What’s Your New Year's Resolution?
2025 is knocking firmly at our door and we have promises to make and resolutions to keep. Time you make your list for the New Year and check it twice.
- Lifestyle targets 🡪 Check
- Family targets 🡪 Check
- Social targets 🡪 Check
Umm, so far so good, but what about your cybersecurity targets for the year? Hey, you look confused and concerned. Wait a minute, you do not have one, do you?
I get it. Though the digital world still puzzles, and sometimes outright scares us, we still are not in the ‘Take-Charge-Of-Your-Digital-Safety Mode. We prefer to depend on whatever software security we are using and keep our fingers crossed that the bad guys (read threat actors) do not find us.
Let me illustrate why cybersecurity should be one of your top priorities. You know that stress is a major threat to our continued good health, right? However, if your devices, social media accounts, office e-mail or network, or God forbid, bank accounts become compromised, would that not cause stress? Think about it and the probable repercussions and you will comprehend why I am harping on prioritising security.
Fret not. We will keep it brief as we well know you have 101 things to do in the next few days leading up to 01/01/2025. Just add cyber health to the list and put in motion the following:
- Install and activate comprehensive security software on ALL internet-enabled devices you have at home. Yes, including your smartphones.
- Set yourself a date to change and create separate unique passwords for all accounts. Or use the password manager that comes with all reputed security software to make life simpler.
- Keep home Wi-Fi turned off at night
- Do not set social media accounts to auto-download photos/documents
- Activate parental controls on all the devices used by your children to monitor and mentor them. But keep them apprised.
- Do not blindly trust anyone or anything online – this includes videos, speeches, emails, voice calls, and video calls. Be aware of fakes.
- Be aware of the latest threats and talk about unsafe cyber practices and behaviour often at home.
Short and sweet, as promised.
We will be back, with more tips, and answers to your queries. Drop us a line anytime, and we will be happy to resolve your doubts.
Ciao!
Related Blogs

Introduction
In the advanced age of digitalization, the user base of Android phones is high. Our phones have become an integral part of our daily life activities from making online payments, booking cabs, playing online games, booking movie & show tickets, conducting online business activities, social networking, emailing and communication, we utilize our mobile phone devices. The Internet is easily accessible to everyone and offers various convenient services to users. People download various apps and utilize various services on the internet using their Android devices. Since it offers convenience, but in the growing digital landscape, threats and vulnerabilities have also emerged. Fraudsters find the vulnerabilities and target the users. Recently, various creepy online scams such as AI-based scams, deepfake scams, malware, spyware, malicious links leading to financial frauds, viruses, privacy breaches, data leakage, etc. have been faced by Android mobile users. Android mobile devices are more prone to vulnerabilities as compared to iOS. However, both Android and iOS platforms serve to provide safer digital space to mobile users. iOS offers more security features. but we have to play our part and be careful. There are certain safety measures which can be utilised by users to be safe in the growing digital age.
User Responsibility:
Law enforcement agencies have reported that they have received a growing number of complaints showing malware being used to compromise Android mobile devices. Both the platforms, Android and Google, have certain security mechanisms in place. However, cybersecurity experts emphasize that users must actively take care of safeguarding their mobile devices from evolving online threats. In this era of evolving cyber threats, being precautious and vigilant and personal responsibility for digital security is paramount.
Being aware of evolving scams
- Deepfake Scams: Deepfake is an AI-based technology. Deepfake is capable of creating realistic images or videos which in actuality are created by machine algorithms. Deepfake technology, since easily accessible, is misused by fraudsters to commit various cyber crimes or deceive and scam people through fake images or videos that look realistic. By using the Deepfake technology, cybercriminals manipulate audio and video content which looks very realistic but, in actuality, is fake.
- Voice cloning: To create a voice clone of anyone's, audio can be deepfaked too, which closely resembles a real one but, in actuality, is a fake voice created through deepfake technology. Recently, in Kerala, a man fell victim to an AI-based video call on WhatsApp. He received a video call from a person claiming to be his former colleague. The scammer, using AI deepfake technology, impersonated the face of his former colleague and asked for financial help of 40,000.
- Stalkerware or spyware: Stalkware or spyware is one of the serious threats to individual digital safety and personal information. Stalkware is basically software installed into your device without your consent or knowledge in order to track your activities and exploit your data. Stalkware, also referred to as spyware, is a type of malicious software secretly installed on your device without your knowledge. Its purpose is to track you or monitor your activities and record sensitive information such as passwords, text messages, GPS location, call history and access to your photos and videos. Cybercriminals and stalkers use this malicious software to unauthorisedly gain access to someone's phone devices.
