Phishing9

Phishing Clickbait Decoded

Posted On April 3, 2022 By Sanjay Tambwekar In Uncategorized /   1 Comment

In this world of online digital commerce, cybersecurity is very important. Most of the breaches happen because the credentials are compromised – not intentionally, but through a phishing attack.  Phishing refers to the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. It can also be a used to get the victim to download malware or ransomware.

I recently received such a mail, and I am sharing this so people can look for signs in the mail or elsewhere, to recognize the phishing attempt.

The Ploy
Surprise the victim, create a sense of panic!  Here is a screenshot of the mail I received. I hadn’t made any purchase at 2:17 AM on 31st March. The expected behaviour is that the victim will get flustered – did my account get hacked?

phishing1
The victim is puzzled, now nudge him to open the document with the details.
This was the content of the attached doc

phishing2
The clickbait is here: the hyperlinks “Report a problem”, or “click here” to cancel your purchase.
The unsuspecting victim is lured into accessing a phishing site where he/she may end up disclosing sensitive information like passwords or credit card details. Remember an Indian Payment Gateway is forced by RBI regulations to use OTP, but an international Payment Gateway will not come under the purview of RBI, and will allow the card to be used as long as all the details on the card are available.
***
So let me attempt and decode this phishing attempt. There are many tell-tale signs, and if you catch even one of them, you should be suspicious.

The email Header
phishing3
Note that the logo shows “Apple Notice”. Genuine companies take every opportunity to reinforce their brand, and therefore if this was a mail from Apple, I would have seen an Apple logo instead of “A N”.
Look at the sender’s address. Even though you see apple.co.cl, be aware that it is not apple.com. The manage-support2839 is also a flag. Suspicious.
Click on the “more” in the header, and you will see
phishing4
Note the misspelt “no reply” and note also that the domain is very different now! There is amazon.com towards the end of the string of letters, but this is not the same as receiving a message from <address>@amazon.com.  Suspicious!

The email body
The “Yesterday” was March 31, 2022, and the mail said the payment “will be made on Mar 30, 2022”!
Note that the mail does not refer to me by name, just a “Dear Customer”. If it was from Apple, they would surely address the customer by name.
If you have made purchases from iTunes or Apple Store in the past, you would have some idea about how the invoice is presented.  So pause and review whether the email looks genuine.
If you don’t recollect the genuine mail, then maybe you will go to the next stage and open the attached file.

The Receipt
phishing5 Zoom in a bit : see the logo is not sharp – not a genuine Apple logo.
Look at the way the text is formatted. Companies take pride in the way they craft their messages, they don’t make such mistakes. Of course, one must be cautious that scamsters will get savvier and more polished and remove such errors.
phishing6
Note that in a genuine document or email, all the items below would be hyperlinks, and not just plain text.
phishing7
But the most important thing to remember : Do not click the hyperlinks. Hover the mouse over them – in this case “manage your password” or “click here to cancel your purchase”. In this example, I saw that the hyperlink was:
phishing8
Note that the link now points to a site in New Zealand! Whenever you see href.li at the start of the URL supposedly sent by a reputed company, that should always be a red flag. Someone is trying to obfuscate and hide.  Best to stay away from it.  Mark the email message as Spam.

If you are looking at such a document on a mobile phone, a long click on the URL should show you the link. If it doesn’t show, be wary and do not click!
Some of the more intelligent browsers may be able to flag the site and warn you to stay away, but this may not always be the case.

Where else to look?
One of the first places I checked was whether I had received any notification from the bank that has provided me the credit card. They will always keep you posted on the purchases made using the instrument, via SMS or email. I hadn’t received any. I then logged into the banking app on my mobile where my card is linked, and checked whether there was any transaction posted there. There wasn’t any.

These data points will confirm that there is no purchase made against your credit card, no credentials are compromised, and therefore there is no reason to panic.

