Your Page Title
Tuesday, July 23rd, 2024

Now cyber criminals are not even sparing the CEOs of big companies, these incidents will shock you

New Delhi/Bengaluru : Recently, a Pune-based real estate firm was duped of ₹4 crore when cyber criminals transferred company funds to fake bank accounts by deceiving an accounts officer posing as the company’s chairman. A finance controller at a local unit of a multinational company fell prey to a similar scam worth crores of rupees when the chief financial officer was on leave.

Advanced phishing attacks

Phishing attacks have become more advanced. Cybercriminals are keeping an eye on big people to make more money. Experts said that in the past one year, they have seen at least a two to three times increase in the incidents of so-called whaling attacks or CEO fraud. In this, scammers use social engineering to pose as top corporate officials. They then trick employees into sending money, providing sensitive data, buying gift cards or allowing network access. These incidents often lead to financial losses, data breaches and in some cases damage to organizational reputation for companies.

Increased incidents with CEO/CXO-level officials

Ranjit Bellary, partner, Forensic and Integrity Services, EY India, said that this is a big nexus; organized criminal gangs are active in this. he/she said that we have been investigating social engineering frauds for the last seven-eight years, but the number of those targeting CEO / CXO-level officials has increased recently. Bellary says that fraudsters are using artificial intelligence. They are doing bot-based attacks. In this, by studying the social media profiles of officials and other available content, they are preparing very convincing mails that look legitimate.

Do not trust anyone blindly

Bellary said these attacks are effective partly because of low awareness, but also because fraudsters have realised that it is easy to get employees to act on emails from senior officials. The first line of defence against fraud is that you should not blindly trust a person. Companies are now conducting awareness sessions for employees. However, in most cases, this is proactive rather than reactive.

Most cases not reported

In many cases, companies and individuals try to hide the fact that they have been defrauded. This means that the actual number of cases is likely to be many times higher than the reported number. Not just corporate employees, but even faculty at institutes like IIMs have received emails or WhatsApp messages from hackers posing as directors or top officials.

An IIM director told our sister newspaper ET that mails allegedly sent by him/her were sent to several faculty members. They were asked to buy gift cards and send details. The director, on the condition of anonymity, said that this has happened not once but several times. We have now implemented more strict systems. he/she said that I fear being targeted again. he/she told that many of his/her colleagues in other institutions have also faced the same problem.

I don’t want to tarnish the brand’s image

According to Akshay Garkel, partner and leader-cyber at Grant Thornton India, sometimes it is better for a large company (with annual revenues of Rs 50,000-100,000 crore) to think that it is better to write off a small amount, say up to Rs 3-4 crore, rather than damage the employer brand. Having said that, law enforcement agencies should be informed about all cases, he/she added.

Garkel said that there is a purely financial motive behind these incidents. he/she said that there is a need to improve the level of security awareness in the cases coming to us. There is a need to work more efficiently in monitoring and preventing such incidents.

threat of cyber attack

Almost everyone is vulnerable to cyber attacks. This is because personal information collected by apps and websites can be leaked. This can give fraudsters access to confidential information. Ashok Hariharan, CEO of fraud detection company IDfy, said that his/her company was also targeted. Just a month ago, 50-60 of the company’s 650 employees received an email from Hariharan. he/she said that being in the business of fraud detection, no one fell for it, but such incidents have happened before.

Hariharan says that personal details are easily available. It can be from apps or data brokers who are selling it. It is available on the dark web for just Rs 100-200. Apart from this, the fact that money transfer has become extremely easy through UPI has made it the basis of most frauds. It is very easy to run it on a large scale.

Share on:

Leave a Reply

Your email address will not be published. Required fields are marked *