Best practices or Cyber security tips:
- Keep your software up to date: Turn on automatic software updates for your device and make sure your mobile apps are up to date.
- Using strong passwords: Use strong passwords on your lock/unlock and on important apps on your mobile device.
- Using 2FA or multi-factor authentication: Two-factor authentication or multi-factor authentication provides extra layers of security. Be cautious before clicking on any link and downloading any app or file: Users are often led to click on malicious online links. Scammers may present such links to users through false advertisements on social media platforms, payment processes for online purchases, or in phone text messages. Through the links, victims are led either to phishing sites to give away personal data or to download harmful Android Package Kit (APK) files used to distribute and install apps on Android mobile phones.
- Secure Payments: Do not open any malicious links. Always make payments from secure and trusted payment apps. Use strong passwords for your payment apps as well. And secure your banking credentials.
- Safe browsing: Pay due care and attention while clicking on any link and downloading content. Ignore the links or attachments of suspicious emails which are from an unknown sender.
- Do not download third-party apps: Using an APK file to download a third-party app to an Android device is commonly known as sideloading. Be cautious and avoid downloading apps from third-party or dubious sites. Doing so may lead to the installation of malware in the device, which in turn may result in confidential and sensitive data such as banking credentials being stolen. Always download apps only from the official app store.
- App permissions: Review app permission and only grant permission which is necessary to use that app.
- Do not bypass security measures: Android offers more flexibility in the mobile operating system and in mobile settings. For example, sideloading of apps is disabled by default, and alerts are also in place to warn users. However, an unwitting user who may not truly understand the warnings may simply grant permission to an app to bypass the default setting.
- Monitoring: Regularly monitor your devices and system logs for security check-ups and for detecting any suspicious activity.
- Reporting online scams: A powerful resource available to victims of cybercrime is the National Cyber Crime Reporting Portal, equipped with a 24x7 helpline number, 1930. This portal serves as a centralized platform for reporting cybercrimes, including financial fraud.
Conclusion:
The era of digitalisation has transformed our lives, with Android phones becoming an integral part of our daily routines. While these devices offer convenience, they also expose us to online threats and vulnerabilities, such as scams like deepfake technology-based scams, voice clones, spyware, malware, and malicious links that can lead to significant financial and privacy breaches. Android devices might be more susceptible to such scams. By being aware of emerging scams like deepfakes, spyware, and other malicious activities, we can take proactive steps to safeguard our digital lives. Our mobile devices remain as valuable assets for us. However, they are also potential targets for cybercriminals. Users must remain proactive in protecting their devices and personal data from potential threats. By taking personal responsibility for our digital security and following these best practices, we can navigate the digital landscape with confidence, ensuring that our Android phones remain powerful tools for convenience and connection while keeping our data and privacy intact and staying safe from online threats and vulnerabilities.
References:

Executive Summary:
Internship scams have infiltrated the academic landscape, scamming students of many prestigious colleges. The students often prefer to carry out internships to gain knowledge and work experience. These scams use the name of popular multinational companies to exploit the students. This report studies the various case studies, their modus operandi, impact on the students and preventive strategies. This report emphasises the importance of awareness and proactive measures to protect students from falling victim to such frauds.
1. Introduction
Internships are the opportunity to overcome the gap between the practical knowledge acquired at the university and practical experience, to get practical skills and contacts in the field of activity, as well as improve employment prospects. Instead, because of high paying internships and interesting positions students have become targets of work scams. As we have seen with the advancement in digital technology, scammers take advantage of the disguise of the internet, making very neat, smart, and convincing scams.
Internship scams are very prevalent and they include fake job listings and phishing schemes as well as payment frauds which make students lose lots of money and also emotionally expose them. In this specific case, this paper examines how these scams work, the warning signs, and ways of protecting students from falling victim to them.
2. Detailed Modus Operandi of Internship Scams
Internship scams often employ a variety of tactics to attract and deceive unsuspecting students. Below is a detailed breakdown of the common methods used by scammers:
- Fake Job Listings and Offers:some text
- Scammers post attractive internship offers on popular job portals, social media platforms, and even send personalised messages via LinkedIn. These listings often mimic the branding and style of reputable companies, including well-designed logos, professional email addresses, and official-looking websites.
- Example: A fake internship offer from a reputed software firm circulates on a job portal, with a professional landing page. Students who apply are quickly “hired” without any interviews, and are asked to pay a security deposit to confirm their acceptance.