Other Phishing Techniques
The example I have cited above is phishing via email, trying to create a sense of panic.  Scamsters use alternative mechanisms as well. Phishing via phone calls is called vishing, and phishing via SMS messages in called smishing. I will write about these in another blog.
The instances of credentials being compromised because of a technical hack are very rare – it requires a lot of work. But in most cases, you will find that the psychological play on the victim’s mind results in the leak of sensitive information. The main ploy remains the same – create a sense of panic, or lure the victim with the promise of a reward. In both cases, the rational mind is not in control, increasing the chances of a mistake.

Enjoy the convenience, with caution
The two main things to keep in mind:
* Be aware that genuine companies / banks will not ask for your credentials or OTP – whether on phone call, or mail or sms.
* Be aware that there is no free lunch!
So, as described, if any of the checks you do raises a red flag, remember “When in Doubt, Throw it Out! Stay away from the clickbait offered by these phishy fellows, and continue to enjoy the convenience and benefits of digital commerce with confidence.

Title pic credit : Webroot

Social Share
Read More
Helmet_QuestionMark

Helmet : To Wear or Not To Wear

Posted On January 29, 2022 By Sanjay Tambwekar In Uncategorized, Vikram /  1 No Comments

helmet_farokh 

“In cricket, batsmen started using box guards from about 1878, but the helmets came on the scene only in 1978”, Farokh Engineer, India’s dashing wicketkeeper-batsman once joked. “It took us 100 years to realise that we need to protect the upper storey!”

Many people object to the use of helmets citing different reasons: they are cumbersome to carry, they strain the neck, they mess up the hair. They also feel that for short distances or intra-city commute, the helmet is not required. They do not want the law to force them to wear a helmet, it can be a choice.

Data published by the Transport Research Wing of the Government of India [1] shows that a whopping 37% of the fatalities on our roads – and we lose over 400 a day – were 2-wheeler riders, of which almost 30% were not using helmets.

helmet_graph

2-wheeler riders (drivers and pillion) are the most vulnerable because there is no protection around the motorcycle, and since it does not have the stability of a 4-wheeler, it can be thrown off-balance.

So let us take the help of some physics and some anatomy to understand what happens in a crash and how the helmet makes a difference.

Whether one is driving, or in a crash, the law of physics will apply [2][3][4].  Following Newton’s first law of motion, when the motorcycle’s motion is halted, the rider will continue to travel forward (after being thrown off) at the same speed until stopped by another object or the road.  A head-on collision or a T-collision can lead to more severe injuries at high speed. But even at low speed, there is a risk of injury.

helmet_road2

This is because of the vertical movement as the rider falls to the ground, and may hit the head on the side, the forehead, the back, the chin. This vertical movement is the same whether the whether the crash occurs at 20 kmph or at 60 kmph.  And so, the vertical component of the velocity will be roughly the same at the time of impact. The potential energy from the seated position is now converted to kinetic energy. An average adult head weighs about 5 kg. Considering a height of 4.5 to 5.5 feet above the ground, the energy will be about 66 – 80 J, and the head will hit the ground at 19-21 kmph!  Studies have shown that the human skull can crack if the impact energy is 14 – 65 J depending on the point of impact [5].

When the rider hits the ground, there is a sudden deceleration. The change in velocity is instantaneous: from 20 kmph down to 0 in a fraction of a millisecond. All the kinetic energy due to the motion is now dissipated instantly, resulting in injuries to the rider.

What does the helmet do?

helmet_schematic

 

The helmet shell prevents any pointed objects penetrating. It also protects the rider from the lacerations due to friction as the horizontal movement comes to a halt.

 

Part of the crash energy is dissipated by the outer shell. This breaks the bonds in the material, and the shell is broken or deformed. The shell also spreads the impact over a broader area. All of which helps protect the head from damage.

 

helmet_csfThere is more. Our brain sits inside our skull, suspended in the cerebro-spinal fluid, encapsulated by a thin layer of duramater [7].  In a crash, the outer shell comes to a halt the moment it hits the ground. But the head continues to travel and will hit the helmet inside. The brain is violently shifted inside and will hit the inner wall of the skull. This can lead to concussion. The angle of impact will determine whether the brain moves to-and-fro or also goes through some twisting, stretching movements. This can lead to damage to the brain cells, affecting cognition, memory, concentration.

