Editorial
Prowling Cybercriminals eyeing your Personal details
Opinion | Editorial | John S. Shilshi | 15-Nov-2020
With Covid-19 pandemic virtually pinning the world down to a grinding halt, Cybercriminals are on prowl, targeting beleaguered and hapless public forced into lockdowns. Their footprints are even more profound in India where level of ignorance amongst internet users is said to be much higher as compared to other countries. In India, there are about 700 million internet users, and it is estimated that about 75% of them spend close to 4 hours a day on the net, of which 60% are for chatting on the Social Media – Facebook, Twitter, WhatsApp, Instagram, Telegram etc. Adding to this massive shift in internet browsing habit was the decisions to allow working from home by firms and companies. Within days of the lockdown, about 65% of employees across India’s metropolis began working from home, while 35% workforce did so in smaller towns and cities. Cybercriminals took advantage of this exponential jump in internet usage and began to target not only organized establishments, but also individual end users. While the big organisations have own cyber security protocols, therefore able to wade off many such stealthy attempts to penetrate and steal data, it is the unsuspecting individuals who were on the receiving end. According to the Computer Emergency Response Team of India (CERT-In), Cybercriminals continue to target millions of users every month, and the most common methods used were phishing and social engineering tactics.
Phishing is a tactics where the hacker sends dubious mails to individuals by replicating government of India official logos, and inviting applications from people to avail COVID related government assistance. Personal details are sought through meticulously prepared forms where one is required to provide name, parentage, contact number, address, bank details, income bracket, age profile, profession etc. Column for Debit/Credit card numbers are also included, but for credibility sake, it is shown as ‘optional’. One such attempt that came to notice in recent times was hackers luring people to avail government of India assistance of Rs. 1,000 under the so-called Corona Sahayata Yojana Scheme. The attempt was so widespread and rampant, that the government of India had to issue a clarification stating that no such scheme was on offer. Another report from the National Critical Information Protection Centre (NCIPC) says hackers send out legitimate-looking Corona related advisories to people through dubious mail ids and tempt receivers to respond so that they could open a channel of communication and steal person details. Likewise, the National Technical Research Organization (NTRO) had also reported that “Impersonators were seeking donations for Covid-19 from individuals in the name of some government of India agencies through bogus emails and SMS/WhatsApp messages”. The lists of such attempts go on, but for obvious reasons many went unnoticed and unreported.
Targeting individuals is also quite common using Social Engineering tactics. Here hackers create attractive and appealing messages either in text or video format and sent out to mobile numbers known to them, with request to forward to friends and relatives. Upon receiving such messages, unsuspecting users forward/share the text/video to their contacts or groups in good faith, thereby opening up more doors to potential targets. Every time messages are forwarded to another person, the mobile number get automatically compiled through specially designed software, and in a matter of days, hackers were able to have thousands of numbers in their kitty. A team trained in telemarketing then begins calling up users, posing as employees of Banks, Phone service providers, or insurance Companies. Amongst the thousands contacted, the careless few would give away their details, leading to the hackers stealing money from bank accounts. By the time victims realised and take action, damages were already done. Besides, whenever any of these phones are connected to a computer or laptop, the software enables transfer of personal data from the PC or Laptop to the hackers’ device. With most WhatsApp users known for randomly forwarding messages they received, social engineering tactics is said to be the most preferred medium for hackers.
It must be noted that safeguarding personal details is not only to prevent one’s money from being siphoned off from the account. There are more serious implications as well. For example, hackers could be selling the stolen details to some Terror groups or insurgent outfits for procurement of SIM cards, opening bank accounts, Phone and gas connections since producing identity and residence proofs are now mandatory to avail the services. To overcome these difficulties, terror groups spend substantial sum of money year on year to buy such stolen personal details. Therefore, there is no reason why such stolen data may not fall into the hands of people who are on the other side of the law, especially in the light of the fact that Hacker – Terrorist nexus is a prevalent phenomenon for such dubious deals in this country. The consequences of such pilfering when detected by the law enforcing agencies need no elaboration. Plea of ignorance about own details being used by someone else wouldn’t unfortunately stand the scrutiny of law.
There is no one size fit all solution to completely turn away the hawkish hackers, particularly when internet browsing is done on smart phones. However, judicious use of the internet and discipline while using emails and social media platforms could reduce chances of one becoming a victim needlessly. Avoiding email messages from unknown persons, random forwarding/sharing messages in chat groups, responding to mails purported to have been sent by government agencies without cross-checking them with official website, giving donations through links provided in emails, and accepting friend requests from unknown persons are some of the cautions recommended. Also activating security and privacy settings in social media accounts, and avoiding communication with unknown people are some good habits for all internet users. It needs reminding that the hacker is as invisible and unknown as the Corona virus is, but could enter into one’s domain in most unsuspecting manner. Therefore, proper application of mind before taking any action online or communicating on the social media would go a long way in ensuring safety and security of self and others. In other words, good browsing habit and discipline is needed to ensure safety.
Leave a comment
