Follow Us:
Monday, July 16, 2018

Phishing attacks: Verify identity of caller before sharing information: Govt to staff

Phishing, often used for bank and credit card frauds, is now being used by bogus callers masquerading as officials to acquire sensitive information.

Written by Amitav Ranjan | New Delhi | Published: December 18, 2015 2:38:47 am

Following phishing attacks by overseas hustlers to extract vital intelligence from sensitive installations, the Ministry of Home Affairs (MHA) has directed government employees not to share any information without verifying the identity of the caller or seeking permission from the appropriate senior.

“Officers working in these installations need to be briefed not to share any information with outside agencies/authorities without verifying the credentials. Receiver of the call should ask the caller to give his number, which should be first verified, and then only information be shared by calling that number; but all this should be only after approval from an appropriate senior level,” the MHA said in directive dated November 27.

“As vital installations of India continue to be high on the target of terrorist outfits, it is imperative to sensitise not only the heads but other officials/staff of sensitive installations to remain on guard against such attempts,” the MHA said following a report by central intelligence agencies that “inimical forces or suspected intelligence operatives continue to make efforts to collect information from sensitive installations using various ingenious methods”.

Phishing, often used for bank and credit card frauds, is now being used by bogus callers masquerading as officials to acquire sensitive information.

One such attempt, says the MHA, was on October 22 when a person posing as a senior diplomat at an Indian embassy tried to elicit information from the head of a defence installation over phone, saying facts were required for sharing with the host country as part of a bilateral obligation.

“While no information was shared with the caller, enquiries later revealed that there was no such officer working in that embassy,” the MHA said.

A similar attempt to elicit information from another vital unit was made a year ago by using a forged letterhead of another government department.

According to the National Crime Records Bureau (NCRB), a total of 9,622 cases were reported in 2014 under cyber crimes (which includes Information Technology Act, offences under related sections of IPC and offences under Special and Local Laws or SLL) as compared to 5,693 cases registered during 2013 — an increase of 69%.

In 2014, data on SLL cases related to cyber crimes were also collected. Maharashtra (1,879 cases out of 9,622 cases) reported the highest number of such crimes, accounting for 19.5% of total cyber crimes followed by Uttar Pradesh (1,737 cases out of 9,622) accounting for 18.1% and Karnataka (1,020 cases out of 9,622 cases or 10.6%). The NCRB said a total of 5,752 persons were arrested under such crimes during 2014 as compared to 3,301 persons arrested in 2013 — a 74.3% increase.

For all the latest India News, download Indian Express App