#FactCheck - Viral Clip and Newspaper Article Claiming 18% GST on 'Good Morning' Messages Debunked

Introduction

In the age of advanced technology, Cyber threats continue to grow, and so are the cyber hubs. A new name has been added to the cyber hub, Purnia, a city in India, is now evolving as a new and alarming menace-biometric cloning and financial crimes. This emerging cyber threat involves replicating an individual’s biometric data, such as fingerprint or facial recognition, to gain unauthorised access to their bank accounts and carry out fraudulent activities. In this blog, we will have a look at the methods employed, the impact on individuals and institutions, and the necessary steps to mitigate the risk.

The Backdrop

Purnia, a bustling city in the state of Bihar, India, is known for its rich cultural heritage, However, underneath its bright appearance comes a hidden danger—a rising cyber threat with the potential to devastate its citizens’ financial security. Purnia has seen the growth of a dangerous trend in recent years, such as biometric cloning for financial crimes, after several FIRs were registered with Kasba and Amaur police stations. The Police came into action and started an investigation.

Modus Operandi unveiled

The modus Operandi of cyber criminals includes hacking into databases, intercepting data during transactions, or even physically obtaining fingerprints of facial images from objects or surfaces. Let’s understand how they gathered all this data and why Bihar was not targeted.

These criminals are way smart they operate in the three states. They targeted and have open access to obtain registry and agreement paperwork from official websites, albeit it is not available online in Bihar. As a result, the scam was conducted in other states rather than Bihar; further, the fraudsters were involved in downloading the fingerprints, biometrics, and Aadhaar numbers of buyers and sellers from the property registration documents of Andhra Pradesh, Haryana, and Telangana.

After Cloning fingerprints, the fraudster withdrew money after linking with Aadhaar Enabled Payment System (AEPS) from various bank accounts. The fraudsters stamped the fingerprint on rubber trace paper and utilised a polymer stamp machine and heating at a specific temperature with a chemical to make duplicate fingerprints used in unlawful financial transactions from several consumers’ bank accounts.

Investigation Insight

After the breakthrough, the police teams recovered a large number of smartphones, ATM cards, rubber stamps of fingerprints, Aadhar numbers, scanners, Stamp machines, laptops, and chemicals, and along with this, 17 people were arrested.

During the investigation, it was found that the cybercriminals employ Sophisticated money laundering techniques to obscure the illicit origins of the stolen funds. The fraudsters transfer money into various /multiple accounts or use cryptocurrency. Using these tactics makes it more challenging for authorities to trace back money and get it back.

Impact of biometric Cloning scam

The Biometric scam has far-reaching implications both for society, Individuals, and institutions. These kinds of scams cause financial losses and create emotional breakdowns, including anger, anxiety, and a sense of violation. This also broke the trust in a digital system.

It also seriously impacts institutions. Biometric cloning frauds may potentially cause severe reputational harm to financial institutions and organisations. When clients fall prey to such frauds, it erodes faith in the institution’s security procedures, potentially leading to customer loss and a tarnished reputation. Institutions may suffer legal and regulatory consequences, and they must invest money in investigating the incident, paying victims, and improving their security systems to prevent similar instances.

Raising Awareness

Empowering Purnia Residents to Protect Themselves from Biometric Fraud: Purnia must provide its inhabitants with knowledge and techniques to protect their personal information as it deals with the increasing issue of biometric fraud. Individuals may defend themselves from falling prey to these frauds by increasing awareness about biometric fraud and encouraging recommended practices. This blog will discuss the necessity of increasing awareness and present practical recommendations to help Purnia prevent biometric fraud. Here are some tips that one can follow;

