Launch of Central Suspect Registry to Combat Cyber Crimes

A video circulating widely on social media claims that Indian cricketer Virat Kohli made a sarcastic remark about fast bowler Prasidh Krishna ahead of the New Zealand series. In the clip, Kohli is allegedly heard saying that he expected to be the top scorer of the series, but lost all hope after seeing Prasidh Krishna’s name in the squad.

Users sharing the video claim that Kohli publicly commented on Prasidh Krishna in this manner.

Research by the CyberPeace Foundation has found the viral claim to be false. Our probe revealed that the viral clip has been digitally manipulated. The video is originally from a 2024 advertisement featuring Virat Kohli, in which his voice has been altered using deepfake (AI-generated) technology and falsely presented with a misleading narrative.

‍

Claim

‍

The video was shared on Instagram on January 6, 2025, with users claiming that Kohli made the remark after the New Zealand squad was announced. The post included the altered audio suggesting Kohli’s disappointment over Prasidh Krishna’s selection. Link, archive link

• https://www.instagram.com/reel/DTLGBeWCpOl/?igsh=MXZ4ZGc4cWx0ancxaw%3D%3D
• https://archive.ph/7u1A5 

‍

‍

Fact Check:

‍

To verify the claim, we extracted key frames from the viral video and conducted a Google Reverse Image Search. This led us to the original video posted by Virat Kohli himself on X (formerly Twitter) on April 15, 2024. The original clip was part of a brand advertisement, and no such statement about the New Zealand series or Prasidh Krishna was made in it. Link and Screenshot

• https://x.com/imVkohli/status/1779745082582896759 

‍

‍

A close review of the viral clip raised suspicions due to the unnatural tone and inconsistencies in Kohli’s voice. To confirm this, we analysed the video using the AI detection tool Aurigin AI. The tool’s results showed that the audio in the viral clip is 100 percent AI-generated, confirming that Kohli’s voice was artificially manipulated.

‍

‍

Conclusion

The CyberPeace Foundation’s research  confirms that the viral video claiming Virat Kohli mocked Prasidh Krishna is fake and misleading. The clip is taken from an old advertisement and has been doctored using deepfake technology to alter Kohli’s voice. The video is being circulated on social media with a false claim, and Virat Kohli has made no such statement regarding the New Zealand series or Prasidh Krishna.

‍

Introduction

‍

The way we interact, go about our daily lives and manage our financial resources has completely changed in this digital age. Tasks that were earlier done manually (and were extremely time-consuming) now happen in just minutes and seconds. As this convenience expands, so do the risks that come with it. The proliferation of digital technology has opened up a wide arena where we, as users, are getting exposed to a complex environment of emerging cyber threats at every step. This has become especially true for our senior citizens, who face heightened vulnerabilities owing to their age and situational factors. Therefore, getting an understanding of these risks and knowing how to respond to them is no longer optional.

‍

Cybercrime against senior citizens is rising every year. The elderly today are using and depending on smartphones, net banking, UPI (Unified Payments Interface) and social media more than ever. Scammers are preying on this circumstance and perpetrating well-planned cyber attacks on the senior population. A 2024 report from the United States Federal Trade Commission (FTC) that analysed cybercrime data for the year 2023 found that older adults lost more money per incident as opposed to the younger population. 

‍

This blog aims at providing practical and easy-to-follow cyber safety tips for senior citizens and a clear action plan on how to respond if they ever fall victim to a scam.

‍

Safe and Smart Browsing for the Elderly: Essential Cybersecurity Tips

‍

1. Device safety: Cybersecurity can be ensured with one simple rule, which is securing your device first. This is the first line of defence against cybercrime and can go a long way in preventing online attacks and scams. This device security can be established by using screen locks such as setting up a PIN, lock patterns, fingerprints, or even applying the face lock feature on smartphones and tablets. 

