Nearly a month after WhatsApp made its now controversial revelations about an Israeli software being used to snoop on Indian citizens, Google said on Tuesday that about 500 users from India were among 12,000 people informed about being targeted by ‘government-backed attackers’ between July and September this year.
The affected users were spread across 149 countries, and the number was similar to (up or down 10 per cent) the number of warnings sent in the same period of 2018 and 2017, Shane Huntley from Google’s Threat Analysis Group (TAG) said in a blogpost.
“Over 90 per cent of these users were targeted via ‘credential phishing emails’... these are usually attempts to obtain the target’s password or other account credentials to hijack their account,” he said.
As an example, Huntley explains how a phishing attempt works. An attacker sends an authentic-looking email, which can be made to look like it was sent from Google, with a security alert.
A subtle difference in spelling like ‘Goolge’ would be the only difference and clue for the user. The mail suggests that the user secure their account. The user clicks the link, enters their password, and may also get asked for a security code if they have two-factor authentication enabled, allowing the attacker to access their account.
A phishing attack could also mimic an existing website or webpage and trick a user into entering confidential information on the page.
Phishing attacks in India have been on the rise. In response to a question asked in Lok Sabha on Wednesday regarding cyberattacks in India, Minister of State for Ministry of Electronics and Information Technology Sanjay Dhotre, said, “According to the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), 50,362; 53,117; 208,456; and 313,649 cybersecurity incidents, including phishing, network scanning and probing, virus/malicious code, and website hacking are reported during the years 2016, 2017, 2018, and 2019 (till October), respectively”.
According to a recent report ‘Phishing — Baiting the Hook’ by Akamai, Microsoft, PayPal, DHL, and Dropbox were the top targeted brands when it came to phishing. India has also been one of the top countries where people are targeted through phishing attacks.
A government-backed attack is one that is backed by a nation state, which makes cybercriminals better funded and with access to greater resources to attack a specified target. Russia, North Korea, China, and Iran have been known to sponsor attacks through phishing and other means on people from different countries.
On October 29, WhatsApp sued NSO Group, an Israeli company, for having used a coding glitch in the messaging app that let its customers spy on some people. The software developed by NSO Group for spying is called Pegasus.
WhatsApp fixed the issue, and worked with Citizen Lab, a Toronto-based digital and human rights research group, to reach out to all the affected people and told them what they could do to keep their communication safe.
As many as 1,400 people were targeted by the spyware worldwide and 121 in India — most of them being activists and journalists.
“We encourage high-risk users — like journalists, human rights activists, and political campaigns — to enrol in our Advanced Protection Program (APP), which utilises hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest risk accounts,” said Huntley.
TAG is a part of Google and YouTube’s broader efforts to tackle coordinated influence operations that attempt to game Google’s services. Google said it shares relevant threat information on these campaigns with law enforcement and other tech companies.