New Delhi, July 22: The Ministry of Home Affairs (MHA) has warned government officials against 'social engineering' attacks to prevent leak of sensitive information. The MHA asked officials to avoid unsolicited phone calls, visits or email messages from unknown persons claiming to represent some organisation. The ministry told officials to verify identity of the person directly with the organisations they claim to represent.
The MHA issued a list of 'Dos and Don'ts' in its booklet 'information security best practices'. Those involved in 'social engineering' attack manipulate people to obtain sensitive government information without letting them realise that a security breach is occurring. The booklet guides government officials on how to avoid Phishing/Vishing social engineering scams, malicious websites and attacks from hackers. Army Sounds Alert on Its Personnel Joining Open-ended WhatsApp Groups.
The MHA said hackers often ask for information sending an email or text message. The email or text message carrying a link appears to come from a trusted source like a bank. People are asked to click on the link and submit the required details. The link takes you to a fake website and once you put details like login name and passwords, you actually hand over login credentials to the hacker. This is modus operandi of those involved in Phishing social engineering scam. 'Chinese Hackers Penetrating Your Digital World, Targeting WhatsApp', Warns Indian Army.
"So do not reveal personal, sensitive or financial information in emails or messages and do not respond to such emails,” the MHA has advised, reported TOI. Those involved in Vishing social engineering scam use phone calls. They pose as a government officer and asked the receiver to provide login credentials or other information. “So don’t reveal any sensitive information over phone calls," the MHA says in the booklet.
The ministry also cautioned government officers against ‘quid pro quo’, another type of social engineering attack. In this case, a hacker comes to check your computer or laptop posing as a technician and uploads malware with the intention to steal information from your system. The MHA asked officials to check URL of websites that they are asked to visit in an email or text message.