‍

The next step is to install a reputable antivirus on your device (such as laptops and desktops) and keep updating it from time to time. Enabling additional security features in your devices, such as ‘automatic updates’, further ensures that the phone’s Operating System (OS) and the Applications (apps) remain up to date. This guarantees that the device’s OS and the apps are fully upgraded to catch and fix any new security threats. Users should also beware of any unauthorised software. Suspicious links or messages that offer free software or updates should be avoided at all costs. 

‍

The Government of India’s 2024 cyber safety booklet also stresses the importance of keeping devices and apps equipped with the latest security patches to prevent exploitation of any known vulnerabilities. 

‍

2. Robust Passwords and 2FA: Weak passwords are one of the easiest entry points for cybercriminals. This is why it is crucial to have strong and robust passwords to keep accounts and devices absolutely secure. It is also important to make sure to avoid using very basic PINs, such as date of birth or predictable ascending digits such as ‘12345’. Also, similar passwords should not be used across various bank, email or social media accounts. While creating a strong password, ideally, one should use a combination of upper case and lower case letters along with mixed digits and special characters. If need be, one can jot down these complex passwords in a separate physical diary to keep a record and refer to it in case of forgetfulness. 

‍

Enabling two-factor authentication adds an extra layer of protection. Whenever and wherever possible, users should enable OTP (one-time password) based verification or app-based authentication codes. In case someone does end up stealing the user’s password, they would still need the second factor to log in.

‍

The Government of India supported the Information Security Education and Awareness (ISEA) initiative, which also provides guidelines that recommend the use of passwords and secure authentication as key cyber safety practices for senior citizens.

‍

3. Handle messages with caution: Most cybercrime instances against senior citizens are initiated with a phone call, an SMS or a WhatsApp message. Personal details such as OTPs, CVV (3-digit number on the back of a debit/credit card), ATM or UPI PIN, full debit/credit card number, net banking ID and password, etc., should never be shared over a call or a chat. Also, people need to be aware of the fact that genuine officials will never make any demands for such details over calls or messages. ISEA has specifically warned about frauds like phishing, where fraudsters call or message their victims pretending to be from banks, courier companies, telecom operators or from the government to trick seniors into revealing their personal details.

‍

A caller might say ‘Your KYC can get blocked, give OTP now’ or ‘Your card will get deactivated, click this link’. Hang up immediately! Do not click any links, do not share any number and do not install any app that they suggest (eg. remote access apps).

‍

4. Banking without worries: Online banking is truly a boon, especially for senior citizens. It eliminates the need to visit the bank in person for every small requirement. But this comfort and ease can serve us well only if we use it with a certain sense of vigilance and responsibility. 

‍

Users are advised to use only official banking apps that are downloaded from Google Play Store or the Apple App Store. It is also prudent to activate SMS or email alerts for all online transactions so that the user receives timely notifications of any withdrawal or transfer. Users should also avoid using public Wi-Fi connections for banking or UPI payments. It is better  to use your own mobile data or a home Wi-Fi with a strong password. This safeguards your financial transactions. India has a system in place called the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) that quickly responds to online financial fraud, especially with regards to UPI and net banking frauds.

‍

5. Think before you share: Beyond online banking and other essential activities on the web, lies the world of social media which has seamlessly woven itself into our daily routines. Therefore, gaining awareness about the safe usage of social media is extremely important. For starters, users should keep the privacy settings of their social media accounts as ‘Private’. They should also be mindful of accepting friend requests from strangers or unknown profiles, even if they claim that they know the user. Users must also avoid ‘oversharing’ on public platforms and social media accounts. It is always best to refrain from posting about personal details on social media such as finances, travel schedules or addresses. If a user receives urgent messages from a close friend or a relative asking for money, then it is better to first call them up directly to verify that the request is genuine. 

‍

The older generation should also be wary of fraudsters who, under false identities, build emotional relationships online and then start demanding money, gifts or even private photos from their victims. 

‍

6. Stay a step ahead: Lastly, senior users can stay a step ahead in this game by familiarising themselves with the typical scams that are targeted towards their age group. This know-how will prepare them to identify scam patterns and early warning signs. Discussing experiences or sharing knowledge with family members or peers can also help seniors bridge the gap between awareness and action.

