In Python, traditionally the functions are declared with the def keyword, while anonymous functions are defined without a name using the lambda keyword. The syntax of a Lambda function is - lambda arguments: expression Lambda functions can take any number of parameters but can only execute one expression. We use lambda functions when we require a nameless function. At first, Lambda functions seem difficult to grasp. They are brief in length yet can be a challenge for a beginner. So, in this blog, you'll discover the potential of lambda functions in Python and how to apply them to fundamental list and data frame operations. Let us first load the pandas library and a sample dataset to work on: >>> import pandas as pd >>> from vega_datasets import data >>> df = data.barley() >>> df Output: List Operations >>> site_names = df['site'].unique().tolist() Traditionally, we use for loops to iterate through a list of elements and apply simple functions. But these for loops can be inconvenient, making the Python code big and untidy. Let us see an example of a for loop and how we can efficiently obtain similar results through Lambda. >>> for i in site_names: >>> i = ''.join(i.split()) >>> i = i.lower() >>> print(i) Output: 1. Example using Map() The map() method uses a lambda function and a List and performs the lambda function to all the elements and returns a new List. >>> a = site_names >>> b = list(map(lambda x: ''.join(x.split()).lower(), a)) >>> print(b) Output: 2. Example using Filter() The filter() method uses a lambda function and a List and performs the lambda function to all the elements while filtering the data. >>> yield_list = df['yield'].tolist() >>> sub_list = list(filter(lambda x: x > 50, yield_list)) >>> sub_list Output: 3. Example using Reduce() Using the Reduce() function, the function described by lambda is applied to the first two elements and the result is stored. Thereafter, the function is next applied to the result and third element, and so on. Finally, the list is reduced to a single value at the end. >>> from functools import reduce >>> reduce(lambda a,b: a if (a > b) else b, sub_list) Output: Dataframe Operations 1. Add a new column by applying function on an existing column using Dataframe.assign() >>> df = df.assign(yield_Percentage = lambda x: (x['yield']/df['yield'].sum()) * 100) >>> df Output: Here, we created a new column ‘yield_Percentage’, and populated it by converting the yield values to percentages. 2. Add a new column using if-else on an existing column using Dataframe.apply() >>> df['yield_category'] = df['yield'].apply(lambda x: 'Low' if x < 40 else 'High') >>> df Output: Here, we created a new column ‘yield_category’ and using an if-else condition on the column ‘yield, assigned ‘Low’ if the yield is less than 40 units or else ‘High’. 3. Iterating over dataframe using Dataframe.apply() Similar to the Map() function, the Apply() method takes a function as input and applies it to the entire dataframe. First, we define a function: >>> def filtering(site, yield_Percentage): >>> if(site in ['University Farm', 'Waseca', 'Morris']) and yield_Percentage > 1: >>> return 1 >>> else: >>> return 0 Secondly, the lambda function is used to iterate across the rows of the dataframe. For every row, we feed the ‘year’, ‘site’, and the ‘yield_Percentage’ column to the filtering function. Finally, axis=0 or axis=1 is mentioned to specify whether the operation is to be applied to the columns or rows, respectively. >>> df["invest"] = df.apply(lambda row: filtering(row["site"], row["yield_Percentage"]), axis=1) >>> df Output: Here, we created a new column ‘invest’ based on the function ‘filtering’ where value 1 is assigned to the rows where yield percentage in the sites 'University Farm', 'Waseca', 'Morris' is more than 1, and otherwise 0.

In the last blog post, we saw how financial fraudsters work in a dynamic environment and steal data. They improved their hacking and sabotage skills and mastered these skills as professionals. As we already know the financial fraudsters are also scamming the Non- Banking financial Companies too by different methods including Fake Loan websites / App Frauds, SMS / Email / Instant Messaging / Call Scam, Fake Advertisements for Extending Loan by Fraudsters, OTP based Fraud, Fraudulent Loans with Forged Documents, and Money Circulation/Ponzi/Multi-Level Marketing (MLM) Schemes Fraud. We listed out precautionary measures which have been given by the office of the Reserve Bank of India (RBI) Ombudsman, Mumbai in its booklet on modus operandi of financial fraudsters. The general precautions can be summarised as follows: A conscious user must always be very careful of clicking on popups that appear when one is surfing/ browsing on the internet. A user must always check the authenticity of the payment mechanism being used by the website/ gateway, it must be checked if it is secure or not. This can be done by a pad lock system or cross- checking the https://- URL). The user is also warned and suggested not to share his/ her PIN (Personal Identification Number), CVV, credit card or debit card information or nay passwords of any sort. Two- factor authentication service must be availed wherever there is an option. A user must never save his/ her information on any public devices/ laptops/ computers/ websites and shared devices. Copies of things that might contain personal information must not be shared with strangers, these include KYC documents and chequebook. Suspicious emails with unfamiliar attachments are better left unopened and deleted. The booklet also provides specific instructions that can be followed for computer/ device safety: A user should make sure to scan unknown U disk / device before use. One should install antivirus software on the device and install update when it is available. The user is suggested to set automatically a system to lock the device after a specified time. Do not leave your device unlocked. One must change your password regularly. One should not store passwords or confidential information on unknown devices. The user is suggested to not install unknown applications or software. Not only this, the booklet suggests methods for safe internet browsing, they include: A user should not be using unknown browsers. One must avoid visiting unsafe websites. One should not share private information with strangers on social networks. One should avoid saving passwords on public devices. A user must avoid entering security credentials on unknown websites. One must avoid entering security credentials on unknown websites. One must always check the security of the page to prevent email or SMS links from being redirected Among other guidelines, some for safe internet banking include: One must regularly update the password on all their apps. One must not use the same password for email and online banking. This can avoid hacking of all accounts. One must close online banking immediately after use. One must always use the virtual keyboard on public devices, because keystrokes can also be captured by infected devices, keyboards, etc. One must avoid using public terminals (Internet cafes, etc.) for financial transactions. One must always use the virtual keyboard on public devices, because keystrokes can also be captured by infected devices, keyboards, etc. Some precautionary methods have been suggested for e-mail account safety: One must never secure credentials/ passwords and others sensitive data in emails. One must avoid using emails on free and public networks. One must not open unknown emails/ click on emails from unknown senders. Some precautionary methods have been suggested for password security/ safety: One must change all passwords at regular intervals to avoid getting hacked. One must use two- factor authentication for all accounts as and when needed. One must make strong combinations of alphabets, numbers and special characters while creating a password. One common question which has also been answered in the manual is how does one know whether an NBFC which is taking deposits is genuine or not? The following things can be looked at which might help in verifying the authenticity of an NBFC: Depositors should check if the NBFC exists on the deposit list of NBFCs entitled to receive deposits, available at https://rbi.org.in, and ensure that it does not appear on the list of companies that are forbidden to accept deposits. The NBFC must clearly display the Certificate of Registration (CDR) issued by the Reserve Bank of India (RBI) on its website. The certificate that is issued and displayed on the website must also reflect that the NBFC has been specifically authorised to accept deposits by the RBI. The depositor must carefully check the certificate to ensure that the NBFC is entitled to accept deposits. NBFC cannot accept deposits of less than 12 months and more than 60 months. The highest interest rate that NBFC can pay to depositors must not exceed 12.5%. The Reserve Bank announced the change of the interest rate which can be found on the official website that follows this path: https://rbi.or.in → Site Map → NBFC List → Frequently Asked Question Along with these, some other precautions that can be taken by the depositors include: Depositors should insist on providing appropriate receipts for each deposit amount deposited into the company. A duly signed receipt by an official authorised by the NBFC must indicate the name of the depositor, date of deposit, the amount of words and numbers, the interest rate payable, the due date and the amount. For brokers/agents, etc. who collect public deposits on behalf of NBFC, depositors must ensure that brokers/agents are properly authorised by NBFC. Depositors should note that deposit insurance facilities are not applicable to NBFC depositors After reading so much about how financial fraud and its preventive methods extensively, we hope that the users have understood how these frauds work and how one can prevent themselves from these scams.

