Author: DN

Truecaller starts storing Indian user data locally

Sweden-headquartered phone directory app Truecaller announced on Wednesday that it is locally storing the Indian users’ data to ensure transparency and provide faster and more reliable services. The company becomes one of the first international technology companies to proactively take this step.
“Truecaller is one of the first international tech companies to proactively take the step of storing its Indian users’ data locally in India. This is a user-centric move that is aimed at safeguarding personal data and encouraging more transparency in the ecosystem,” Truecaller said in a statement.  With locally stored data, and significant investments in its Indian infrastructure, Truecaller has also doubled the search result speed for its core services like caller ID and spam detection, it added.

It said for the overseas part of the transaction, the data may be stored in a foreign country.
The draft of Personal Data Protection Bill, 2018 — drafted by a high-level panel headed by Justice B N Srikrishna — also restricts and imposes conditions on the cross-border transfer of personal data.
The central bank’s data localisation policy had elicited mixed response from the payment services industry.
The RBI, in April last year, had issued a circular instructing all payments system providers in the country to ensure that data relating to systems operated by them is stored only in India and had set a deadline of October 15, 2018. “All system providers shall ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details/information collected/carried/processed as part of the message/payment instruction,” RBI said in its 6 April 2018 circular.

Truecaller pointed out that it was already storing payments data of its Indian users, who use its unified payment interface (UPI)-based payment service in India. 

PayPal Credentials Stolen Through Phishing Attacks

Recently an in-developed ransomware has been found that attempts to take the user’s PayPal credentials through a phishing attack notwithstanding encrypting files. The ransomware itself is ‘unremarkable’, yet the cleverest part is the ransom note as it offers a choice to the user to pay through PayPal just as the typical Bitcoin course.

Found by the MalwareHunterTeam, the trick offers criminals a one-two punch of advantages: Individuals who pay utilizing the internet’s payment technique will be coordinated to a persuading looking phishing website which will endeavor to take the unfortunate user’s PayPal credentials.

Be that as it may, in case of the PayPal phishing site choice when users tap on the “Buy Now” button, they are thusly directed to the Credit card part of the phish, in this way skirting the login.

What’s more, when the victim submits their data, it is sent to http://ppyc-ve0rf.890m.com/s2 [.]php, where personal data of the individual, for example, their address is stolen. The phishing page at that point tells the user that their account unlocked and they are diverted to the PayPal login page and incited to sign in.

Since ransomware is growing to be progressively advanced and for this situation, it’s much increasingly deadly joined with yet another attack vector i.e. phishing. Consequently it’s not constantly conceivable to abstain from being hit by ransomware, yet in the event that one is, some basic steps can help diminish its effect.

Jake Moore, cyber security expert at ESET says this phishing attempt “inherently uses classic techniques that have been used for years and can usually be overcome by educating users” later adds,  “Targets will always need to be on guard when sent to a link and it’s vital they actively check the URL – especially when the phishing site looks very genuine.”

In this manner the most reasonable activity is not to give away one’s personal details except if one is certain beyond a shadow of a doubt that the site is genuine. Also abstaining from tapping on any link or download or open a document except if the user is certain that it is from a ‘reliable source’.