Government officials and organisations have been alerted by the Cabinet Division that malicious hacking groups are stealing information using spoofed messages.
The cabinet division’s advisory claims that hostile intelligence agencies are trying to hack senior officers using SMS spoofing. Senior officers receive a spoofing SMS from an unknown number asking them to call back. If they do, a hacking attack is launched, sensitive data is stolen, and unauthorised access is gained to the target’s device.
The target of such attacks might also miss a call from a recognised number. With the help of this spoofing technique, hackers can coerce their victim into clicking on links in an SMS message. The target’s device will be compromised and their private information stolen if they click on these links.
The advisory claims that hostile intelligence agencies are using the mobile numbers of military and defence force personnel to send spoof SMS and WhatsApp messages to specific targets (since the majority of contact lists from these individuals’ mobile phones had been leaked or compromised over time). A missed call or the dissemination of a carefully crafted message are frequently used to trick victims into disclosing their personal information or clicking on dubious links.
The fake numbers can be produced by numerous websites and software programmes. For international calls, the majority of spoofing services append the originator’s country code; as a result, in some careless hacking attempts, those numbers also have the Indian country code (+91) appended.
Government representatives were advised not to return calls from unknown callers or send text messages from unknown senders. Additionally, carefully check for spoofing by counting the number of callers or message senders. Missed calls and SMS from strange numbers should be treated suspiciously, particularly if they come from international numbers.
In order to add an additional layer of security to accounts and applications, it has requested that the authorities enable two-factor authentication for WhatsApp and other pertinent platforms.
In order to mitigate vulnerabilities, the advisory has advised government officials to avoid clicking on links they receive via SMS or WhatsApp unless they are certain of their authenticity and to keep their mobile devices and applications up to date with the most recent security patches or updates.