In the last blog post, we saw how financial fraudsters work in a dynamic environment and steal data. They improved their hacking and sabotage skills and mastered these skills as professionals. As we already know about phishing links, scams using online sales platforms, phishing calls, ATM card theft, and scams due to unknown/unverified mobile application downloads, SIM Cloning/ SIM Swap, frauds using Remote Access/ Screen Sharing App, scam through QR scan, frauds by compromising credentials on results through search engines, juice jacking, impersonating through social media, online job fraud, and lottery fraud among others. It must however be noted that fraudsters are now also affecting the Non-Banking Financial Companies (NBFCs). Let us first understand what a Non-Banking Financial Company or an NBFC is. The Reserve Bank of India (RBI) defines an NBFC as, a non-bank financial company (NBFC) is a company registered under the Companies Act of 1956, which engages in loan and advance business, and purchases stocks/stocks/bonds/bonds/securities or other securities similar to transferable securities issued by the government or local authorities. Nature, lease, lease purchase, insurance business, cheque business, but does not include any main business for agricultural activities, industrial activities, purchase or sale of any property (except securities), or provision of services and sales/purchase/construction. Real estate. As a non-banking institution of the company, its main business is to receive deposits under any plan or arrangement at one time or in instalments through capital contribution or any other means. It is also a non-bank financial company (Residual nonbank company). The layman must question and understand the difference between a bank and an NBFC. Among many some of the key differences can be summarised as follows: NBFC is not part of the payment and settlement system and cannot write checks on its own; Unlike banks, the deposit insurance facilities of deposit insurance and credit guarantee companies do not apply to NBFC depositors; NBFC cannot accept demand deposits. Financial fraud can thus be concluded in NBFCs too. Let us understand some of the ways pursued by scammers and how we can protect ourselves: 1. Fake Advertisements for Extending Loan by Fraudsters Modus Operandi Scammers publish false personal loan discount advertisements with attractively low-interest rates or simple payment methods or without any security requirements and require customers to contact them. To gain credibility and trust from easily fooled customers, these email IDs will be similar email IDs of well-known/real NBFC senior officials. When a customer makes a loan to a scammer, the scammer first collects various early fees, such as handling fee, GST, toll, advance EMI, unreserved expenses, etc., and ran away without issuing a loan. The scammers also created fake website links, which appeared in search engines, allowing people to search for information about loans. Precaution: To keep the customers and their assets safe the Reserve Bank of India (RBI) Ombudsman, Mumbai, in its booklet on modus operandi of financial fraudsters issued by the office of suggests that a user should be aware that an NBFC / Banker will never ask for prepayment before processing the loan application. Banks / NBFC charges a handling fee, which is deducted from the loan amount. No payment or security voucher is allowed for online quotations such as low-interest loans without verification of data from the true source. 2. SMS / Email / Instant Messaging / Call Scam Modus Operandi Scammers spread fake news about the availability of attractive loans on IM / SMS / Social Media and use any NBFC logo known as a profile picture on your shared mobile phone number to increase credibility. The scammers even shared their fake Aadhaar / Pan cards and NBFC ID cards. After the scammer sends said group SMS / SMS / email to the loan applicant, randomly dials the phone, shares a false sanction letter, copy of the fake check, etc., and requests several rates. Once the victim has paid these fees, the scammer will run away with the money, leaving the victim with a slim chance of being recovered for Precaution: To keep the customers and their assets safe the Reserve Bank of India (RBI) Ombudsman, Mumbai, in its booklet on modus operandi of financial fraudsters issued by the office of suggests that a conscious user must never click on links sent via SMS/email or reply to promotional SMS/email. A user is advised not to open emails or reply to any emails from unknown sources that contain suspicious attachments or phishing links. Never create a loan offer that people offer yourself over the phone/email. Do not make any payments for such offers or share any personal/financial vouchers for such offers without verify their authenticity through other sources. 3. OTP based Fraud Modus Operandi The victim received a text/instant message from the scammer posing as NBFC, offering loans, or increasing the credit limit, and was asked to contact the scammer's mobile phone number. When victims make a call, the scammer asks them to fill out some forms containing financial details (even when online), and prompts / persuades them to share the OTP or PIN details, resulting in a waste of money. Precaution: To keep the customers and their assets safe the Reserve Bank of India (RBI) Ombudsman, Mumbai, in its booklet on modus operandi of financial fraudsters issued by the office of suggests that aware users must never share OTP numbers / PINs / personal data, etc. with anybody in any way and always check SMS / Email regularly to make sure that is not generating OTP without user’s knowledge. 4. Fake Loan websites / App Frauds Modus Operandi Many unscrupulous loan applications that provide instant loans and short-term loans. These applications will mislead borrowers and may also charge much higher interest rates. To attract customers who are easily deceived, scammers promoted "limited time offers". This requires applicants to make an urgent decision and it also uses threat software strategies. Precaution: To keep the customers safe and their assets also safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that the following things should always be kept in mind: A real loan provider will never provide funds without document verification. Is the lender registered with the government / authorised agency? Verify that the loan applications supported by these NBFCs are authentic. Check if the lender provides the actual address or contact information for; otherwise, it may be difficult to communicate with them in the future. Is the lender more interested in knowing the personal information than in checking the credit score? Remember that no known bank / NBFC will request payment until processes the loan application. 5. Money Circulation/Ponzi/Multi-Level Marketing (MLM) Schemes Fraud Modus Operandi The MLM/Chain Marketing/Pyramid Plan promises to easily or quickly get US when registering/adding members. The plan not only guarantees high returns, but also promises to pay the first instalment of to win the trust of credulous people and attract more investors through word-of-mouth advertising. The plan encourages more and more people to join the chain/group, for which commissions are paid to subscribers instead of product sales commissions. Due to this model, the plan became unsustainable after the number of people joining the plan began to decrease for a period of time. After, the scammer closed the case, and disappeared with the money invested by the people. Precaution: To keep the customers safe and their assets also safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests these things should be checked out of the list before investing in a MLM/ Ponzi scheme: Always keep in mind that any payment / commission / bonus / percentage of profit for goods / services actually sold without is suspicious and may lead to fraud. Profitability is directly proportional to risk. As the common saying goes, the higher the risk, the higher the return. So if any plan continues to provide unusually high returns (such as 4050% per year), this is the first sign of potential fraud, proceed with caution. Accepting money under the coin circulation / multilevel marketing / pyramid structure is an identifiable crime under the Prize and Coin Circulation Prohibition Act of 1978. The public who comes across such an offer must present immediately a complaint to the state police. The public should not be seduced by the promise of high returns offered by entities that execute a pyramid-shaped marketing / chain marketing / multilevel program. 6. Fraudulent Loans with Forged Documents Modus Operandi Counterfeit document fraud refers to a fraud in which forged documents and any form of service provided by financial institutions are used by individuals or units. This type of fraud occurred when KYC related documents were shared with the entity without verifying the authenticity of the NBFC employees / NBFC email ID. By stealing personal information from the victim (such as identity card, bank account data, etc.), and using this information or credentials to obtain benefits from financial institutions, fraudulent loans are also sanctioned for identity theft. Precaution: As precautionary measures to be observed by the Reserve Bank of India (RBI) Ombudsman, Mumbai as given in a booklet on modus operandi of financial fraudsters. These things should be checked out of the list: Said files should only be shared with the authorised person of the entity or the authorised email ID of the entity. Clients should be vigilant when borrowing from any entity, and provides KYC and other personal documents including NACH form after loan payment. In addition, after the loan is not approved and the loan is closed, the client should always ask an entity to withdraw the documents provided by the client to an entity In the next blog post, we will learn about the general precautions that can be taken for financial transactions.