- Upfront Payment Requests:some text
- Scammers ask for payment such as registration fees, training materials, background checks, or security deposits. These payments comes under non-refundable payment and it act as the primary revenue stream for the fraudsters.
- Example: A group of students receive internship offers requiring a payment of INR 10,000 for "training materials" and "online assessments." After making the payment, the students never hear back from the company, and all attempts to contact them were futile.
- Phishing and Identity Theft:some text
- Beyond financial fraud, some scams aim to steal personal information. Fake internship applications often require detailed personal data, including identity proofs, bank account details. This data will be used as identity theft or sold on the dark web.
- Example: A student applies for an internship that asks for copies of identification documents and bank details. This information sharing led to unauthorised transactions in their bank account.
- Work-from-Home Frauds:some text
- With the rise of remote work, scammers also offer work-from-home internships that require students to purchase software or pay for specialised training. After payment, students are often given irrelevant tasks or no tasks at all, leaving them with no real work experience.
- Example: An internship advertised as a "remote data analysis role" required students to buy a proprietary software licence. After paying, students realised the software was freely available online, and the internship tasks were non-existent.
- Impersonation of Reputed Companies:some text
- Scammers use the name of well-known companies, they modify the email addresses or create fake websites that look original. They use these platforms to send offer letters, making it difficult for students to identify the scam.
- Example: A scammer creates a fake website mirroring a major consulting firm's internship page. The only difference is a minor change in the URL. Dozens of students are duped into paying registration fees.
3. Case Studies of Real-Life Incidents
- Case Study 1: The Certification Course and Internshipsome text
- A group of students received personalised emails from an official domain of a reputed tech industry providing an internship offer. Students were asked to pay Rs 10,000 to undergo a certification course to carry the internship. After paying the amount, the students did not receive any instructions, and the company was found to be nonexistent. The scammer had spoofed the company’s email domain, making it difficult to trace the source.
- Case Study 2: The Social Media Trapsome text
- A student from a university encountered an internship post on Instagram, advertising roles at a popular fashion brand. The application process involved a "screening fee" of INR 5,000. Despite appearing legitimate, the internship was fake, and the brand had no knowledge of the post. The student's personal data was also compromised, leading to unauthorised social media activity.
- Case Study 3: Internship Providing Social Platformssome text
- A popular internship providing platform, faced an incident where a scammer posted fraudulent internship offers under the guise of a major multinational. The scam involved asking students to purchase expensive software to start their work. The platform had to issue warnings and remove the listings after several complaints.
4. The Impact on Students
The consequences of internship scams extend beyond immediate financial loss, affecting students on multiple levels:
- Financial Impact:some text
- Students lose their money, ranging from minor fees to significant payments.
- Emotional and Psychological Distress:some text
- These kinds of scams can lead to anxiety, depression and loss of confidence in availing the opportunities in future.
- Exposure to Further Scams:some text
- Scammers often share details of their victims with other fraudsters, making students susceptible to repeated scams, including phishing attacks, financial frauds, and unsolicited offers.
5. Preventive Measures
- Verification of Internships:some text
- Always verify the authenticity of the internship by researching the company on official platforms such as LinkedIn, the company’s official website, and through trusted contacts or college placement cells.
- Avoid Upfront Payments:some text
- Employers do not ask for money in exchange for job or internship offers. If they demand for any kind of payment, then the employer is not original. Always question the necessity of such payments and consult trusted advisors before proceeding.
- Use Trusted Job Portals:some text
- Apply for internships through recognized platforms like LinkedIn, Internshala, or your college’s placement cell, which have verification processes to filter out fraudulent postings.
- Reporting Scams:some text
- Report suspicious offers to your college authorities, placement cells, and local cybercrime departments. Additionally, use platforms like Internshala’s “Report This Job” feature to flag fraudulent listings.
- Stay Educated and Updated:some text
- It is important to educate students by providing workshops, webinars, and awareness sessions on cybersecurity to stay informed and report about the latest scams.
6. Conclusion
Internship scams are a severe threat to the student society since they manipulate the student’s desire for an internship. The best ways to prevent such cons are by being cautious and receptive to whatever is being offered. Internship seekers, colleges and the placement cells have to work hand in hand to ensure that there is no fear among people seeking internships.
References
- Smith, J. (2024). Internship Scams on the Rise: How to Spot and Avoid Them. Retrieved from example1.com.
- Brown, A. (2023). Student Internship Scams in India: A Growing Concern. Retrieved from example2.com.