Fallen for a scam? Don’t panic! Here’s what seniors should do next: An action plan for recovery and protection

‍

We are all human at the end of the day. Anyone can fall for a scam, even the most careful people. The important thing is how to ‘respond’ after getting scammed. As per the 2023 Internet Crime Complaint Center (IC3) Elder Fraud Report, prompt reporting after a scam can improve the chances of either freezing or retrieving the stolen money. If you have fallen for a scam, here is what you should do:

‍

1. Keep calm and disconnect: Though it may feel challenging, but the first instinct that victims should display is to keep their calm and hang up the phone. The victim should then block the number and refrain from responding to any further emails or messages. Any remote access app, screen sharing app or a support tool that were installed at the request of the caller, should be instantly uninstalled.

‍

2. Alert your bank right away: Time is of the essence when it comes to online financial frauds. If a user has been scammed and he is aware of it, then he should immediately call the official customer care number of his bank. It is to be noted here that this number should be verified from the bank’s website or from the user’s credit/debit card. Once the user is connected to the bank’s support staff, he should inform them clearly that he has been a victim of an online fraud. The support staff may guide the user regarding the options that he can undertake. These can be: blocking the cards, freezing the account or an attempt from the bank’s interface to try and stop or recall the recent transaction. 

‍

The Reserve Bank of India (RBI) has laid down certain guidelines on unauthorised electronic banking transactions that encourage quick reporting and provide a steady framework for customer liability. Also, if in case a victim feels that the bank’s response has been unsatisfactory, the complaints can be further escalated to the RBI Ombudsman.

‍

3. Reset online credentials: Once the victim has spoken to the bank and taken all necessary steps in that regard, the next step is to reset the passwords. Passwords for netbanking, UPI apps, email accounts, social media, shopping platforms, etc., should all be changed. The victim can also turn on two factor authentication for all important accounts. Incase some critical information like PAN (Permanent Account Number) or Aadhar or SSN (Social Security Number ) has been shared, the victim should be on the lookout for any identity theft in the form of unknown loans, new cards or credit enquiries. 

‍

4. Notify official cybercrime portals or authorities: The next step is to inform the relevant cybercrime authorities in your region. In India there is a government backed National Cyber Crime Helpline which is a part of the Financial Cyber Fraud Reporting and Management System. The aim of the helpline is to prevent further losses in digital payment frauds. Victims can also file a complaint on the National Cyber Crime Reporting portal. Other than these options, the victim can visit the nearest police station along with copies of their online complaint, bank statements, transaction receipts and ID proofs. 

‍

In the US, such complaints can be lodged with the IC3 which runs a specialised elder fraud program. The IC3 also publishes the annual Elder Fraud Report and lays down latest guidelines and trends regarding cybercrime.

‍

5. Preserve proofs of the scam: The IC3’s 2023 report notes that detailed and prompt reporting by the victim enables law enforcement and financial institutions to deploy ‘Financial Fraud Kill Chain’ procedures that help in tracing or freezing stolen funds. This is why it is very important to preserve the evidence of a cyber scam. Proper documentation can help banks and law enforcement agencies to properly investigate a case. If possible, the victim should save all messages, WhatsApp chats, emails, screenshots and voice recordings. Establishing a clear timeline of the events also helps. Minute details such as: when the first call was received, what was said and when the money exited the victim’s account, significantly help in piecing together the full picture. Victims should also keep a record of all bank statements and transaction alert messages related to the fraudulent activity. 

‍

6. Helping seniors heal: Apart from monetary damage, the emotional impact of a scam should also be acknowledged. Getting scammed can be deeply humiliating for senior citizens, especially at their age where everyday life may already feel quite overwhelming. Also, when it comes to their lifelong savings, the ramifications of becoming a victim of an online financial scam can be quite distressing for seniors. The US Department of Justice’s elder fraud content emphasises on the fact that senior victims need ample emotional support and should not be blamed or shamed for their predicament.