In this age of competition when everyone is trying to sell their product, giving out discounts only seems a plausible option to sustain. The prices of consumer items are already inflated and coupons are given out to increase sales. One must question what exactly is meant by extreme couponing and have we been doing it sub- consciously? Coupon fraud may be defined as whenever someone intentionally uses a coupon for a product he/she did not purchase or a product that does not meet the refund terms and conditions, when a retailer submits a coupon for a product that has not been sold or has not been fully redeemed by the relevant consumer Retail purchase; or when coupons are altered/forged. To understand this type of fraud we will look at an example, to simplify things. One of the extreme coupon user used coupons in the program to save on other items, even items that coupons are not suitable for. For example, you have a 75 cent Fiberone grain coupon and use it for Fiberone to purchase honey nuts, Cheerios, Kix, and lucky charms during the promotion period. They paid for the coupon when they bought the $ 100 coupon and received a coupon for a free mixed transaction. The coupon should indicate which product it applies to and how to use it on the product. The store cannot refund the coupon, so the coupon policy is very strict to prevent this type of fraud. The coupon should contain information about the specific product for which the coupon is used. If users want to use more than four coupons, they must purchase all day. If you do not purchase, you may need to print out coupons and take them to the physical store. If a retailer submits a coupon for a product they do not sell, and does not redeem the coupon when the consumer purchases a specific product, submitting the coupon is fraudulent by the retailer. If consumers use coupons for their products, if the store sends the coupons in accordance with the manufacturer's coupon policy, the manufacturer will compensate the store. Coupon fraud increases user costs and makes it harder for genuine and honest consumers to use coupons. Not only have the customers who use the coupons committed coupon fraud, but also the merchants who accept the coupons. When looking at coupon fraud, prosecutors incline to aim at people who make tons of money by accepting, using, or making deceitful coupons, but this does not mean that if their fake use is unintended, you are safe. In some cases, people didn't even realize they were using fake coupons and ended up engaging in coupon scams. The best way to protect yourself from allegations of fraud is to read the terms and conditions of the coupons you use to make sure you actually use them. Be sure to check the coupon policy of your store, because many have very strict regulations (when you see something on My CouponFraud.com this is great, but I assure you that most stores have changed them Coupon policy. Coupons). As discussed in this article, the coupon industry is struggling with extreme coupons and many fraudulent methods developed by consumers using coupons for their own financial gain. Coupon fraud can lead to hefty fines and even imprisonment, depending on the extreme degree of fraud. Coupon fraud will be punished and penalties vary from case to case, but Coupon Information Corporation (CIC) said the most serious convictions for coupon fraud include up to 17 years of jail time and monetary fines up to $ 5 million. There have been several cases where people were sentenced to long prison terms and large-scale fines due to coupon fraud, but ordinary coupons can also involve coupon fraud. Incredibly good and fraudulent vouchers continue to circulate on the Internet, and many innocent consumers, retailers and manufacturers are stuck, wasting time and money. Maximizing the coupon function can spell the end of coupon fraud, causing manufacturers hundreds of millions of dollars in losses each year. If you don't talk about coupon scams, you can't write an article on extreme coupon use. If you read the coupon before purchasing the product, declare that you comply with their coupon policy, and confirm that you have all the clues, then it is fraudulent. To give a background, Coupon Information Corporation also known as CIC is a non-profit association of customer items makers devoted to contesting coupon and redemption fraud. Consumers cannot redeem coupons for products that are related to retail purchases or when the coupons are modified to counterfeit products. Since its establishment in 1985, CIC has uncovered more than $750 million in fraudulent schemes. In May 2011, CIC published 25 fake coupons on its website and provided various rewards to those responsible for successfully prosecuting the fake coupons. Coupon tailoring service provides coupons up to $50 and up to $0.3. Another problem is the use of manufacturer vouchers in stores. Fraud is the purchase of coupons that adds to the total cost of shopping travel costs not reported on TV. As mentioned above, coupon fraud causes shops to increase prices to make up for the profits they lost due to forged coupons. If your store uses the extra 800 free merchandise coupons in the episode, it will not be counted as fake tidal coupons. If there are more fake coupons that day, the store will lose $12,000. If you are familiar with Procter Gamble coupon codes, you will know that the company, like most manufacturers, is very careful in issuing coupons for free products to consumers. It is rare to see coupons with free P&G product safety holograms. How to prevent? Tracking coupon redemptions is an arduous fight, even for the most famous and well- known companies. At some point, coupon abuse has affected the vast majority of businesses, and with the popularity of online promotions, this embarrassing statistic is expected to grow. Coupon usage restrictions should be in line with your marketing goals and flexible enough to cope with unexpected business changes and dynamic changes. In this article, we will show you how to limit the use of coupons and make redemption a reliable indicator of the success of the campaign. This is a list of important things to keep in mind to prevent coupon fraud: Generate code that is difficult to crack. Don't expose everything. Enter the budget limit. Use order and shopping cart-based coupon redemption standards. Check the coupon activity period. Always enter email verification for digital offers. Assign a unique code to the personal customer profile. Use web beacons to monitor IP addresses. Monitor the suspicious behavior of the transaction. Use temporary environment to test coupons. Control access to your promotional software. A geolocation coupon must be created. Control the distribution of coupons. Analyze investment behavior to detect suspicious activities. Limit the number of coupon redemptions.

