarat, where the Criminal Investigation Department (CID) has blacklisted 30,000 SIM cards that were used for illegal activities. The scam has created a huge uproar in the state, and its implications are significant. In this blog, we will discuss the details of the Gujarat scam and its impact on the state.

What is sim card fraud?

Sim card fraud occurs when someone uses a fake or cloned sim card to impersonate someone else. This allows the fraudster to gain access to sensitive information or conduct transactions on behalf of the victim. The use of fraudulent sim cards has become increasingly common in recent years, with scammers targeting individuals and businesses around the world.

The Gujarat Scam: The Gujarat scam involves the use of SIM cards for illegal activities such as extortion, blackmail, and cybercrime. The CID has identified that the SIM cards were obtained using fake documents and were used for illegal activities.  The scam has been happening for a while, involving several individuals, including businessmen, politicians, and government officials.

The CID has conducted raids across the state and has arrested several individuals involved in the scam. They have also seized a significant amount of cash, mobile phones, and other electronic devices used for illegal activities. The investigation is ongoing, and more arrests are expected in the coming days.

The Gujarat scam is not an isolated incident, as similar scams have been reported in other parts of the country. The Telecom Regulatory Authority of India (TRAI) has also reported that several telecom operators are not following the regulations and are not verifying the authenticity of documents used to obtain SIM cards.

Impact on the State: The Gujarat scam has caused significant damage to the state’s reputation, and it has also affected the economy. The scam has highlighted the lack of regulation in the telecom industry, and it has exposed the loopholes in the system that criminals are exploiting.

The blacklisting of 30,000 SIM cards will affect several individuals who may have obtained them legally but were unaware of their use for illegal activities. The blacklisting may also impact businesses that rely on mobile phones for their operations.

The scam has also raised concerns about personal information and data safety. With the use of fake documents to obtain SIM cards, it is evident that personal information is not secure and can be easily misused. The government needs to take steps to ensure that personal information is protected and that the telecom industry is regulated to prevent such scams from happening in the future.

Steps Taken by the Government: The Gujarat scam has prompted the government to take action to prevent such incidents from happening in the future. The government has announced that it will implement stricter regulations in the telecom industry to prevent the misuse of SIM cards. The government has also announced that it will introduce a system to verify the authenticity of documents used to obtain SIM cards.

The government has also urged citizens to be vigilant and report any suspicious activity related to the misuse of SIM cards. The government has assured citizens that it will take strict action against those involved in the scam and that it will ensure the safety of personal information and data.

The TRAI has also taken steps to address the issue. It has directed telecom operators to verify the authenticity of documents used to obtain SIM cards and to follow the regulations. The TRAI has also introduced a new system to identify and deactivate inactive SIM cards.

Here are some key takeaways from the Gujarat Sim scam: These takeaways should be kept in mind to prevent such incidents from happening in the future and to ensure the safety of citizens and businesses.

Need for Stricter Regulations: The Gujarat Sim scam has highlighted the need for stricter regulations in the telecom industry. The government needs to ensure that telecom operators follow the regulations and verify the authenticity of documents used to obtain SIM cards. This will help prevent the misuse of SIM cards and illegal activities.

Importance of Personal Information Security: The scam has raised concerns about personal information and data safety. It is important to ensure that personal information is protected and that the telecom industry is regulated to prevent such scams from happening in the future.

Impact on Reputation and Economy: The Gujarat scam has caused significant damage to the state’s reputation, and it has also affected the economy. The blacklisting of 30,000 SIM cards will impact several individuals who may have obtained them legally but were unaware of their use for illegal activities. The scam has also raised concerns about the safety of businesses that rely on mobile phones for their operations.

Need for Vigilance: The government has urged citizens to be vigilant and report any suspicious activity related to the misuse of SIM cards. It is important for citizens to be aware of the regulations and to report any illegal activities to prevent such incidents from happening in the future.

Strong Action Against Criminals: The blacklisting of 30,000 SIM cards and the arrests made by the CID sends a strong message to those involved in illegal activities that they will not be spared. It is important for the government to take strict action against those involved in the scam to deter others from engaging in such activities.

