Recently, a Pune-based real estate firm was duped of ₹4 crore when cyber criminals transferred company funds to fake bank accounts by tricking an accounts officer posing as the company's chairman. A finance controller at the local unit of a multinational company fell prey to a similar scam worth crores of rupees when the chief financial officer was on leave.
Advanced Phishing Attacks
Phishing attacks have become more advanced. Cybercriminals are keeping an eye on big people to make more money. Experts said they have seen at least a two to three-fold increase in so-called whaling attacks or CEO fraud incidents over the past year. In this, scammers use social engineering to present themselves as top corporate executives. They then trick employees into sending money, providing sensitive data, buying gift cards or allowing network access. These incidents often lead to financial losses, data breaches and in some cases, organizational reputation damage for companies.
PressNews24 provides latest news, bollywood news, breaking news hollywood, top tech news, business standard news, indian economy news, world economy news, travel news, mumbai news, latest news mumbai loksabha election 2024, video viral news, delhi news, Only at PressNews24.in
Increase in incidents with CEO/CXO level executives
EY India's Forensic and Integrity Services Partner Ranjit Bellary said that this is a big nexus, organized criminal gangs are active in it. He said that we have been investigating social engineering fraud for the last seven-eight years, but the number of those targeting CEO / CXO level officials has increased recently. Bellary says that fraudsters are using artificial intelligence. They are doing bot-based attacks. In this, by studying the social media profiles of officials and other available material, they are preparing very strong mails that look legitimate.
Do not trust anyone blindly
Bellary said these attacks are effective partly because of low awareness, but also because fraudsters have realised it is easy to get employees to act on emails from senior executives. The first line of defence against fraud is that you should not blindly trust a person. Companies are now conducting awareness sessions for employees. However, in most cases, this is proactive rather than reactive.
Most cases go unreported
In many cases, companies and individuals try to hide the fact that they have been defrauded. This means that the actual number of cases is likely to be many times higher than the reported number. Not just corporate employees, but teachers of institutes like IIMs have also received emails or WhatsApp messages from hackers posing as directors or top officials.
An IIM director told our sister newspaper ET that the mails allegedly sent by him were sent to several faculty members. They were asked to buy gift cards and send details. On the condition of anonymity, the director said that this has happened not once but many times. We have now implemented a more strict system. He said that I am afraid of being targeted again. He told that many of his colleagues in other institutions have also faced similar problems.
I don’t want to tarnish the brand’s image
According to Akshay Garkel, partner and leader-cyber at Grant Thornton India, sometimes it is better for a large company (with annual revenues of Rs 50,000-100,000 crore) to think that it is better to waive a small amount of up to Rs 3-4 crore rather than damage the employer brand. He said that law enforcement agencies should be informed about all cases.
Garkel said that there is a purely financial motive behind these incidents. He said that we need to improve the level of security awareness in the cases coming to us. There is a need to work more efficiently in monitoring and preventing such incidents.
Threat of cyber attack
Almost everyone is vulnerable to cyber attacks. This is because personal information collected by apps and websites can be leaked. This can give fraudsters access to confidential information. Ashok Hariharan, CEO of fraud detection company IDfy, said that his company was also targeted. Just a month ago, 50-60 of the company's 650 employees received Hariharan's email. He said that since he is in the business of detecting fraud, no one fell for it, but such incidents have happened before.
Hariharan says that personal information is easily available. It can be from apps or data brokers who are selling it. It is available on the dark web for just Rs 100-200. Moreover, the ease of money transfer through UPI has made it the basis for most frauds. It is very easy to run it on a large scale.