New Delhi Last week, Patrick Hillman, chief communications officer of crypto exchange Binance, wrote a blog post detailing how scammers used interviews given to various TV channels to scam crypto users on social media about them. Deepfake was made. While Hillman’s case is a particularly advanced incident, security experts have noted that hackers impersonating top-level company executives have become commonplace nowadays.
“Phishing and scamming threats, where attackers pretend to be from our company and try to defraud our own employees, are extremely common. They are not just limited to emails, but also spread to WhatsApp, BK Raju, Chief Information Security Officer (CISO) at the state-run Oil and Natural Gas Corporation (ONGC).
Cybersecurity solutions firm Check Point on Tuesday cited one such attack, saying that most of these incidents fall under a cyber attack called Business Email Compromise (BEC). The company prevented a similar attack where hackers posed as the company’s chief financial officer (CFO) to dupe money from lower-level employees.
To do this, hackers first find legitimate email addresses from the company’s finance department. They then create similar looking addresses and send mails to company executives, asking them to transfer money to the customer or for other purposes. They may also ask for access to sensitive information about the company.
According to Makarand Sawant, vice-president-information technology, Sahyadri Hospital, a private hospital chain in Maharashtra, such threats have gained more prominence in the last 2-3 years. He added that while deploying advanced threat protection (ATP) solutions such as a cloud-based email filtering service can help protect firms, no organization is completely safe from such threats.
“The company has also deployed XDR (Extended Detection and Response) solutions that help detect, prevent and mitigate host-based cyber risks and threats,” he added. XDR solutions use telemetry, data analysis and more to find security threats before they can hurt a company, while cloud-based email filtering tools are meant to catch spam emails before they arrive in employee inboxes.
That said, while such solutions can help, JS Sodhi, the group’s chief information officer and senior vice president of Delhi-based Amity Education Group, said that “user awareness is key” to reduce phishing, spoofing and other threats. .
“We conduct rigorous security awareness and training to help reduce the chances of employees clicking phishing links or falling prey to other types of attacks,” he said.
ONGC’s Raju agreed, saying that to tackle such threats, the company takes regular initiatives to train its employees about such threats.
“At the end of the day, it pays a higher price than the company, as most attempts at such wholesale scams only result in financial gain,” said Akshat Jain, chief technology officer at Indian cyber security firm Cyware.
“The major threat that has arisen with remote work is the use of both personal and work email on the same browser window and overlap of work resources,” Jain said.
“Proxies are being put in place to address such threats, but the risk of an uninformed employee still remains,” he said.
catch all technology news And updates on Live Mint. download mint news app to receive daily market update & Live business News,