• Securing personal Biometric data: It is crucial to safeguard personal biometric data. Individuals should be urged to secure their fingerprints, face scans, and other biometric information in the same way that they protect their passwords or PINs. It is critical to ensure that biometric data is safely maintained and shared with only trustworthy organisations with strong security procedures in place.
• Verifying Service providers: Residents should be vigilant while submitting biometric data to service providers, particularly those providing financial services. Before disclosing any sensitive information, it is important to undertake due diligence and establish the validity and reliability of the organisation. Checking for relevant certificates, reading reviews, and getting recommendations can assist people in making educated judgments and avoiding unscrupulous companies.
• Personal Cybersecurity: Individuals should implement robust cybersecurity practices to reduce the danger of biometric fraud. This includes using difficult and unique passwords, activating two-factor authentication, upgrading software and programs on a regular basis, and being wary of phishing efforts. Individuals should also refrain from providing personal information or biometric data via unprotected networks or through untrustworthy sources.
• Educating the Elderly and Vulnerable Groups: Special attention should be given to educating the elderly and other vulnerable groups who may be more prone to scams. Awareness campaigns may be modified to their individual requirements, emphasising the significance of digital identities, recognising possible risks, and seeking help from reliable sources when in doubt. Empowering these populations with knowledge can help keep them safe from biometric fraud.

Measures to Stay Ahead

As biometric fraud is a growing concern, staying a step ahead is essential. By following these simple steps, one can safeguard themselves.

• Multi-factor Authentication: MFA is one of the best methods for security. MFA creates multi-layer security or extra-layer security against unauthorised access. MFA incorporates a biometric scan and a password.
• Biometric Encryption: Biometric encryption securely stores and transmits biometric data. Rather than keeping raw biometric data, encryption methods transform it into mathematical templates that cannot be reverse-engineered. These templates are utilised for authentication, guaranteeing that the original biometric information is not compromised even if the encrypted data is.
• AI and Machine Learning (ML): AI and ML technologies are critical in detecting and combating biometric fraud. These systems can analyse massive volumes of data in real-time, discover trends, and detect abnormalities. Biometric systems may continually adapt and enhance accuracy by employing AI and ML algorithms, boosting their capacity to distinguish between legitimate users and fraudulent efforts.

Conclusion

The Biometric fraud call needs immediate attention to protect the bankers from the potential consequences. By creating awareness, we can save ourselves; additionally, by working together, we can create a safer digital environment. The use of biometric verification was inculcated to increase factor authentication for a banker. However, we see that the bad actors have already started to bypass the tech and even wreak havoc upon the netizens by draining their accounts of their hard-earned money. The banks and the cyber cells nationwide need to work together in synergy to increase awareness and safety mechanisms to prevent such cyber crimes and create effective and efficient redressal mechanisms for the citizens.

Reference

https://www.hindustantimes.com/cities/patna-news/purnia-emerges-as-cyber-fraud-hotspot-as-biometric-data-used-for-online-swindling-police-arrest-17-and-recover-cloning-equipment-1016841669436

Introduction

In the hyper-connected era, something as mundane as charging your phone can become a gateway to cyberattacks. A recent experience of Assam Chief Minister Himanta Biswa Sarma has reignited fears of an emerging digital menace called juice jacking. Sarma, who was taking an Emirates flight from Delhi to Dubai, used an international charger and cable provided by another passenger on board. As he afterwards reported on X (formerly Twitter), the passenger got off while he slept and so could not return the borrowed items. Though most people admired the CM's humility and openness, cybersecurity experts and citizens were quick to point out a possible red flag, that it could be a juice-jacking attempt. Whether by design or not, the scene calls out to the concealed risks of using unfamiliar charging equipment, particularly for those who hold sensitive roles.

What Is Juice Jacking?

Juice jacking takes advantage of the multi-purpose nature of USB connectors, which can carry both electrical energy and information. Attackers hack USB ports or cables to either:

• Insert harmful payloads (malware, spyware, ransomware) during power transfer, or
• Create unauthorised data pathways for silent information exfiltration.

Types of Juice Jacking Attacks

1. Data Theft (Exfiltration Attack): The USB cable or port is rigged to silently extract files, media, contacts, keystrokes, or login information from the attached phone.
2. Malware Injection (Payload Attack): The USB device is set to impersonate a Human Interface Device (HID), such as a keyboard. It sends pre-defined commands (shell scripts, command-line inputs) to the host, loading backdoors or spying tools.
3. Firmware Tampering: In more sophisticated cases, attackers implement persistent malware at the bootloader or firmware level, bypassing antivirus protection and living through factory resets.
4. Remote Command-and-Control Installation: Certain strains of malware initiate backdoors to enable remote access to the device over the internet upon reconnection to a live network.

