NEW DELHI : Last week, Patrick Hillman, the communications director of crypto exchange Binance, wrote a blog post detailing how scammers had created deepfakes of him using interviews he had given to various TV stations in order to scam crypto users on social media. While Hillman’s case is a particularly advanced incident, security experts have noted that hackers impersonating senior company executives have become commonplace these days.

“Phishing and scam threats, where attackers pretend to be part of our company and try to trick our own employees, are extremely common. They are not just limited to emails and also spill over to WhatsApp,” said BK Raju, Chief Information Security Officer (CISO) at Oil and Natural Gas Corporation (ONGC).

While citing such an attack on Tuesday, cybersecurity solutions company Check Point said most of these incidents were part of a form of cyberattack called Business Email Compromise (BEC). The company blocked a similar attack where hackers impersonated a company’s chief financial officer (CFO) to scam money from lower-level employees.

To do this, hackers first find legitimate email addresses from a company’s finance department. They then create similar addresses and send emails to company executives, asking them to transfer money to a customer, or for other purposes. They could also request access to sensitive company information.

According to Makarand Sawant, Vice President of Information Technology at Sahyadri Hospitals, a chain of private hospitals in Maharashtra, these threats have gained prominence over the past 2-3 years. He added that deploying advanced threat protection (ATP) solutions, such as a cloud-based email filtering service, can help protect businesses, but no organization is completely immune. of these threats.

“The company has also deployed XDR (extended detection and response) solutions that help detect, prevent and mitigate host-based cyber risks and threats,” he added. XDR solutions use telemetry, data analytics and more to detect security threats before they can cause harm. a business, while cloud-based email filtering tools are meant to catch spam before it reaches employees’ inboxes.

That said, while solutions like this can help, JS Sodhi, group chief information officer and senior vice president of Delhi-based Amity Education Group, noted that “user awareness is key.” to mitigate phishing, spoofing, and other threats.

“We conduct rigorous security awareness and training to help reduce the risk of employees clicking on phishing links or falling victim to other types of attacks,” he said.

Raju of ONGC agrees, saying that to deal with such threats, the company organizes regular initiatives to train its employees on such threats.

“At the end of the day, it is the individual more than the company that pays the price, as most of these massive scam attempts only have financial gain in mind,” Akshat Jain said. , chief technology officer of Indian cybersecurity firm Cyware.

“The main threat that has increased with remote work is the use of personal and work email on the same browser window, and the overlapping of work resources,” Jain said.

“Proxies are increasingly being put in place to filter out these threats, but the risk of an employee not being aware is always there,” he added.

Catch all the tech news and updates on Live Mint. Download the Mint News app to get daily market updates and live trade news.

More less

To subscribe to Mint Bulletins

* Enter a valid email

* Thank you for subscribing to our newsletter.

Post your comment