DailyPost 3056
GMAIL – HACKS OF A DIFFERENT KIND
We all have been hearing of digital arrests and despite lots of efforts it has not been yielding the right results. Despite the PM talking about it and also clarifying that digital arrest is a legal myth and that the government’s investigative agencies don’t work in that manner, the issue has not died down. The preventive cyber mechanism is working overtime but the cyber crooks are having the better of it. The name of the game is social engineering and operates on soft skills sufficient enough to befool you. They work in their distinct area of expertise of creating a make believe threat scenario and portray that they are eager to provide you with support, so that you are able to come out of the complex legal mess.
The tantrums of officialdom; nature of communication, props to legal proceedings and near original documents are posted in front of you as a clincher and a vast majority fall for it. Expertise, precision and confidence are the cyber crooks’ assets. From here we change gears to Google, the world renowned IT behemoth, which has now confirmed that Google users have reported two factor authentication bypass threats and novel attacks. Google has also confirmed the vulnerabilities of its AI. Google has confirmed an AI hack and has warned its user base of 2.5 billion users of the developments.
The primary storyline in Google’s case is that the cyber criminals convince you that they belong to Google support, the caller on the face of it looks legitimate. They claim that they are doing their job of account recovery as your account has been compromised. A ‘support agent’ mail is sent to the user’s Gmail account, which looks genuine, with a recovery code. It seems to be an elaborate scam. The language, accent and demeanour does not raise any doubt. The voice on the other end sounds genuine, nonetheless it is a scam to handover their login credentials to gain access to their accounts.
In the dynamic, fast moving world of cyber crooks is a game of exploiting vulnerabilities of every kind and of bypassing security controls. Convincing phishing mails and calls aiming to gain access through the account recovery way is currently the name of the game. Companies should preempt in a best case scenario, failing which they must be able to quickly adapt and respond to these threats. Otherwise, where does the user go? What we require henceforth is a proactive and flexible approach to cyber security. The need of the hour is to have regular security assessments, getting actionable threat intelligence, having a well oiled system of vulnerability management and incident response planning.
HACKING THE SOCIAL ENGINEERING WAY IS TURNING OUT TO BE THE NEW NORMAL.
Sanjay Sahay