This is where the layer of foam – the impact-absorbing liner – comes into play.

The laws of Physics [2][3][4] tell us that the force acting on the skull / brain will be related to the change in the velocity, and the time over which this change occurs.

F = m (Δv) /Δt

We cannot control the mass. The change in velocity is also roughly fixed: 20 kmph, instantaneously.  Therefore, to reduce the force, we must slow down the process to extend the time over which the head meets the helmet. The layer of foam has a “give” and since it gets compressed, it increases the time over about 6 to 10 msec. These pictures from lab tests [8] will give you an idea of the way foam slows down the change of velocity, and thus reduces the force of the impact.

helmet_labtests

helmet_damaged

 

The foam used in the liner can absorb a lot of energy. In the process, the foam itself gets crushed, and stays that way. If it were to rebound, the head would be tossed once again!

As you can see in the picture, the helmet itself takes a solid beating while it protects the head. Hence, we discard helmets that have been in a crash.

There is constant endeavour to improve helmets and rider safety using newer materials that are tougher but lighter, adding layers to the liner, arranging the internal structure to distribute the impact over an even greater area. And while improving safety, there is a simultaneous attempt to make it more comfortable with the padding and the ventilation.

There is a saying in Hindi : “sir salaamat toh pagadi pachaas!” which means that if the head is in good health, one can play many different roles with ease – in the family, in the professional circles, in the community.

helmet_priceless

So, strap on your helmet snugly whether you are riding in the driver’s seat or pillion. But may it never come into play! Ride Safely!

PS : Young students who are interested, can do an egg drop experiment to understand the effect of foam; and a melon drop test to understand the overall effect of the helmet. Ask your teachers!

References

  1. https://morth.nic.in/sites/default/files/RA_Uploading.pdf
  2. https://www.physicsclassroom.com/class/momentum/Lesson-1/Real-World-Applications
  3. https://helmetgeeks.com/helmet-and-motion-physics-an-introduction-to-the-science-of-how-motorcycle-helmets-protect-your-head
  4. https://www.sportbikes.net/threads/physics-of-helmets.371666/
  5. Biomechanics of skull fracture https://pubmed.ncbi.nlm.nih.gov/8683617/
  6. https://www.researchgate.net/figure/Schematic-diagrams-showing-the-various-components-in-a-a-typical-motorcycle-helmet-41_fig9_267370663
  7. https://www.daviddarling.info/encyclopedia/C/cerebrospinal_fluid.html
  8. https://helmets.org/general.htm

 

Social Share
Read More

Spread the message

Posted On August 13, 2015 By Shubhangi Tambwekar In Uncategorized /   1 Comment

Dear Friends of The Arundhati Foundation,

We have realized that educating and spreading awareness about Road Safety and Responsible behaviour is the ONLY way forward. We are a reflection of  our education, our training and values .We are what these three virtues have made us .We have learnt from our parents, teachers and elders and what we learn in our formative years is what moulds us to be what we are.

We are now looking to spread and re enforce the message on road safety through schools in Bangalore to make a beginning. This year, our city has unfortunately made it to the ‘ top’ spot in number of vehicular accidents in the country.

Those of you who are associated with schools or are on school boards or are in a position to put us through to the Principals or teachers of various schools, please lend us a helping hand to get this message across.

There are quite a few people who have written to us letting us know that they want to be a part of the activities of the foundation. This gesture is so reassuring to us. It tells us that there are a lot of people out there who care but don’t know how to go about doing this.

We will share the training material that we are developing with those of you who would be able to take this step forward with us

To our supporters from Hyderabad and Trichy ! Many thanks. You do not know us. Neighther did any of you know our child. But you stepped in and made us feel worthy of your love.

To those of you who have so generously offered us funds…thanks a million. As of now, we have this model where we put our earnings into the foundation. My daughter always concentrated on small steps..’ Baby steps’ as she called them..and she put her baby steps forward to have a strong but sincere foundation.

She will lead us on to where we are supposed to go ..and with your help, we will reach there.

Many thanks!

Shubhangi

 

Social Share
Read More