Conclusion

The Gujarat scam has exposed vulnerabilities in the telecom industry and highlighted the need for stricter regulations to prevent such incidents from happening in the future. The blacklisting of 30,000 SIM cards has sent a strong message to those involved in illegal activities that they will not be spared. The government’s efforts to implement stricter regulations and ensure the safety of personal information and data are commendable. It is now up to the citizens to be vigilant and report any suspicious activity to prevent such incidents from happening in the future.

The telecom industry plays a vital role in the country’s development, and it is important to ensure that it is regulated to prevent the misuse of its services. Overall, the Gujarat Sim scam has highlighted the need for stricter regulations, personal information security, vigilance, and strong action against criminals.

Reference:

https://timesofindia.indiatimes.com/city/ahmedabad/pre-activated-sim-cards-behind-phone-scamming/articleshow/98261346.cms

https://timesofindia.indiatimes.com/city/ahmedabad/cid-blacklists-30000-sim-cards-used-to-con-1-27-lakh-gujaratis-of-rs-815-crore/articleshow/98259398.cms

Introduction

Given the era of digital trust and technological innovation, the age of artificial intelligence has provided a new dimension to how people communicate and how they create and consume content. However, like all borrowed powers, the misuse of AI can lead to terrible consequences. One recent dark example was a cybercrime in Brazil: a sophisticated online scam using deepfake technology to impersonate celebrities of global stature, including supermodel Gisele Bündchen, in misleading Instagram ads. Luring in millions of reais in revenue, this crime clearly brings forth the concern of AI-generative content having rightfully set on the side of criminals. 

‍

Scam in Motion

Lately, the federal police of Brazil have stated that this scheme has been in circulation since 2024, when the ads were already being touted as apparently very genuine, using AI-generated video and images. The ads showed Gisele Bündchen and other celebrities endorsing skincare products, promotional giveaways, or time-limited discounts. The victims were tricked into making petty payments, mostly under 100 reais (about $19) for these fake products or were lured into paying "shipping costs" for prizes that never actually arrived.

The criminals leveraged their approach by scaling it up and focusing on minor losses accumulated from every victim, thus christening it "statistical immunity" by investigators. Victims being pocketed only a couple of dollars made most of them stay on their heels in terms of filing a complaint, thereby allowing these crooks extra limbs to shove on. Over time, authorities estimated that the group had gathered over 20 million reais ($3.9 million) in this elaborate con.

The scam was detected when a victim came forth with the information that an Instagram advertisement portraying a deepfake video of Gisele Bündchen was indeed false. With Anna looking to be Gisele and on the recommendation of a skincare company, the deepfake video was the most well-produced fake video. On going further into the matter, it became apparent that the investigations uncovered a whole network of deceptive social media pages, payment gateways, and laundering channels spread over five states in Brazil.

‍

The Role of AI and Deepfakes in Modern Fraud

It is one of the first few large-scale cases in Brazil where AI-generated deepfakes have been used to perpetrate financial fraud. Deepfake technology, aided by machine learning algorithms, can realistically mimic human appearance and speech and has become increasingly accessible and sophisticated. Whereas before a level of expertise and computer resources were needed, one now only requires an online tool or app. 

With criminals gaining a psychological advantage through deepfakes, the audiences would be more willing to accept the ad as being genuine as they saw a familiar and trusted face, a celebrity known for integrity and success. The human brain is wired to trust certain visual cues, making deepfakes an exploitation of this cognitive bias. Unlike phishing emails brimming with spelling and grammatical errors, deepfake videos are immersive, emotional, and visually convincing. 

This is the growing terrain: AI-enabled misinformation. From financial scams to political propaganda, manipulated media is killing trust in the digital ecosystem.

‍

Legalities and Platform Accountability

The Brazilian government had taken a proactive stance on the issue. In June 2025, the country's Supreme Court held that social media platforms could be held liable for failure to expeditiously remove criminal content, even in the absence of a formal order from a court. The icing on the cake is that that judgment would go a long way in architecting platform accountability in Brazil and potentially worldwide as jurisdictions adopt processes to deal with AI-generated fraud.

