Slide Deck: Cyber Resilience Blueprint

Cyberyog provides external penetration testing by simulating outside threats attempting to breach a client’s network through methods like searching for public-facing servers, sniffing traffic, and exploiting external resources.
Conversely, their internal penetration testing simulates an inside threat aiming to access sensitive information while actively trying to evade detection from internal network defenses such as firewalls.

Continue reading

The Fake Delivery Message Scam: How It Works and Why It Keeps Working

If you live in India and use online shopping or food delivery apps, chances are you have seen a message like this: “Your parcel is on hold. Please confirm your address using the link below.” The message looks routine, harmless, and urgent. That is exactly why this scam keeps working.

The first reason is timing. Indians receive a huge number of legitimate delivery updates every week from e commerce platforms, courier companies, and hyperlocal services. Scammers take advantage of this habit. When a message arrives saying there is an issue with a package, most people assume it is related to something they recently ordered and click without thinking twice.

The second trick is imitation. Scam messages often copy the tone, language, and branding style of real courier services. Some even use sender names that resemble logistics companies. Once the victim clicks the link, they are taken to a fake website that asks for personal details, mobile numbers, or small “re delivery fees.” That is enough to capture card details or trigger UPI fraud.

A common real life example seen across Indian cities is the fake India Post or courier reschedule link. Users report being asked to pay as little as twenty or thirty rupees. The amount feels insignificant, so people proceed. Behind the scenes, the page is harvesting card data or setting up future fraud attempts.

Another reason this scam works is data availability. Scammers already have access to leaked phone numbers and shopping behavior from previous breaches. That allows them to target people who are more likely to be expecting deliveries, making the messages feel personal and believable.

Finally, urgency does the psychological heavy lifting. Messages warn that parcels will be returned or orders cancelled within hours. Urgency shuts down rational thinking and pushes quick action.

This scam is not about technology alone. It is about manipulating everyday habits. For businesses, it highlights the need for stronger customer communication controls and better protection of user data. For individuals, it is a reminder that real delivery companies do not ask for payments or sensitive details through random links. In cybersecurity, the weakest link is rarely the system. It is human attention, stretched thin by convenience and speed.

Why You’re Getting Scam Calls Even Though You Never Shared Your Number

If you live in India, scam calls have probably become a routine annoyance. Calls claiming to be from banks, UPI support, insurance providers, or even government departments often arrive out of nowhere. What makes this alarming is that many people are confident they never shared their phone number publicly. Yet, the calls keep coming.

The most common reason is data leakage. Almost every digital service in India asks for a phone number, whether it is food delivery apps, online shopping platforms, job portals, coaching institutes, or local service apps. When these platforms fail to secure their databases properly, phone numbers get exposed. Once leaked, this data is copied, resold, and reused endlessly.

Another major factor is indirect data sharing. Many apps and websites share user data with third-party advertisers and partners under vague privacy policies. A simple action like signing up for a free trial, registering for a webinar, or scanning a QR code at a store can put your number into multiple databases without you realizing it.

A real-life example seen across India is job-related scam calls. In recent years, users who registered on small job portals started receiving fake HR calls offering work-from-home roles. The callers sounded professional and knew basic details, which made the scam convincing. Victims later discovered their numbers were sourced from compromised job databases.

Telecom number recycling also plays a role. When a number is reassigned, scammers may already have it listed from the previous owner.

Scam calls are not random accidents. They are the outcome of weak data protection, poor cybersecurity practices, and uncontrolled data sharing. For Indian businesses, this is a serious reminder that protecting user data is no longer optional. Once personal data leaks, trust is lost, and damage is permanent.

One of the biggest reasons is data breaches. Indian users’ phone numbers often get exposed when apps, websites, or service providers suffer security lapses. Food delivery apps, e-commerce platforms, EdTech portals, and even small local service apps collect phone numbers. When their databases are compromised or poorly secured, this data ends up for sale on underground forums.

Another common source is data sharing without consent. Many apps bundle user data with third-party advertisers or “analytics partners.” Even if you never posted your number online, signing up for a discount, Wi-Fi access, or a contest may quietly pass your details along.

A real-life example: in 2023, several Indian users reported scam calls shortly after registering on lesser known job portals. The pattern was clear fake HR calls offering high-paying roles, followed by demands for “registration fees.” The victims had only shared their number once.

Then there’s number recycling. Telecom operators reassign old numbers. If the previous owner shared it widely, scammers already have it on their lists.

Finally, automated dialers simply brute-force Indian number ranges, especially active series like +91 9XXXXXXXXX.