Due to the ever-changing needs of the industry, artificial intelligence and data science have become a catalyst for business growth and corporate value. Today, I am proud to be a member of an industry in which artificial intelligence and data science play such a pivotal role in solving business problems. Data, in my opinion, tells us more than just numbers; it helps us understand our users and their needs. I loved numbers from a young age and I knew I would make a career with them. That is why I wanted to be a data scientist, because not only is it a new and untapped field but there is enormous potential for businesses to maximise their value by harnessing the power of data. I've always wanted to do something out of the norm in my life, such as major in mathematics in college and pursue a career in technology. There has always been a dearth of female participation in the tech industry and its leadership roles. I aspire to be one of the top female data scientists and artificial intelligence experts in the Indian tech industry by the age of 30. Com Olho has been a terrific experience for me to work with such a team of incredibly talented people, thriving to make it easier for businesses and industries to detect fraud and tackle it efficiently and effectively. For both consumers and businesses, Com Olho uses state-of-the-art technology, which I extremely admire. It has given me a tremendous head start in my career and I look forward to mutual growth and progress. As a problem solver and analytics person, my career goal is to make data tell its story in an insightful and informative manner. Connect with her on Linkedin : Link

A fake mobile app is an Android or iOS app that mimics the appearance and functionality of a legitimate app and offers legitimate features, but hides features that are undetectable to the user. Applications on mobile phone devices can get targeted users to download something by using real businesses or popular references. Fake mobile applications are applications that copy or mimic the look and functions of genuine applications and lure unsuspecting targeted users to install them. When you download and install a legitimate application, it can perform various malicious operations. Counterfeit apps can be designed to advertise revenue, while other apps are designed to collect login credentials, intercept sensitive data, or infect devices. The aforementioned reasons are why fake mobile applications are a leading cause of mobile ad- fraud. To understand this aspect of ad- fraud we shall learn more about it in the given article. Counterfeit mobile apps are Android and iOS apps that mimic the appearance and function of legitimate apps to trick unimportant users into installing them. Fake apps display advertisements to generate advertising revenue, install malware on your device, steal your account information and use your permissions. The process of creating and disabling fake apps is simple as a cybercriminal simply registers in an App Store as a developer, downloads a legitimate application and rewrites it to include malicious code. Downloading and installing an app can have many harmful effects. Fake apps incline towards requiring supplementary permissions than genuine ones and have more control over the targeted user's device. Apps can access your location, email address, phone number and more by default. Given the importance and prevalence of mobile applications, it is crucial for companies to integrate their brand protection and security strategies into the protection, monitoring and implementation of mobile applications, especially when mobile applications are on the market. Monitoring the official app store and reporting organisations that abuse their trademarks can reduce the negative impact of fake apps. Quick and easy access to genuine applications in the app store can certainly reduce the risk of users downloading fake applications. According to McAfee Mobile Threat Report 2019, 65,000 new rogue apps were discovered in December of last year alone, six times more than in June 2018. Rogue and fake apps are becoming a growing threat to consumers, with the associated malicious activities and ad- fraud corresponding to them rising by 191% between 2018 and 2019. Fake apps remained a trend in 2019, exacerbated by fake versions of popular apps and brands circulating in the Google Play Store. The creation of fake apps has become a new threat to consumer as cybercriminals sneak in on mobile platforms as preferred targets. Why fake applications are considered dangerous? When one installs a third-party application, scammer will request permission to access your data (Gmail, OneDrive, etc.). Rogue applications use these permissions to maliciously access your data. This can have serious consequences: 1. Data leakage: Using fake apps that gain access to your data (e.g. email), hackers can read or delete any information. If the email contains sensitive information such as credentials or bank card details, hackers can use it to access your bank account. 2. Compliance violation: Loss or exposure of data can lead to violations of data security compliance standards such as HIPAA. Fines for compliance violations can be very high. 3. Ransomware infection: Rogue applications can be used to infect your system via ransomware. Therefore, your data will be encrypted and unreadable. To return it, the hacker will ask you for money. The ransom demand can run into the millions of dollars. Needless to say, all of this can lead to significant financial and reputational losses. That is why it is very important to prevent fake applications being used. As the number of smartphone users continues to grow, cybercriminals in the form of rogue applications targeting mobile phones are becoming more and more common. Mobile device users, also known as mobile users, are increasingly exposed to malicious activity and are concerned about the pressure of malware apps on smartphones, tablets and other devices with mobile operating systems. Many of these applications exploit security vulnerabilities in their mobile operating systems, and one of the best ways for mobile users to keep themselves secure is updating their operating system regularly. However, consumers can protect themselves from rogue applications and other mobile malware threats through several methods. In view of this, Name-shield proposed online monitoring of mobile applications in the app store, so that everyone can identify the infringers of your brand and help you take immediate measures. In 2021, common tactics, such as advertising, phishing and false applications, continue to dominate the landscape of mobile threats. First world user is looking for a mobile application that is connected to your favourite brand. As demand is growing and the opportunity to expand the use of mobile devices is increasing, cybercriminals are expected to search for details of these assignments to exploit new function applications and advanced application calls to increase. Mobile applications can use more than 5 million applications that can be downloaded at the main application stores, and more than 2,000 new applications charged daily. The data suggest that the user has an increasingly installed mobile application for mobile devices, and the consumption of these mobile data is increasing. With millions of apps available, it's not easy to spot counterfeits. Cybercriminals attract the attention of the public online and are easily attracted by applications that are causing a sensation on mobile devices around the world. Thus it can be understood that counterfeit applications are the number one threat to network security. Cybercriminals falsify legal trademarks by using official company logos and images to persuade users to download and install cloned applications. The fake WhatsApp application updated WhatsApp to be the same as the official WhatsApp application and sent many advertisements to users. Fake apps take advantage of the popularity of major e-commerce brands to obtain credit card information and personal information. With such comprehensive examples and explanation, it must be understood to the reader how fake mobile apps can cause ad- fraud.