Why the Assam CM’s Incident Raised Flags 

Whereas CM Sarma's experience was one of thanks, the digital repercussions of this scenario are immense:

• High-value targets like government officials, diplomats, and corporate executives tend to have sensitive information.
• A hacked cable can be used as a spy tool, sending information or providing remote access.
• With the USB On-The-Go (OTG) feature in contemporary Android and iOS devices, an attacker can run autorun scripts and deploy payloads at device connect/disconnect.
• If device encryption is poor or security settings are incorrectly configured, attackers may gain access to location, communication history, and app credentials.

Technical Juice Jacking Indicators

The following are indications that a device could have been attacked:

• Unsolicited request for USB file access or data syncing on attaching.
• Faster battery consumption (from background activities).
• The device is acting strangely, launching apps or entering commands without user control.
• Installation of new apps without authorisation.
• Data consumption increases even if no browsing is ongoing.

‍

CyberPeace Tech-Policy Advisory: Preventing Juice Jacking

‍

1. Hardware-Level Mitigation
   
   1. Utilise USB Data Blockers: Commonly referred to as "USB condoms," such devices plug the data pins (D+ and D-), letting only power (Vcc and GND) pass through. This blocks all data communication over USB.
   2. Charge-Only Cables: Make use of cables that physically do not have data lines. These are specifically meant to provide power only.
   3. Carry a Power Bank: Use your own power source, if possible, for charging, particularly in airports, conferences, or flights.

2. Operating System(OS) Level Protections

1. iOS Devices:

‍

Enable USB Restricted Mode:

Keep USB accessories from being able to connect when your iPhone is locked.

Settings → Face ID & Passcode → USB Accessories → Off

‍

2. Android Devices:

Disable USB Debugging:

Debugging makes device access available for development, but it can be taken advantage of. If USB Debugging is turned on, and someone connects your phone to a computer, they might be able to access your data, install apps, or even control your phone, especially if your phone is unlocked. Hence, it should be kept off. 

Settings → Developer Options → USB Debugging → Off

‍

3. Set USB Default to 'Charge Only'

Settings → Connected Devices → USB Preferences → Default USB Configuration → Charge Only

‍

3) Behavioural Recommendations

• Never take chargers or USB cables from strangers.
• Don't use public USB charging points, particularly at airports or coffee shops.
• Turn full-disk encryption on on your device. It is supported by most Android and all iOS devices.
• Deploy endpoint security software that can identify rogue USB commands and report suspicious behaviour.
• Check cables or ports physically, many attack cables are indistinguishable from legitimate ones (e.g., O.MG cables).

Conclusion

"Juice jacking is no longer just a theoretical or obscure threat. In the age of highly mobile, USB-charged devices, physical-layer attacks are becoming increasingly common, and their targets are growing more strategic. The recent case involving the Assam Chief Minister was perhaps harmless, but it did serve to underscore a fundamental vulnerability in daily digital life. As mobile security becomes more relevant to individuals and organisations worldwide, knowing about hardware-based attacks like juice jacking is essential. Security never needs to be sacrificed for convenience, particularly when an entire digital identity might be at risk with just a single USB cable.

References

• https://www.indiatoday.in/trending-news/story/assam-chief-minister-himanta-biswa-sarma-x-post-on-emirates-passenger-sparks-juice-jacking-concerns-2706349-2025-04-09
• https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2016-0085
• https://www.fcc.gov/juice-jacking-tips-to-avoid-it
• https://www.cyberpeace.org/resources/blogs/juice-jacking
• https://support.apple.com/en-in/HT208857
• https://developer.android.com/studio/debug/dev-options

‍

Introduction

The debate between free speech and social responsibility is one of the oldest, long-running debates in history. Free speech is considered to be at the heart of every democracy. It is considered the “mother” of all other freedoms, enshrined in Article 19(1)(a) of the Indian Constitution under Part III: Fundamental Rights. It takes various shapes and forms according to the sociopolitical context of society. Evelyn Beatrice Hall, a prominent English writer of the 19th century, laid the foundation of every democracy when she wrote in her book, "I disapprove of what you say, but I willdefend to the death your right to say it." The drastic misuse of social media to disseminate propaganda and fakenews makes it a marketplace of half-baked truth, becoming the antithesis ofwhat early philosophers dreamed of for a democratic modern age. Losethe ethics, and there you have it, the modern conceptualisation of freedom ofspeech and expression in the digital age. The right to freedom of speech andexpression is one of the most fundamental rights, but its exercise is notunfettered, and certain limits are placed upon this right under Art. 19 (2).Every right comes with a corresponding duty, and the exercise of such freedomalso puts the citizenry under the responsibility not to violate the rights ofothers and not to use the media to demean any other person.

