Never miss a great news story!
Get instant notifications from Economic Times
AllowNot now

You can switch off notifications anytime using browser settings.
Stock Analysis, IPO, Mutual Funds, Bonds & More

Beware of ‘social engineering’ attacks: Home Ministry

The Home ministry has cautioned government officers against online attacks seeking unauthorised access to sensitive information by impersonation.

, TNN|
Updated: Jul 22, 2019, 10.55 AM IST
Untitled design (6)
Minister of Home Affairs Amit Shah
NEW DELHI: The home ministry has cautioned government officers against online ‘social engineering’ attacks seeking unauthorised access to sensitive information by impersonation via telephone or email. It has, as part of ‘information security best practices’ put out recently, asked officials to avoid unsolicited phone calls, visits or email messages from individuals asking for personal or government information, without verifying the latter’s identity directly with the organisations they claim to represent.

Explaining how social engineering is designed to consciously manipulate people to obtain information without their realising that a security breach is occurring, the booklet put together by the cyber and information security division of the MHA guides officers on how to avoid Phishing/Vishing social engineering scams, malicious websites and attempts by hackers to break into government systems by conveying a sense of urgency in sharing information.

As part of the Phishing social engineering scam, the ministry said, the hacker typically sends an email or text message to the target, seeking information that might help with a more significant crime. For instance, a hacker may send emails that appear to come from a trusted source like a bank, asking the recipient to click on a link to log in to their accounts. The link may take one to a fake website, and when they log in, they are essentially handing over their login credentials to the hacker. “So do not reveal personal, sensitive or financial information in emails or messages and do not respond to such emails,” the MHA has advised.

Such social engineering can also be done using Vishing, which uses the same modus operandi as Phishing but involves voice. A hacker may call an officer, posing as a government officer. The hacker may prevail upon the victim to provide login credentials or other information that can be used to target the organisation. “So don’t reveal any sensitive information over phone calls,” the best practices booklet says.

Attention was also drawn to ‘quid pro quo’, another type of social engineering attack that involves exchange of information which the victim is made to believe is a fair deal but is actually meant to only benefit the hacker. For instance, a hacker may pose as an IT support technician and take control of the victim’s computer and load it with malware, steal personal information from the computer or commit identity theft.The MHA has also asked government officers to be cautious of the URL of websites, since malicious websites may look like a legitimate site but use a variation in spelling or a different domain.

Pointing to the risk of hackers sending messages conveying a false sense of urgency or using high-pressure sales tactics to force government officers to share sensitive information, the MHA has specifically directed them not to let “urgency influence your careful review”.

Further, the booklet said emails from foreign lottery or sweepstakes or requests to transfer funds from a foreigner for a share of the money were “guaranteed scams”, and asked officers not to respond and delete such emails. The ministry has also asked officers to change passwords that they may have been revealed to anyone, besides changing them for each of the other accounts that used the compromised password.


Also Read

Has BJP got its social engineering right in Rajasthan?

Why the Sabarimala verdict is an act of social engineering

Team Yogi mirrors Amit Shah's social engineering

Mayawati's reworked social engineering formula flops

Add Your Comments
Commenting feature is disabled in your country/region.
Download The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.

Other useful Links

Follow us on

Download et app

Copyright © 2019 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service