To begin, let's define what clickjacking means and how it can lead to ad-fraud. When the user clicks on the hijacked link, the attacker will start downloading the malware. In a certain area of ​​the screen where the attacker knows that the user is clicking, the attacker can replace the real and hidden cursor with a fake cursor, and manipulate the screen in such a way that the user knows that they are clicking on a malicious link instead of clicking on something else. The successful Tweet bomb attack in 2009 was a continuous loop. Users have clicked the tweet link to open the web page, clicked the link to open the tweet, and then tweeted the link to their account to encourage followers to click the link. Clickjacking is one of the leading causes of ad-fraud in the tech industry. Clickjacking or clickjacking is a network attack in which an invisible malicious link is placed on the user interface of a website. Clickjacking can facilitate or facilitate other cyber-attacks, such as XS. Classic clickjacking means a situation where a scammer deploys a secreted layer on a web page to manipulate the targeted user's cursor, causing the target to click. Clickjacking is an attack that makes the target user click on parts that are indistinguishable or disguised as different items. Clickjacking attacks attempt to induce users to click on unexpected elements on web pages. The attacks are generally carried out by allowing users to see invisible HTML elements or iframes at the top of the page. On the page that is clicked, the attacker loads the page as the original page with a transparent overlay and prompts the user to take action, even if the result is not as expected. The user believes that they have clicked on the visible page, even if they just clicked on an invisible item or moved to an additional page from the visible page. An example of a click page that causes users to take unwanted actions by clicking on a hidden link. In similar hacking attacks, if a user clicks on the current link, they will be tricked into clicking the Facebook button. How does it work? As we have learned that clickjacking is basically an interface-based scam or an attack which targets the users and deceives them into clicking on an actionable content on a concealed websites or additional content on trap websites. Network users can win prizes by clicking the link provided in the email or clicking the button to visit the decoy page. Clickjacking, commonly referred to as a countervailing attack, refers to the use of large amounts of transparent or opaque coatings by scammers to get specific users to click on the page they want to click, rather than a button or link on the homepage. The attacker tricked the network user into pressing a spare "hide" button to make payment to the account on the website. This is a complex form of click spam, and it is even more insidious because the user's net CPI payment device may be hijacked by criminals. In addition, click injection (also known as clickjacking) has long been one of the most popular types of CPI ad fraud. Click on malware that can be hidden in applications, legitimate applications downloaded from third-party app stores, people who sent you copies of false click reports, or network hijackers click to perform detection of potential client installations. Clickjacking is one of the most common ad-fraud and click spam mapping methods. Clickjacking is a click-to-install mobile ad fraud that sends a fraudulent click report immediately after the actual click. Click flooding (also known as click spam) is another type of scam that occurs when bad actors report a large number of fraudulent clicks in the hope of obtaining credit for biological application installations. Clickjacking is classified as a user interface attack (or repair), which is a malicious technique that tricks users into clicking on something outside of their perception, revealing sensitive information, and allowing others to control it. By clicking on harmless objects, your computer, including websites. The most common method of clicking is to show users a combination of two or more hierarchical websites or browser windows to stimulate some motivation to click at a specified location. Finally, the user clicks on the part named iframe on the target web page with the cursor, so that the browser window can be divided into several parts so that different elements can be shown or hidden, and attackers can be launched as necessary. The attacker first loads the vulnerable web page into an iframe, places it completely transparently, and places it in front of the created malicious web page to trigger clicks in the appropriate location. The attacker then hides the iframe behind a harmless link on the website (such as the New York Times headline or Digg button). When the victim clicks on the link, the cursor will click on the iframe. For example, an attacker may want to entice users to purchase items from a retail website, but the item must be added to the shopping cart before an order can be placed. This attack is different from the CSRF attack in that the user must take an action, such as clicking a button, and the entire request must be spoofed without the user's knowledge or input. We have developed a new detection method for this type of attack, which is based on the behaviour and reaction of the active content on the website when the user clicks on the request. In our experiments, we found that our detection method can detect advanced and scalable vector graphics attacks (SVG-based attacks) that most modern tools cannot. Having understood click hijacking it must not be hard to understand how this is one of popular means of conducting ad-fraud. How to prevent? The clickjacking scam/ attack cloaks a page where the targeted user believes the iframe, and then displays invisible elements at the top of the frame. To ensure that your site is not used for clickjacking attacks, you must ensure that malicious sites cannot wrap it in an iframe. This can be made possible by instructing the browser directly via HTTP headers, or in older versions of browsers by use client-side JavaScript (frame termination). Some suggested ways include: Framebusting or framebreak: Before support for new HTTP headers becomes widespread, website developers must implement special frame buster (or frame killer) scripts to prevent their pages from being framed. To be assured that this is the current page, the preliminary framebusting script verifies and checks top.location; if not then, top.location is set to self. However, these scripts are easily blocked or ignored by external frameworks, so more complex solutions have been developed. Even so, there are still plenty of ways to bypass the more complex frame-breaking programs, and such scripts should only be used to provide basic protection for older browsers. The existing method suggested by OWASP is to hide or conceal the complete body of the HTML document and show it only after the verification page has no frame. 2. X Frame Options: The best solution at this point may be to use the HTTP XFrameOptions (XFO) response header in the server response. Microsoft on its Internet Explorer 8 and later versions originally introduced and formalised RFC 7034, in which the XFO header is employed to postulate and specify if the page can be embedded in & lt; frame & gt;, & lt; iframe & gt;, & lt; embed> or the element & lt; object>. The header supports three possible commands: deny to block all framing attempts, same origin only allows framing of pages from the same source, or allow form to allow pages of a specific URI to be framed. However, several browsers (including Chrome and Safari) don't support allow from, so if you need to specify the font, it's better to use CSP (see below). For overall anti-frame protection, one only needs to postulate XFrameOptions: deny or XFrameOptions: sameOrigin in the server header. 3. Content Security Policy with frame ancestors: The ContentSecurityPolicy (CSP) HTTP header was originally developed to prevent XSS and other data injection attacks. However, it also provides a frame ancestors directive to specify the source (in ,

In the last blog post, we saw how financial fraudsters can work in a dynamic environment and steal data. They have improved their hacking and sabotaging skills and are mastering them like professionals. As we have already learned about phishing links, frauds using online selling platforms, vishing calls, ATM card skimming, and frauds due to download of unknown/ unverified mobile apps, we will now discover other ways financial fraud can be committed using fraudulent transactions in a bank environment. To understand how they work and how we can prevent ourselves from these let’s look at the following: 1. Frauds using Remote Access/ Screen Sharing App Modus Operandi This type of attack is somewhat similar to an embedded download attack or the infamous spyware in the news, Pegasus. The scammer tricks the targeted consumer/ user to download screen sharing applications, which can later be accessed and controlled to use and watch the activities on the targeted device (laptop and/or phone), this helps in gaining access to the financial credentials of the prey. Once these financial credentials have been obtained, they can be used for making online payments or accessing internet banking. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that users of digital banking should not download and activate/use any unknown apps or share screens with unknown people. 2. SIM Cloning/ SIM Swap Modus Operandi Subscriber Identity Module or Subscriber Identification Module is commonly known as SIM is used in account details and authentication is connected to the SIM or the registered mobile number. The scammer in this case obtains access to the SIM card or creates a duplicate SIM card for carrying out fraudulent activities by using the OTP received on such fake SIM cards. Scammers usually pretend to be mobile network/personal phone to call customers and ask for details to provide a free SIM card upgrade from 3G to 4G or to provide additional discounts on SIM cards. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must never share his/her credentials about the SIM card. Also, any suspicious activity must be looked out for, there is no service or network on the phone for a long time even in regular circumstances, and the operator must be contacted and made sure that another SIM is not being used or issued. 3. Frauds by compromising credentials on results through Search Engines Modus Operandi It has been observed that customers use search engines to obtain the detailed contact information of their banks, insurance companies, Aadhar Update Center, etc., and may eventually contact unknown/unverified contact numbers that appear in the engine search. These contact numbers might look authentic but are just scammers waiting to loot data. These search engine contact details are often disguised by scammers to attract victims and lure them into using the said numbers. Once the customer calls them, the imposter will ask the customer to provide their card details/ credentials for verification to make the call seem authentic but they are just scamming. Assuming this contact is real, people will destroy your security data and will fall victim to fraud. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must refrain and avoid looking for customer service contact information in search engines. They are usually disguised as scammers. Individuals should always search the official website of the bank/ company for contact information. 4. Scam through QR scan Modus Operandi A scam done under the pretext of a sake QR code. Scammers often use various excuses to contact customers/ targeted users to persuade them to scan the QR code using a payment application. This allows scammers to withdraw funds from the accounts of customers. