Don’t trust caller ID info; can be spoofed easily: Cyber advisory to govt officials

PTI, Nov 6, 2024, 5:00 PM IST

New Delhi: A cyber security advisory has cautioned government officials against trusting the caller ID information that pops up while receiving a phone call, following a spurt in “vishing” attacks aimed at compromising confidential personal information and gaining unauthorised access to official systems.

“Attackers may impersonate trusted entities, such as senior government officials, law enforcement agencies, or technical support personnel,” the advisory issued recently by the National Informatics Centre (NIC) says.

The severity of the communication has been categorised as “high”.

It has specified that attackers “manipulate” caller ID information to make a call appear as if it is coming from a “legitimate government number”.

The communication sent to multiple government departments and ministries has been accessed by PTI. It says it was issued as “in recent months, there has been an increase in vishing attacks targeting government officials to compromise confidential information and gain unauthorised access to official systems”.

“Vishing” or voice-phishing is a social engineering attack where scamsters use phone calls or voice messages to manipulate individuals to share sensitive information, such as log-in credentials, personal information and financial details.

The attackers also deploy the tactic of conveying a “sense of urgency”, “coercing” targets into revealing information by implying severe consequences for non-compliance and using “complex technical language” to confuse or intimidate targets, making them more likely to comply, the advisory has said.

It has asked government officials to be cautious against such techniques as it has underlined that caller ID information can be “easily spoofed”.

“Do not trust the legitimacy of the caller based solely on the displayed number. Cross-check any caller claiming to represent an official agency with official records,” the communication has advised.

It has also asked officials to mandatorily verify the caller’s identity through government channels before sharing sensitive information.

The advisory has asked them to call back the organisation or individual using publicly available contact information.

Officials, according to the advisory, should always “be suspicious of any unsolicited calls asking for personal or confidential information, especially when the caller is creating urgency or panic to pressure compliance”.

“Take time to verify the information provided by a suspect caller,” the advisory has said.

It has also asked government staffers to practise all established protocols for ensuring safe cyber interaction during work and otherwise.