‍

Families and caregivers can guide the elderly victims step by step through the recovery process which includes taking the necessary technical steps, filling out forms and following up with banks or authorities. For large value frauds, repeated targeting or cases that involve identity theft, getting a legal consult for the victim is highly advisable. This kind of support and reassurance can help seniors reduce their anxiety and regain their inner strength.

‍

Secure today, safe tomorrow

‍

The rate of cybercrime against senior citizens isn’t showing any signs of slowing down. Scammers are refining their techniques every day. Therefore, the best long standing defence against cybercrime is to make cyber safety a regular habit. This can be achieved with the support of families, caregivers and communities. Beyond the practical steps, spreading awareness and maintaining an open dialogue is equally important. Senior citizens should feel comfortable asking questions, sharing concerns and continue learning from experiences, be it theirs or of others. Reinforcement of safe online practices should become ingrained at the core of every society. When cybersecurity practices merge with everyday life, seniors gain both protection and confidence. Simple and steady digital safety practices that come with guidance and reassurance empower the seniors to enjoy the benefits of technology without fear.

Simply put, the habits that are adopted today will lay the foundation for a secure and safer digital tomorrow.

‍

References  

• https://bankingjournal.aba.com/2024/11/ftc-older-adults-lost-up-to-61-5b-to-fraud-in-2023/
• https://www.cert-in.org.in/PDF/CSH_Booklet.pdf
• https://infosecawareness.in/concept/cyber-security-tips-for-senior-citizens
• https://cybercrime.gov.in/UploadMedia/instructions_citizenreportingcyberfrauds.pdf
• https://www.ic3.gov/annualreport/reports/2023_ic3elderfraudreport.pdf
• https://www.arklegal.in/post/how-to-report-cyber-crime-in-india
• https://www.pib.gov.in/Pressreleaseshare.aspx?PRID=1814120
• https://cybercrime.gov.in/Webform/crmcondi.aspx
• https://www.justice.gov/archives/stopfraud-archive/elder-fraud-and-financial-exploitation
• https://www.ftc.gov/system/files/ftc_gov/pdf/federal-trade-commission-protecting-older-adults-report_102024.pdf
• https://www.unionbankofindia.bank.in/pdf/cyber-security-customer-awareness-guide-vol-v.pdf
• https://cdnbbsr.s3waas.gov.in/s371e09b16e21f7b6919bbfc43f6a5b2f0/uploads/2024/11/20241111752149945.pdf
• https://www.dsci.in/files/content/documents/2024/CSAM24-Infographic_Cyber-Safety-Essentials-for-Senior-Citizens-v1.pdf

‍

Introduction

Data Breaches have taken over cyberspace as one of the rising issues, these data breaches result in personal data making its way toward cybercriminals who use this data for no good. As netizens, it's our digital responsibility to be cognizant of our data and the data of one's organization. The increase in internet and technology penetration has made people move to cyberspace at a rapid pace, however, awareness regarding the same needs to be inculcated to maximise the data safety of netizens. The recent AIIMS cyber breach has got many organisations worried about their cyber safety and security. According to the HIPPA Journal, 66% of healthcare organizations reported ransomware attacks on them. Data management and security is the prime aspect of clients all across the industry and is now growing into a concern for many. The data is primarily classified into three broad terms-

• Personal Identified Information (PII) - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Non-Public Information (NPI) - The personal information of an individual that is not and should not be available to the public. This includes Social Security Numbers, bank information, other personal identifiable financial information, and certain transactions with financial institutions.
• Material Non-Public Information (MNPI) - Data relating to a company that has not been made public but could have an impact on its share price. It is against the law for holders of nonpublic material information to use the information to their advantage in trading stocks.

