The Indian government has issued a warning to its employees amid a surge in cyber threats, cautioning against scammers impersonating senior government officials on popular social media platforms such as Facebook and WhatsApp.
This alert is the latest response to targeted cyber attacks affecting government establishments, particularly defence bodies, given their access to sensitive information and data.
In an internal advisory, the Controller General of Defence Accounts (under the Defence Ministry) said, "Recently, it has been observed that cyber criminals are adopting increasingly sophisticated tactics to exploit unsuspecting individuals. There is one such alarming trend that has been on the rise: the creation of fake profiles impersonating senior government officials to deceive and manipulate people into divulging official information/personal details/financial information etc."
Moneycontrol has reviewed the advisory issued in February by the CGDA.
"These scams often commence with cyber criminals collecting information about the individuals through their social media accounts or other online spaces where individuals share personal information," it said.
"Using the information collected, they meticulously craft fake profiles on social media platforms such as Facebook, and WhatsApp, mirroring the identities of trusted figures, such as senior officers, CEOs, or government officials," the advisory said.
"The perpetrators then exploit the credibility of these persons to establish trust with potential victims. Victims receive messages through social media platforms, seeking official/financial information for various reasons," said the advisory.
The defence body advised its employees to always cross-verify any unusual requests directly with the person involved, regularly update passwords, and enable two-factor authentication. Additionally, all users should review their privacy settings on social media platforms to minimise the risk of unauthorised access, it added.
According to Facebook's Help Center, the platform takes down fake profiles if a user reports them. When it comes to WhatsApp, the platform has a set of advisories that it recommends users follow when dealing with suspicious messages.
In response to Moneycontrol's queries, a Meta spokesperson said, "We strongly recommend carefully scrutinising messages that request sensitive information, money, or other assistance, even if those messages initially appear to have been sent from known contacts."
Additionally, the platform also suggested that users activate two-factor authentication for their accounts.
Last month, in another internal advisory, a government body warned officials of vishing, a technique where adversaries use phone calls to trick victims into opening malicious emails sent on their government email IDs.
The adversaries pretend to be high ranking officers to trick victims into opening malicious files. The problem is compounded as the threat actors may also use deepfake techniques to hoodwink such officials.
Earlier this month, the Indian government also warned its officials about how a Pakistan-linked cyber threat actor is leveraging a security vulnerability in WinRAR to deliver trojans such as AllaKore, Ares, etc., to government entities. WinRAR is used for accessing zip files.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