Meta, the parent company of Instagram, had said its policies forbid "ads that deceptively use public figures to scam people." Meta claims to use advanced detection mechanisms, trained review teams, and user tools to report violations. The persistence of such scams shows that the enforcement mechanisms still lag the pace and scale of AI-based deception.

‍

Why These Scams Succeed

There are many reasons for the success of these AI-powered scams.

1. Trust Due to Familiarity: Human beings tend to believe anything put forth by a known individual.
2. Micro-Fraud: Keeping the money laundered from victims small prevents any increase in the number of complaints about these crimes.
3. Speed To Create Content: New ads are being generated by criminals faster than ads can be checked for and removed by platforms via AI tools.
4. Cross-Platform Propagation: A deepfake ad is then reshared onto various other social networking platforms once it starts gaining some traction, thereby worsening the problem.
5. Absence of Public Awareness: Most users still cannot discern manipulated media, especially when high-quality deepfakes come into play.

‍

Wider Implications on Cybersecurity and Society

The Brazilian case is but a microcosm of a much bigger problem. With deepfake technology evolving, AI-generated deception threatens not only individuals but also institutions, markets, and democratic systems. From investment scams and fake charters to synthetic IDs for corporate fraud, the possibilities for abuse are endless.

Moreover, with generative AIs being adopted by cybercriminals, law enforcement faces obstructions to properly attributing, validating evidence, and conducting digital forensics. Determining what is actual and what is manipulated has now given rise to the need for a forensic AI model that has triggered the deployment of the opposite on the other side, the attacker, thus initiating a rising tech arms race between the two parties.

‍

Protecting Citizens from AI-Powered Scams

Public awareness has remained the best defence for people in such scams. Gisele Bündchen's squad encouraged members of the public to verify any advertisement through official brand or celebrity channels before engaging with said advertisements. Consumers need to be wary of offers that appear "too good to be true" and double-check the URL for authenticity before sharing any kind of personal information

Individually though, just a few acts go so far in lessening some of the risk factors:

• Verify an advertisement's origin before clicking or sharing it
• Never share any monetary or sensitive personal information through an unverifiable link
• Enable two-factor authentication on all your social accounts
• Periodically check transaction history for any unusual activity
• Report any deepfake or fraudulent advertisement immediately to the platform or cybercrime authorities

Collaboration will be the way ahead for governments and technology companies. Investing in AI-based detection systems, cooperating on international law enforcement, and building capacity for digital literacy programs will enable us to stem this rising tide of synthetic media scams.

‍

Conclusion

The deepfake case in Brazil with Gisele Bündchen acts as a clarion for citizens and legislators alike. This shows the evolution of cybercrime that profited off the very AI technologies that were once hailed for innovation and creativity. In this new digital frontier that society is now embracing, authenticity stands closer to manipulation, disappearing faster with each dawn.

While keeping public safety will certainly still require great cybersecurity measures in this new environment, it will demand equal contributions on vigilance, awareness, and ethical responsibility. Deepfakes are not only a technology problem but a societal one-crossing into global cooperation, media literacy, and accountability at every level throughout the entire digital ecosystem.

‍

Disclaimer:

The information is based on claims made by threat actors and does not imply confirmation of the breach, by CyberPeace. CyberPeace includes this detail solely to provide factual transparency and does not condone any unlawful activities. This information is shared only for research purposes and to spread awareness. CyberPeace encourages individuals and organizations to adopt proactive cybersecurity measures to protect against potential threats.

🚨 Data Breach Alert ⚠️: 

Recently The Research Wing of CyberPeace and Autobot Infosec have come across a claim on a threat actor’s dark web website alleging a data breach involving 637k+ records from Federal Bank. According to the threat actor’s claim, the data allegedly includes sensitive details such as-

• 🧑‍Customer Name
• 🆔Customer ID
• 🏠 Customer Address
• 🎂 Date of Birth
• 🔢 Age
• 🚻 Gender
• 📞Mobile Number
• 🪪 PAN Number
• 🚘 Driving License Number
• 🛂 Passport Number
• 🔑 UID Number
• 🗳️ Voter ID Information

The alleged data was initially discovered on a dark web website, where the threat actors allegedly claimed to be offering the breached information for sale. Following their announcement of the breach, a portion of the data was reportedly published on December 27, 2024. A few days later, the full dataset was allegedly released on the same forum.