This classification of data allows the industry to manage and secure data effectively and efficiently and at the same time, this allows the user to understand the uses of their data and its intensity in case of breach of data. Organisations process data that is a combination of the above-mentioned classifications and hence in instances of data breach this becomes a critical aspect. Coming back to the AIIMS data breach, it is a known fact that AIIMS is also an educational and research institution. So, one might assume that the reason for any attack on AIIMS could be either to exfiltrate patient data or could be to obtain hands-on the R & D data including research-related intellectual properties. If we postulate the latter, we could also imagine that other educational institutes of higher learning such as IITs, IISc, ISI, IISERs, IIITs, NITs, and some of the significant state universities could also be targeted. In 2021, the Ministry of Home Affairs through the Ministry of Education sent a directive to IITs and many other institutes to take certain steps related to cyber security measures and to create SoPs to establish efficient data management practices. The following sectors are critical in terms of data protection-

• Health sector
• Financial sector
• Education sector
• Automobile sector

These sectors are generally targeted by bad actors and often data breach from these sectors result in cyber crimes as the data is soon made available on Darkweb. These institutions need to practice compliance like any other corporate house as the end user here is the netizen and his/her data is of utmost importance in terms of protection.Organisations in today's time need to be in coherence to the advancement in cyberspace to find out keen shortcomings and vulnerabilities they may face and subsequently create safeguards for the same. The AIIMS breach is an example to learn from so that we can protect other organisations from such cyber attacks. To showcase strong and impenetrable cyber security every organisation should be able to answer these questions-

• Do you have a centralized cyber asset inventory?
• Do you have human resources that are trained to model possible cyber threats and cyber risk assessment?
• Have you ever undertaken a business continuity and resilience study of your institutional digitalized business processes?
• Do you have a formal vulnerability management system that enumerates vulnerabilities in your cyber assets and a patch management system that patches freshly discovered vulnerabilities?
• Do you have a formal configuration assessment and management system that checks the configuration of all your cyber assets and security tools (firewalls, antivirus management, proxy services) regularly to ensure they are most securely configured?
• Do have a segmented network such that your most critical assets (servers, databases, HPC resources, etc.) are in a separate network that is access-controlled and only people with proper permission can access?
• Do you have a cyber security policy that spells out the policies regarding the usage of cyber assets, protection of cyber assets, monitoring of cyber assets, authentication and access control policies, and asset lifecycle management strategies?
• Do you have a business continuity and cyber crisis management plan in place which is regularly exercised like fire drills so that in cases of exigencies such plans can easily be followed, and all stakeholders are properly trained to do their part during such emergencies?
• Do you have multi-factor authentication for all users implemented?
• Do you have a supply chain security policy for applications that are supplied by vendors? Do you have a vendor access policy that disallows providing network access to vendors for configuration, updates, etc?
• Do you have regular penetration testing of the cyberinfrastructure of the organization with proper red-teaming?
• Do you have a bug-bounty program for students who could report vulnerabilities they discover in your cyber infrastructure and get rewarded?
• Do you have an endpoint security monitoring tool mandatory for all critical endpoints such as database servers, application servers, and other important cyber assets?
• Do have a continuous network monitoring and alert generation tool installed?
• Do you have a comprehensive cyber security strategy that is reflected in your cyber security policy document?
• Do you regularly receive cyber security incidents (including small, medium, or high severity incidents, network scanning, etc) updates from your cyber security team in order to ensure that top management is aware of the situation on the ground?
• Do you have regular cyber security skills training for your cyber security team and your IT/OT engineers and employees?
• Do your top management show adequate support, and hold the cyber security team accountable on a regular basis?
• Do you have a proper and vetted backup and restoration policy and practice?

If any organisation has definite answers to these questions, it is safe to say that they have strong cyber security, these questions should not be taken as a comparison but as a checklist by various organisations to be up to date in regard to the technical measures and policies related to cyber security. Having a strong cyber security posture does not drive the cyber security risk to zero but it helps to reduce the risk and improves the fighting chance. Further, if a proper risk assessment is regularly carried out and high-risk cyber assets are properly protected, then the damages resulting from cyber attacks can be contained to a large extent.