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must be careful when using paid apps to scan any QR code. Account details are embedded in the QR code, which is used to transfer the amount to a specific account. 5. Impersonating through Social Media Modus Operandi Scammers created fake accounts on popular social media platforms such as Facebook, Snapchat, Twitter, and Instagram among others. They send a request to your friend asking for emergency medical purposes, payment, etc. Scammers will also gain trust for some time and use private information for extortion in the future Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must not make unknown online payments or transact with people whose identity seems suspicious. The best way can be by not sharing confidential and personal information online via Social Media Applications/ platforms. Another thing to keep in mind is that one must always verify the genuineness of the fund request with the friend/ relative or confirm by a phone call / physical meeting to be sure that the profile is not fake or impersonated. 6. Juice Jacking Modus Operandi It is known that the charging port of a mobile phone can be used for more than just changing one’s device, it can also be used for the transfer of data/ files. Juice jacking is a type of network theft where once a targeted user’s phone is connected to unknown/ unverified charging ports, unknown applications/ malware will be installed. Scammers can control/ steal confidential data/ access, emails, SMS, and save passwords and other important data. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must at all costs avoid using public charging stations/ cables and ports. They are a breeding hazard to data on one’s phone. 7. Lottery Fraud Modus Operandi The scammer sends an email or phone to say that the targeted user/ prey just won a huge lottery ticket. However, to receive the money, the target needs to verify the identity via the bank account/ credit card verification on their fake website, and then eventually get the details from the target. It is a very common method of scamming people. In some cases, scammers require advance payment of taxes or payment of fees, such as shipping and handling fees, to receive lottery tickets/ products. This might make the target believe that the scammer is not a fake scheme maker but this can also act as a warning signal for the users/ targets. Since the requested money is only a small part of the lottery/ bonus, victims can fall for the scammers' trap and pay. And then the scammer is nowhere in sight. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must not pay for lottery calls/emails or share security credentials. When one encounters such an amazing lottery or discount, always hesitate and decline because chances are, the target is going to be looted. 8. Online Job Fraud Modus Operandi Fake job search portals have been created by fraudsters. When victims share bank account/ credit/ debit card security credentials to register on these sites, account information will be stolen and used for notorious purposes. In some cases, the scammers disguised themselves as officials from well-known companies and confirmed their choices after conducting fake interviews. The victim was induced to pay the mandatory training program and other expenses. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that a user must always keep in mind that an authentic company will never ask for any money during the recruitment process. A user must also refrain from making any online transactions to any unknown/ unverified job portals or agencies. With having discussed so many more forms of financial frauds committed by fraudsters in the bank environment, and how to protect ourselves, we shall now be better prepared against them. In the next part which will be a continuation of this piece, we shall look and delve deeper into financial fraudsters committing fraud in the Non- Banking Financial Company environment.

The population is on the rise and so is the demand for convenience. For as long as humans have existed, there have been transactions for any good or service provided by another human. To think of transactions, we have come a long way from the barter system to transacting using gold and other precious metals and finally paper currency which has further evolved and is now basically e-money or plastic money. But we do not need to dive so deep into the history of money, which would deviate us from the topic at hand. In today’s world, most transactions happen via digital mode. Online transactions or digital modes of payment are now being preferred over conventional cash transactions due to convenience and this is not the only reason they are being promoted, they also help in achieving the national goal of financial inclusion substantially. Like every coin has two sides, it should be understood that online/ digital transactions have their share of problems too like a fraud. Fraudsters are getting smarter and using innovative techniques to steal from the masses. People who are new to this technology or who are not so tech-savvy are often at the risk of facing such problems. These people might be new to the entire online transaction ecosystem and could endanger their entire life earnings. This piece will try to cover the most common financial frauds committed by fraudsters, their modus operandi, and suggest preventive measures too. 1. Phishing Links Modus Operandi Third-party websites are created by the fraudster which is very similar to the existing genuine websites, these could be a search engine or an e-commerce website. They are designed so well that it is very difficult for a targeted user to distinguish them from the original website. The next step involves luring the targets into using visiting the fake platform. This is done by circulating the links through emails/ text messages and even social media. Gullible consumers might not check the entire URL in detail and just open the link sent across by glancing at it. These links are deceptive and look very similar to the original link but then the targets are redirected to the phishing website. To make it look more authentic the fake website might even use the real name and logos with minor tweaks. The targets end up entering sensitive information and credentials on the website and they are then copied/ sent to the fraudster who uses this data later. Precaution: The user must be very careful while entering credentials especially of financial nature into any website. The URL must be thoroughly seen and verified to avoid entering sensitive information in the wrong places. Another great tip is to delete any unknown or suspicious links that are received via e-mails/ text messages so they are not accessed later on. 2. Vishing Calls Modus Operandi Calls are made by fraudsters who pose as company executives/ government officials/ insurance agents or even bankers. The imposter tries to collect as much information as he/ she can regarding the financial credentials of the targets. They even try to make the call sound authentic by confirming the name of the person or date of birth or any other credential, this helps in gaining the confidence of the targeted user. Sometimes, it may so occur that the user is tricked or even pressurised into sharing the required credentials by faking an emergency like stopping or block a suspicious transaction or urgent transfer required to stop the penalty or lure them by citing discounts or fancy services. Once the credentials are received, they are then misused. Precaution: As per the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, and genuine entities including financial intuitions and bank officials never ask to share any sensitive financial information like the Card details/ Card Verification Value (CVV)/ One Time Password (OTP)/ Username/ Password. 3. Frauds/ Scams using Online Selling platforms Modus Operandi This is a very sneaky method of stealing money from a seller. The imposter or the fraudster in this type of attack might pose to be an online buyer on the online selling platform who is interested in your product. This type of fraud may use the new and popular Unified Payments Interface (UPI) platform. The buyer will “request money” instead of sending it to the seller and insist on approving that request, which will eventually pull money from the target’s bank account. Precaution: As per the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, it warns the users to always remember that there is no need to enter your password/ Personal Identification Number (PIN) anywhere when the user has to receive money. And UPI or any applications for that matter ask the user to enter the PIN to complete transactions which means that the user will spend money and not receive it. Hence, one should be very careful while purchasing/ selling online. 4. Fraud using Unverified/ Unknown Mobile Applications Modus Operandi Fake and malicious Applications can gain access to the information stored on the mobile phone device. This method is similar to phishing where application links are widely circulated through Instant Messaging/ social media/ text messages, etc. The names used to lure customers look very authentic and similar to popular existing services but in reality, the targets are just redirected into downloading a fake application. After the mobile phone device is infected with the fake application, the fraudster gains access to data on the device and exploits it. Precaution: The booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that applications from unknown/ unverified sources should never be downloaded. 5. ATM card skimming Modus Operandi This type of fraud involves the fraudster installing skimming devices in Automated Teller Machines (ATM) which end up stealing data from the user’s card. Pinhole cameras and dummy keypads may be installed at the ATM which capture the Personal Identification Number (PIN) without the knowledge of the user. In some cases, it might also happen that the fraudsters are pretending to be customers and stand real close to the target and have their eyes buried at the keypad to know the PIN. After the required information is collected, the fraudsters might create fake cards or duplicate cards and use them to withdraw money from the targeted customer’s bank account. Precaution: To keep the customers up-to-date and safe the booklet on modus operandi of financial fraudsters issued by the office of Reserve Bank of India (RBI) Ombudsman, Mumbai, suggests that while visiting an ATM, always cover the keypad with your hand while entering the PIN. Other suggestions include, never sharing your PIN with anybody or entering it in the presence of other people. And, lastly, whenever visiting an ATM, check the machine properly for any external devices attached near the keypad or card insertion slot. In this piece, we tried to cover five out of the many fraud techniques deployed by fraudsters to steal financial credentials using fraudulent transactions in Banks. Other tricks might include Online Job Fraud, Impersonation through Social Media, and frauds by compromising credentials on results through search engines among others. However, there are also fraudulent transactions that happen in the Non-Banking Financial Companies (NBFCs) which include, Money circulation/ Ponzi/ Multi-Level Marketing (MLM) Schemes fraud/ fake advertisements for extending loan by Fraudster Company or even an OTP based fraud among others. In the subsequent articles more can be learned about the above-mentioned frauds in detail along with general precautions that can be taken for financial transactions.

