The headlines have become increasingly alarming.
Young professionals losing tens of thousands of rupees; retired folk losing life savings, all to criminals who drew them in with the promise of a quick buck.These days, cyber security or information securityis widely regarded as one of the core elements of Information Technology, to maintain confidentiality and integrity of netizens personal data.These measures include user awareness campaigns, robust security measures etc.
Every year, tech firms spend tens of millions of dollars to implement safeguards and protect information of users.
Theres a reason why certain computers and phones have gone on to have protection systems such as fingerprint recognition, fa-cial recognition etc.
But like nature, crime too finds a way.
Welcome tosocial engineering.
Simply put, it refers to tactics deployed by online crooks to steal personal data and it includes creating curiosity, fear or a sense of urgency.
Remember the MSEDCL scam? Pay your bill now or youll lose electricity, the message reads.
Before you know it, your money is gone.A recent scam involving tasks, which targeted many IT workers, is another example.
Victims were asked to perform minor tasks for money.
But the scamsters also asked these people to deposit small fees to get started.
Initially, the victims received payments for the tasks, which helped build trust.
They went on to wire the crooks more cash.
By the time many realised it was a scam, they had lost substantialsums.
One of the main reasons why task fraud found so many victims was remote work.
Thousands of techies found themselves working from home, with time to spare for a side gig.
Some decided to moonlight start a mostly secret second job to earn more.
These employees joined online forums and communities that ultimately led them to malicious actors, who understood the workers were eager to earn and in many cases, ignorant.
These actors set up traps, lures and suffocating situations.
The moonlighting workers found themselves being dragged deeper into a scam, unable to quit.Now, many companies have incorporated cyber security awareness as one of the focal points in employee training.
But of late, cyber training has shifted from genuine awareness sessions to the completion of mundane and mandatory tasks that employees are forced to complete.
This has led to ignorance instead of cognizance of social engineer-ing techniques.
And as a result, we have highly skilled corporate employees losing lakhs of rupees to online crooks.AI is likely to worsen this problem, giving malicious actors new ways to heighten curiosity and anxiety.
Imagine receiving a fake call in a loved ones voice, asking for money.
Imagine a deepfake video of yourself on social media.
The governments efforts to increase cyber awareness has only reached skilled professionals and seems to be missing regular day-to-day users.
We need to find effective ways to reach out to the majority.
Because if we dont, the internet could become a sticky web for the gullible.The writer is an information security analyst