Scam calls aren’t random. They’re a symptom of weak data protection practices. For businesses, this highlights the urgent need for stronger cybersecurity controls, responsible data handling, and compliance with India’s DPDP Act because once data leaks, control is lost forever.

Privacy Nightmare of Fitness Bands & Smartwatches

Remember when watches just told time? Those days are long gone. Today, that sleek band on your wrist knows more about you than your closest friends—and it’s probably sharing those secrets with strangers.

If you’re wearing a fitness tracker or smartwatch right now, we need to talk about what it’s really doing behind those colorful health stats.

When Fitness Data Becomes a National Security Threat

Let me start with a story that should terrify anyone wearing a fitness band.

In November 2017, fitness app Strava published a global heat map visualizing over 1 billion activities from 27 million users worldwide. The colorful visualization showed popular running and cycling routes across the globe. Pretty harmless, right? Wrong.

In January 2018, Australian student Nathan Ruser noticed something alarming: the heat map inadvertently revealed the exact locations and patrol routes of secret U.S. military bases in Afghanistan, Syria, and other conflict zones. Soldiers and contractors jogging around classified facilities had their fitness bands recording every step, creating glowing GPS breadcrumbs that mapped out supposedly hidden installations.

The Pentagon was forced to acknowledge the security breach. Major Adrian Rankine-Galloway stated that the Department of Defense was reviewing its policies on personal devices and GPS usage, emphasizing the need for “situational awareness” when sharing personal information. Major news outlets including The Guardian, NBC News, and NPR extensively covered how this fitness data exposed not just base locations, but also individual service members’ identities and movement patterns at classified sites.

If military-grade operational security can be compromised by a Fitbit, what does that mean for your personal privacy?

Your Wearable is a Walking Surveillance Device

Here’s what most people don’t realize: your fitness tracker isn’t just counting steps. It’s creating an incredibly detailed profile of your entire life.

These devices monitor your GPS location every second, track your heart rate patterns throughout the day, analyze your sleep quality, measure stress levels through skin conductivity, and record detailed workout routines. Combined, this data reveals when you’re home, when you’re traveling, when you’re stressed, and even when you’re being intimate with your partner.

Researchers at the University of Toronto proved something even more disturbing: they could predict users’ passwords with startling accuracy by analyzing hand movements and heart rate changes captured by wearables during typing. Yes, your fitness band can literally watch you enter your banking password.

fitness_privacy_bluetooth

The Bluetooth Backdoor Nobody Talks About

Most fitness bands sync via Bluetooth Low Energy (BLE) for convenience, but convenience and security rarely shake hands. Security researchers have repeatedly demonstrated how easy it is to intercept Bluetooth transmissions from wearables in crowded places like gyms, airports, or coffee shops.

In 2020, cybersecurity experts discovered critical vulnerabilities in popular fitness trackers that allowed attackers within Bluetooth range to inject false health data or extract personal information without any authentication whatsoever. Someone could be sitting next to you on the train, silently harvesting your health metrics or tracking your exact location, and you’d never know.

Your Data is Being Sold While You Sleep

Think your health data stays between you and your device? Think again.

Fitness companies routinely share or sell “anonymized” data to third parties, but anonymization is largely a fiction. Research from 2019 revealed that 95% of Americans could be uniquely re-identified using just four timestamped location points—exactly the kind of data your smartwatch generates constantly throughout the day.

Insurance companies are already partnering with fitness tracker manufacturers, offering premium discounts in exchange for access to your health data. Today it’s voluntary. But as this practice normalizes, how long before it becomes mandatory? Will you be denied coverage or charged higher rates because you refused to be monitored?

How to Protect Yourself Without Ditching Your Device

I’m not saying you need to throw your smartwatch in the trash (though that would certainly solve the problem). But you do need to be smarter about how you use it.

Start by disabling features you don’t actually need—continuous heart rate monitoring, always-on GPS, and automatic activity detection are convenient but unnecessary for most people. Dive into your device’s privacy settings and opt out of every data sharing program you can find. Use airplane mode during sensitive activities or in private locations.

Never sync your wearable on public Wi-Fi without a VPN, and regularly review what apps have access to your fitness data on your phone.

The Bottom Line

Here’s the uncomfortable truth: that fitness tracker monitoring your health is simultaneously monitoring everything else about your life. Every step, every heartbeat, every location creates a permanent digital record that could end up anywhere.

Before you strap on that smartwatch tomorrow morning, ask yourself: is knowing your exact step count really worth creating a lifetime surveillance record of your most intimate moments?

Your health data isn’t just sensitive—it’s the most personal information you have. In an age where data is the new oil, your wrist is an oil well, and someone else is profiting from it.

 

Stay secure out there.