With the NSO group’s Pegasus in the global news, there is a buzz around people wanting to know what it exactly is and how it functions so that necessary preventive measures can be taken. From what can be gathered, Pegasus has been identified as a zero click attack, to understand this form of attack some fundamental questions have to be raised. One must as themselves if you can be under threat even when you are just surfing the internet and being careful about not clicking on suspicious links? Is the big brother watching you and who is this big brother? Should one be bothered by hacks being reported or is it just the high-profiled people being targeted? We will try to find the answers to some of these questions in this piece. By the end, it will mainly enable a reader to know what a zero-click attack is and how it functions, along with important methods to save oneself from these sneak attacks being perpetrated in today’s world. What is a Zero-Click-Attack? As one might guess from the name, a zero-click-attack requires zero clicks, which means that this type of cyber threat does not require any voluntary action from the targeted user. This implies that even a very careful and conscious internet user can fall prey to such spyware. When compared to other cyber-attacks and breaches, a phishing network is generally used which means that at some point while using the device, the targeted user must have performed some action (as little as a click on a malicious link) to trigger the spyware in question. But, a zero-click attack, on the other hand, exploits the flaws of the targeted device which means any and all types of devices including macOS, Windows, iOS, and even Android. These attacks use data verification loopholes to work their way up in one’s device. Even though the softwares are continually upgraded and patches are covered by minor updates some loopholes remain and lead to theft of data and privacy. Why should you be worried about a Zero-Click-Attack? Common people like you and me should be careful. These zero-click attacks can be a cause of worry because they are now happening in real life, they are not just a part of sci-fi movies which have unrealistic plots. Science is moving forward and so are the ways hackers trying to steal data. And data as we all know is very important in today’s world, it will be tomorrow’s hottest currency. Mass cyber-attacks are common but zero-click attacks are highly targeted and use sophisticated technology. These attacks can have egregious consequences, which could result in one risking and ultimately losing one’s entire life without even one’s knowledge since they work in the background. Another reason one should be worried is that these malicious softwares install themselves in the background and steal the already existing data on the device along with using the camera, microphone, and location coordinates, so basically real-time data theft also. How does a Zero-Click-Attack work? A zero-click attack primarily looks for loopholes in data verification. So something like an Application Push Notification (APNs) feature could aid a spyware like Pegasus to enter and treat data like its own. Un-updated or not up-to-date softwares are the breeding ground for such attacks since they have not been upgraded with the latest security features to protect themselves from such breaches. A step-by-step guide on how zero-click attacks work: The spyware handler or the threat actor will study and look for any loopholes or vulnerabilities that can be taken advantage of. In other words, it looks for areas that can be exploited in applications that are already on the phone (WhatsApp video-missed call feature, 2019) The second step involves planning on how to inject the spyware into the targeted user’s device. Generally, special data is crafted which might include hidden text messages or images which trigger the spyware and it starts functioning on the victim’s device. The final step involves exploiting the data and privacy of the targeted user. The spyware is made in a way that it does not let the victim know that it is running in the background and keeps sending sensitive data to the person exploiting it. In addition to this, it does not leave any traces behind. Usually, it has a self-destruct mechanism and just vanishes from the targeted user’s device. Are there any other Zero-Click-Attacks apart from Pegasus? As of now not a lot of zero-click attack Spy wares are known to the common people. Pegasus has become widely known because of the allegations that the Indian Government had been spying on several people. And even Pegasus has not always been a zero-click attack spyware. The earliest attack that can be identified which was perpetrated by Pegasus dates back to 2016 which used a spear-phishing technique. It was only in 2019 that the NSO developed Pegasus was identified as a zero-click attack spyware. However, there are other communities where these softwares can be easily found and deployed or even customized, like GitHub, which serves as an open online community of coders. Can you prevent yourself from a Zero-Click-Attack? As we already learned that any patch left untreated can become a data hazard, it seems practically impossible to prevent oneself from such an attack. If we look at how the infamous data breach happened in 2019 via WhatsApp, it was triggered by missed calls and how can one protect themselves from not getting missed calls. The most difficult solution would be to use an archaic handset and discard all smartphones but does not seem feasible in today’s fast pacing world. The only preventive measure that can be taken at large is keeping our devices updated and install all and any minor patches that are fixed by the software providers. Upgrading your phone periodically is also a good idea but it might come off as an expensive one and not as eco-friendly considering how less than 20% of the e-waste is recycled sustainably (according to a report by the United Nations, 2019).