About the Threat Actor Group:

Bashe, a ransomware group that emerged in 2024, is claimed to have evolved from the LockBit ransomware group, previously operating under the names APT73 and Eraleig. The group employs data encryption combined with extortion tactics, threatening to release sensitive information if ransom demands are unmet. Their operations primarily target critical industries, including technology, healthcare, and finance, demonstrating a strategic focus on high-value sectors.

Breakdown of the Alleged Post by the Threat Actor:

• Target: Allegedly involves Customer’s Data of Federal Bank.
• Data Volume: Claimed breach includes 637,894 records.
• Data Fields: Threat actor claims the data contains sensitive information, including Customer name, Customer ID, Date of Birth, PAN Number, Age, Gender, Father Name, Spouse Name, Driving Licence, Passport Number, UID Number, Voter ID, District, Zip Code, Home Address, Mailing Address, State etc.

Analysis:

The analysis of the alleged data breach highlights the states purportedly most impacted, along with insights into the affected age groups, gender distribution, and other key insights associated with the compromised data. This evaluation aims to provide a clearer understanding of the claimed breach's scope and its potential demographic and geographic impact.

Top States Impacted: 

As per the alleged breached data, Tamil Nadu has the highest number of affected customers, accounting for a significant 34.49% of the total breach. Karnataka follows closely with 26.89%, indicating a substantial number of individuals affected in the state. In contrast states such as Uttar Pradesh, Haryana, Delhi, and Rajasthan report minimal impact, with each state having less than 1% of affected customers. Gujarat records 3.70% of the breach, with a sharp drop in affected numbers from other states, highlighting a significant disparity in the extent of the breach across regions.

Impacted Age Range Statistics:

The alleged data breach has predominantly impacted customers in the 31-40 years age group, which constitutes the largest segment at 35.80% of the affected individuals. Following this, the 21-30 years age group also shows significant impact, comprising 27.72% of those affected. The 41-50 years age group accounts for 20.55% of the impacted population, while individuals aged 50 and above represent 12.68%. In contrast, the 0-20 years age group is the least affected, with only 3.24% of customers falling into this category.

Gender Wise Statistics:

The alleged data breach has predominantly impacted male customers, who constitute the majority at 74.05% of the affected individuals. Female customers account for 23.18%, while a smaller segment, categorized as "Others," constitutes 2.77%.

The alleged dataset from the threat actors indicated that a significant portion of customers' personal identification data was compromised. This includes sensitive information such as driving licenses, passport numbers, UID numbers, voter IDs, and PAN numbers.

Significance of the Allegations:

Though the claims have not been independently verified at our end it underscores the rising risks of cyberattacks and data breaches, especially in the financial and banking sectors. If true, the exposure of such sensitive information could lead to financial fraud, identity theft, and severe reputational damage for individuals and organizations alike.

CyberPeace Advisory:

CyberPeace emphasizes the importance of vigilance and proactive measures to address cybersecurity risks:

• Monitor Your Accounts: Keep a close eye on financial and email accounts for any suspicious activity.
• Update Passwords: Change your passwords immediately and enable Multi Factor Authentication(MFA) wherever possible.
• Beware of Phishing Attacks: Threat actors may exploit the leaked data to craft targeted phishing scams. Do not click on unsolicited links or share sensitive details over email or phone.
• For Organizations: Strengthen data protection mechanisms, regularly audit security infrastructure, and respond swiftly to emerging threats.
• Report: For more assistance or to report cyber incidents, visit https://cybercrime.gov.in or contact our helpline team at helpline@cyberpeace.net.

We advise affected parties and the broader public to stay alert and take necessary precautions. CyberPeace remains committed to raising awareness about cybersecurity threats and advocating for better protection mechanisms. We urge all stakeholders to investigate the claims and ensure appropriate steps are taken to protect the impacted data, if the breach is confirmed. Our Research Wing is actively observing the situation and we aim to collaborate with the stakeholders and relevant agencies to mitigate the impact.

Stay Vigilant! Stay CyberPeaceful.

‍