Got a mail that talks about Corona infections in your area? Beware! The Ministry of Home Affairs, in a notification earlier this month, instructed all citizens to download and use the Aarogya Setu app. It also asked the head of organisations to make sure that every employee uses the app. This has allegedly led to a 700 per cent rise in the number of phishing scandals, said Ankush Johar, Director at HumanFirewall and Infosec Ventures.
HumanFirewall, a firm which develops anti-phishing tools and tracks phishing across the globe, has identified two major types of phishing attempts — one directed to individuals and the other towards firms. "We have all been scared of contracting the disease ever since the pandemic has taken over the world. So, when you get a mail that says that people have been infected in your area would you not open it? Maybe you know what phishing is or you are smart enough not to give your OTP and card details to strangers, but these are extraordinary times and you are curious and this is urgent news. That's what the hackers prey on — they create a sense of urgency so that you open the mail without giving it much thought," said Ankush. "The mail or message asks you to download the Aarogya Setu app. But it does not take you to the App Store. It asks you to download an apk file. That will download an application to your phone. This is a fake app that will give the hacker access to your phone. They can now do anything with your phone — take valuable data, personal data, listen in on you by activating the microphone of your device and a lot more. These apps can also download malware on your systems to hack all your data as well," he added.
The hackers are not limiting themselves to individuals though. Since the announcement by the Home Ministry that asked CEOs to enforce the use of the Aarogya Setu app, the phishing scandals have seen a meteoric rise. "The employees now expect a mail from the CEOs or the HR department. So it has become an easy way in for the hackers. What they attempt to do is get your office credentials. This gives them access to the company's servers and higher the position of the employee more the threat as they would have more clearance," said Ankush. "On our part, we have opened up our tool to organisations, both public and private, to use it free to counter this threat. Whenever you get an email our tool will tell you whether it is dangerous and has been received by others of your company as well," he added. Army personnel have also complained of being victims of such scams.
While the attacks on the firms are to gain access to their internal servers, individuals are being targeted to get access to their financial credentials. "There are 46 lakh credit card details floating in the black market. Suppose the hacker has your details and now has baited you to download the fake app from the apk. They now have access to every message that come into your inbox, including the one with the OTP. This is exactly what they showed in Jamtara, the Netflix series, except here, you don't have to tell the hacker anything over the phone. They can access your message, Read the OTP, take your money and then delete the message that says that you have spent so much. So you will have no clue that your Money has been taken away," added Ankush.
.jpg?w=640&auto=format%2Ccompress)
The hackers were taking a maximum of Rs 10,000 from the individual victims, this got the HumanFirewall team interested. "We wanted to find out why they were just taking Rs 10,000. We found that once your transactions go beyond the Rs 10,000 mark the KYC regulations get stringent. They would just make a fake profile on any other online wallets and transfer the money and once they were done delete that account as well," Ankush said and added that the team has traced some of the frauds to a company called digitaloceans.com. "They had a 1 GB server that is rented out for $5 per month. Imagine this, they can spend $5 and fleece hundreds in a day," he added.
The number of hackers have seen an exponential rise in the past few years. Demonetisation had thrust people who had no internet literacy, into the world of digital money, said Ankush. "Hackers go where the money is. Once digital money was forced on people who had no idea of how to use it, they were exposed to risks and the hackers had a field day. Demonetisation is what we call a black swan moment," he added. But that's not it. The exponential rise, Ankush said, comes from the hackers who make even a little money. Just like the Jamtara story, they go and boast to people even if they make Rs 5,000 from hacking. "What started off as one guy now becomes an army. The hacker recruits people and train them and the network spreads. India is now a hub for phishing. Indian IPs are being used, not only for Indian scams but phishing scams all over the world," he added.