We have all been seeing Pegasus in the news, it is the hottest spyware right now out in the world. But are we paying attention to the right details? Do we know if it will affect us and if it does to what extent, is there a cause of worry? And most importantly, is there a way we can stop it or at the very least, protect ourselves. Politicians and Allies have started accusing each other of spying and saying that their fundamental rights are being violated. We will try to find the answer to most of these questions in this article. What is Pegasus? Pegasus is a malware or a malicious software developed by an Israeli firm NSO Group, it has been in existence since 2010. Pegasus is classified as a spyware because of its ability to be able to gain access to devices, even without the knowledge of the user and then it starts gathering personal information on the user’s device which is sent back to the server or whoever is using this malicious software to spy. It must also be noted, that Pegasus not only transmits the information and data stored on the targeted mobile phone device, it can also turn on the camera and microphone to transmit real-time photos, videos and, audio of the targeted user along with exact location co-ordinates, without the targeted user being aware of any of it. It runs, in the background and also comes with a self-destruct mechanism, if caught or a built-in self-destruct feature after the job is done i.e. the required information is extracted or even a time based self-destruct feature, which means that after a specified period of time, the malware vanishes from the mobile phone. How does it work? From what can be gathered in the news is that the spyware in question does not require any interaction from the target but it was not always like that. According to the brochure provided by Pegasus, it was described as an Enhanced Social Engineering Message (ESEM), up until early 2018. In simpler words, it means that only when a malicious link packaged as ESEM is interacted with or clicked will it start its dirty job of spying and delivering the suitable remote exploit. Also, until early 2018, it had been known that the clients primarily relied upon WhatsApp messages and Short Message Service (SMS) to ploy the target user into opening the malicious links, which further infect the mobile phone device. But now, the times have changed and the technology has become more sophisticated, Pegasus can now be deployed in newer ways. This means prying on people’s privacy is now easier and the chances of getting caught have also reduced manifolds. Pegasus now uses a zero-click method of attacking and also comes with a self-destruct mechanism in-built upon being caught. Now, for Pegasus to be installed and working on a target user’s mobile phone as much as a WhatsApp video missed call is enough. The user does not even have to answer the call for the malware to be installed and up and running. What is a ‘zero-click’ attack? A zero-click attack is an attack that is performed remotely without the knowledge of the user or the target’s engagement. It works by the way of network injections. This gives Pegasus an edge over the other spyware available in the market. As mentioned above, just a missed video call is enough to infect the target user’s device. Another way is an Over-the-air (OTA) option, in this method, a push message is sent covertly which compels the target user’s device to install the software even when the user is unaware and particularly has no control over this. Is your device at risk? It does not matter which operating system you are using whether an Android or an iOS device. Your mobile phone device might still be at risk of getting infected by this spyware called Pegasus. Initially, it was observed that iPhones in particular were targeted through Apple’s default Push Notification Services (APN) protocol and the iMessage app. The spyware will mimic and impersonate as a downloaded application to an iPhone and start transmitting itself via Apple’s servers through push notifications. In 2016, a report about the existence of Pegasus was made to the Cybersecurity firm, Lookout, by the Citizen Lab (an interdisciplinary laboratory based in the University of Toronto). These organisations flagged the threat to Apple and in addition, Google and Lookout made public the details of an Android version of Pegasus. How does Pegasus infect a device? According to the Pegasus brochure, all that is needed to infect a device is a phone number. The phone number of the targeted user is fed to the system for a network injection and the rest of the job is done automatically by the spyware. It might not work sometimes though, in cases when the targeted device’s operating system is upgraded with new security protections or is not supported by the NSO system. The brochure also mentions that the malware can be “manually injected and installed in less than five minutes” and this is possible if physical access is provided to the target device. Is there a way to prevent ourselves? Mobile phone makers and software developers try that the newer versions of the phone are always bug-free and also roll out updates as and when a need is felt. This patching is done to fix minor bugs and make the system stronger and less vulnerable to attacks. Also, as the Pegasus brochure clearly mentions that “installation from browsers other than the device default (and also chrome for android based devices) is not supported by the system”, which means that one can protect themselves by changing their default browsers. One might believe that the best way to protect themselves against such attacks is by switching phones and going back to the archaic handset which allows only basic calls and messages but in this fast-moving world, it will be hard to keep up. Hence, the best way to be less vulnerable to these attacks is by keeping your device’s operating system updated at all times and if your budget allows, change your handset every couple of years, this is perhaps the most expensive yet most effective remedy.

What exactly is a fake mobile install app and do fake install apps really cause that big a problem? Let us try to find out the answer to these questions. Fake installations of mobile apps can lead to loss of revenue for the advertiser. It might not look like not a big figure when seen for a singular advertiser but when aggregated and analysed at the industry level, it shows a different picture. Fake installs or app install fraud in other words is continually growing as an industry. As of 2019, it is an industry as big as $13 Billion, to put this into perspective, according to Statista, the mobile ad industry is worth $233 Billion. So that amounts to a modest figure of well above five percent, which means that these revenues are being leaked out of the industry. What is mobile application install fraud? When apps are installed, it generates revenue but then they are installed by malware or bots or any other nefarious means it is constituted as a fake app install, this is done to collect the revenue or the so-called commission by a fraudulent affiliate partner to take credit for the install. These fake app installs should be distinguished by organic app installs, these are the app installations that would have happened even without the assistance of a marketing campaign. When brands and advertisers look at it from their marketing eyes, they realize that every installation by a targeted customer is very valuable because it enhances brand engagement, recognition, and ultimately conversions. These conversions become the major reason why marketers are enthusiastic and willing to pay for every installation by an affiliate partner. How does mobile application install fraud work? Since we are aware of how sophisticated technology is getting these days, it should also be noted that the umbrella of creating fake app installs is also growing. These methods include the following among others: bots install-hijacking, device ID reset marathons, device ID reset fraud, ad fraud hiding behind Limit Ad Tracking, server-based Installs, device-based Install fraud. With the advancing technology, it would be wrong to say that some fraud methods are not better than others and they are continually improved to make them look genuine. The most commonly exploited model is the CPI (cost per install) campaign. In this method, publishers or ad networks take advantage of the advertisers by misusing the above-stated campaign. As already discussed, advertisers pay for every install to the user which simply means that more installs are equivalent to more revenue generation which eventually translates to more money for networks and publishers. To give a general idea, bots can be used by automated scripts on a mobile phone which are spread through malware. This malware can run programs in the background and infect the mobile phone device without the knowledge of the user. Bots can further be instructed to interact with ads, browse websites and even install apps. One more thing to be noted about bots is that this type of fraud can be done in the cloud and potentially in multiple locations on multiple servers so that it looks authentic. Some fraud schemes also involve human frauds like install farms (in this type of fraud, people are paid to install apps on their phones and even interact with them). Device farm is a low-tech and simple form of fraud where one gets a number of devices and then installs multiple apps, opens them, deletes them, clicks a lot of tracking links, reset every device’s Identifier for Advertisers (IDFA for iOS), or advertising ID (Android). This process of installation and deletion is repeated regularly and ad money is collected. Some other forms of scam where the affiliate is falsely able to claim credit for installations (organic install) involve attribution fraud such as click stuffing or click injection. Another common type of app install fraud is SDK spoofing. From a Mobile Measurement Partner (MMP), the mobile marketers place a software (SDK) that measures and monitors the results of their marketing. This type of fraud involves taking credit by the fraudster for installing an app that is not actually installed. In other words, SDK spoofing is used when malware from the first app tries to and is successful in simulating and attributing for another application on the same device except that the other app is not really installed but the credit for installation is taken anyway. It is also noted that in this kind of fraud, any activity they’re able to simulate on the app, they’re spoofing. Can fake installs be prevented/detected? There are ways that can help in the detection of fake app installs but they have their own drawbacks and most of them are either inaccurate or unreliable and mostly ineffective. To name a few: 1. An abnormal retention rate/ other KPIs: Marketers should be cautious and always keep a track of any abnormal activities in the retention rates or in-app purchases or regarding other KPIs. Anything unusual about a campaign should be looked into because fraudsters are now not only generating fake installs but also continue to send post-install events which are basically like faking a users’ activity. 2. An abnormal number of new devices: It is a statistical technique that is used to detect fake app installs by looking for a high percentage of brand new devices or mobile phones which have never been seen before which are coming from a publisher or an ad network. An abnormally high ratio is a sign of something unusual. 3. SDK Message Hashing The main objective of SDK spoofing is to fake Mobile Measurement Partners (MMP) SDK traffic, hashing is used to protect MMPs messages. Data is taken and then for every app, a secret key combining them to a blob of data is created. This key can be verified at MMP’s backend. There is, however a problem with the secrecy because the users’ apps’ hashes can be extracted by the SDK fraudster. It can thus be understood that fake installs are getting more common day-by-day and harder to detect and prevent too. Apart from these methods, there are devices and tools which help in the prevention of fake app installs, but even they have their drawbacks. So, until a stable technology is widely available, the mobile ad industry will keep losing money.