SocialMedia: The New Public Square or a Weaponised Echo Chamber

InIndia, Art. 19(1)(a) of the constitution guarantees the right to freedom ofspeech and expression, but it is not absolute. Under Art. 19(2), this right issubject to reasonable restrictions in the interest of public order, decency,morality, and national security. This is construed as a freedom for everyindividual to freely express their opinions, but not to incite violence, spreadfalsehoods, or harm others’ dignity. Unfortunately, the boundaries betweenthese are increasingly blurred.

Thedissemination of unfiltered media and the strangulation of innocence by pushingoften vulgar and obscene content down the throats of individuals, withoutverifying the age and gender profile of the social media user, is a big farcein the name of free speech and a conscious attempt by the intermediaries andsocial media platforms such as Facebook, Instagram, Threads, etc., to wriggleout of their responsibility. A prime example is when Meta’s Mark Zuckerberg, on7th January 2025, gave a statement asserting less intervention into what peoplefind on its social media platforms as the new “best practice”. While lessinterference would have worked in a generation that merely operated on thediffering, dissenting, and raw ideas bred by the minds of differentindividuals, it is not the case for this day and age. There has been asignificant rise in cases where social media platforms have been used as abattleground for disputes, spreading communal violence, misinformation, anddisinformation.

Thereis no debate about the fact that social media platforms have fostered a globalexpression, making the world a global village, bringing everyone together. Onthe other hand, the platforms have become the epicentre of computer-basedcrimes, where children and teenagers often become prey to these crimes,cyberbullying, and cyberstalking.  

Rising Importance of Platform Accountability

Themost pertinent question that is to be asked with a conscious mind is whether anunregulated media is a reflection of Freedom of Speech, a right given to us byour constitution under Article. 19(1)(a), or whether free speech is just a garbby big stakeholders, and we are all victims of an impending infodemic andvictims of AI algorithms, because, as per the reports that surfaced during theCovid-19 pandemic, India saw a dramatic 214% rise in false information. Anotherreport by the UNESCO-Ipsos survey revealed that 85% of Indian respondentsencounter online hate speech, with around 64% pointing to social media as aprimary source.

While the focus on platform accountability is critical, it is equally important to recognise that the right to free speech is not absolute. Therefore, users also bear a constitutional responsibility while exercising this right. Free expression in a democratic society must be accompanied by civic digital behaviour, which includes refraining from spreading hate speech, misinformation, or engaging in harmful conduct online. The most recent example of this is the case of Ranveer Gautam Allahabadia vs. UOI (popularly known as “Latent Case”); the court came down heavily on the hosts and makers of the show and made its position crystal clear by stating, “there is nothinglike a fundamental right on platter...the fundamental rights are all followedby a duty...unless those people understand duty, there is no [...] deal withthat kind of elements...if somebody wants to enjoy fundamental rights, thiscountry gives a guarantee to enjoy, but guarantee is with a duty so thatguarantee will involve performing that duty also” .

The Way Forward: CyberPeace Suggests

In order to realise the benefits and derive the true benefits from the rights we are provided, especially the one in discussion, i.e., Freedom of Speech and Expression, the government and the designated intermediaries and regulators have to prepare both roadmaps, one for “Platform Accountability” and one for "User Accountability”, wherein the regulators with a reasonable foresight should conduct Algorithm Risk Audits which is a technique to make algorithms and there effects on content feeds visible. It can be an effective tool and an objective manner to compare how algorithms are automatically pushing different content to different users in an unfair or unbalanced way. As for user accountability, “Digital Literacy” is the way forward, ensuring that social media remains a marketplace of ideas and does not become a minefield of misfires.