- Johnson, L. (2024). How to Protect Yourself from Fake Internship Offers. Retrieved from example3.com.
- Gupta, R. (2024). Social Media and the Rise of Job Scams. Retrieved from example4.com.

Introduction
Significantly, in March 2023, the Prevention of Money Laundering Act, 2002's regulations placed Virtual Digital Asset Service Providers functioning located under the purview of the Anti Money Laundering/Counter Financing of Terrorism (AML-CFT) scheme. An important step toward controlling VDA SP operations and guaranteeing adherence to Anti-Money Laundering and Combating the Financing of Terrorism (AML-CFT) regulations.
The significance of AML-CFT procedures
The AML-CFT framework's incorporation of Virtual Digital Asset Service Providers (VDA SPs) is essential for protecting the banking industry from illegal activities including the laundering of funds and counter-financing of terrorist attacks. These regulations become more crucial as the market for digital assets develops and becomes more well-known.
The practice of money laundering is hiding the source of the sum received illegally, thus it's critical to have strict policies in place to track down and stop these kinds of operations. Furthermore, funding for terrorism is a serious danger to international safety, hence stopping the flow of money to terrorist companies is a top concern for global officials.
The goal of policymakers' move to include VDA SPs in the AML-CFT architecture is to set up control and surveillance procedures that will guarantee these organisations' open and honest operations. This involves tracking transactions, flagging questionable activity, and conducting extensive customer investigations. Incorporating such procedures not only reduces the potential for financial crimes but also builds confidence and trust in the electronic asset market.
It is important to see the significance of AML-CFT procedures and the changes in the legal framework to reflect the evolving characteristics of digital currencies. These procedures are essential to preserving the reliability and safety of the wider banking system.
Notifications of Compliance Show Cause
Under Section 13 of the PMLA Act 2002, FIU IND sent adherence Show Cause Notices to nine offshore Virtual Digital Asset Service Providers (VDA SPs) as part of its dedication to upholding compliance with regulations. This affirmative step requires organisations to be scrutinised and attempted to bring them under inspection.
Governmental Response
The Director of FIU IND has addressed the Secretary of the Ministry of Electronics and Information Technology to take further measures due to the disregard of offshore firms. According to the notification, URLs connected to these organisations that operate in India in violation of the PML Act's requirements must be blocked.
Mandatory Registration for VDA SPs
Virtual Digital Asset Service Providers (both onshore and offshore) who perform a range of operations, including the trading of digital goods for monetary currencies, the distribution of digital currency, and the management or preservation of electronic assets, are now obliged to register with FIU.
Range of Statutory Responsibilities
In accordance with the PML Act, VDA SPs are subject to several requirements, including documentation, disclosure, and other duties. One of their responsibilities is to register with the FIU IND. The primary focus is on guaranteeing that VDA SPs comply with AML-CFT protocols, hence enhancing the general reliability of the banking industry.
Difficulties with Offshore Compliance
There are many obstacles in guaranteeing that offshore organisations comply with Anti Money Laundering/Counter Financing of Terrorism (AML-CFT), chief amongst them being their unwillingness to undergo registration. Some overseas Virtual Digital Asset Service Providers (VDA SPs) have been reluctant to comply with the existing rules and regulations, even though they cater to a significant number of Indian users. There are several reasons for this hesitation, such as worries about heightened monitoring, the expense of compliance, and the apparent complexity of governmental processes. Regulatory organisations have taken steps to close the discrepancy between offshore businesses' real activities and the regulations they must follow. In addition to maintaining the trustworthiness of the economic system, resolving the issues with offshore adherence is essential for promoting confidence and openness in the market for electronic assets.
Conclusion
FIU IND has demonstrated its dedication to creating an effective regulatory framework for Virtual Digital Asset Service Providers through its recent measures. India hopes to fortify its countermeasures against money laundering and safeguard the financial well-being of its users by expanding the AML-CFT legislation to offshore firms. The continuous efforts to restrict the URLs of non-compliant companies show a proactive approach to stopping illicit activity and fostering a safe and law-abiding virtual asset ecosystem. The safety and soundness of the banking sector will be crucially maintained by laws and regulations as the digital world develops.
References
- https://pib.gov.in/PressReleasePage.aspx?PRID=1991372
- https://www.thehindubusinessline.com/books/reviews/business-economy/fiu-ind-issues-compliance-showcause-notices-to-nine-offshore-vda-sps/article67684613.ece
- https://business.outlookindia.com/news/fiu-issues-notice-to-9-offshore-crypto-platforms-writes-to-meity-for-blocking-of-urls