Google warns that hackers are using fraudulent apps and voice calls to steal users' private information and commit cyber fraud. Vigilance is the key to prevention.
The challenge of digital security is constantly increasing. Recently, Google's Threat Intelligence team issued a serious warning about hackers using fraudulent apps and social engineering techniques to trap users and steal their personal information. In this new scheme, hackers are using fake business apps to steal user data and attempt to access bank accounts. Understanding this threat and remaining vigilant is crucial for every internet user.
Google's Threat Team Reveals: New Hacker Group UNC6040
Google's team has identified a new hacker group, UNC6040, targeting users through fake Salesforce apps. Salesforce is a cloud-based business platform used by large companies worldwide to manage their critical data. The UNC6040 group has misused this trusted platform's name to create a fraudulent data loader app that users install on their phones or computers.
This app allows hackers to steal sensitive user information, such as login credentials, banking details, and other private data. This information is then used for cybercrimes, including bank fraud and account hacking.
The Growing Threat of Voice Phishing and Social Engineering
Google's report also indicates that hackers are no longer limited to fraudulent apps; they are also using voice calls to deceive people. This is known as voice phishing. In this method, criminals call users, posing as company employees or official agents, to convince them to install fake apps on their systems or provide sensitive information.
This method is highly sophisticated and dangerous, as many users, including employees of large companies, fall victim to this trap. Fraudsters modify their pages to look like official Salesforce setup pages, leading users to unknowingly install the app on their devices.
Salesforce Issues a Warning
Salesforce issued a warning about this threat in a March blog post. The company advised its customers to be vigilant and avoid fraudulent data loader apps and voice phishing attacks. They specifically urged users to immediately reject any suspicious calls or apps and download software only from official platforms.
Google's Security Advice: Key Considerations
Google advises users to follow some crucial precautions to avoid cyber fraud:
- Do not trust calls or messages from unknown numbers: If you receive a call from an unknown number and they ask for any personal information, hang up immediately. No legitimate organization will ask for passwords or banking details over a phone call.
- Avoid downloading fraudulent apps: Only download apps from the Google Play Store or Apple App Store. Do not install apps from suspicious websites or links.
- Be cautious when clicking links: Do not click on any links in emails, SMS messages, or social media without checking, especially those offering tempting rewards or investment opportunities.
- Keep software updated: Regularly update the software on your mobile phone, laptop, and other devices to ensure that the latest security technologies are implemented.
- Use two-factor authentication (2FA): Enable 2FA on your accounts whenever possible to enhance security.
- Install only necessary apps on personal devices: Avoid installing unnecessary apps and regularly clean your device.
How Cybercriminals Exploit Vulnerabilities
Cybercriminals typically employ social engineering techniques. They exploit people's vulnerabilities to build trust. For example, they might make calls or send messages that appear official, creating a sense of urgency. They then persuade users to install fraudulent apps or click on malicious links.
Additionally, they lure users with rewards or free services. Once a user's device is compromised, their data is stolen and used to inflict financial harm.
Why Digital Awareness is Essential
In countries like India, where internet usage is rapidly increasing, cyber security awareness is crucial. Millions of people use online banking, shopping, and social media daily. Cyber fraud resulting from even minor mistakes poses a significant risk.
The government and tech companies are continuously running awareness campaigns, but real change will only come when users become vigilant themselves. Digital security is not limited to technical measures; caution and vigilance are equally important.
The Role of Government and Companies in Preventing Cyber Fraud
The government has taken several steps to combat cybercrime. Cyber police and the National Cyber Security Centre (NCSC) constantly monitor cyberattacks. Google, Microsoft, and other major tech companies are also launching new tools and protocols to protect their users.
However, new methods like fraudulent apps and voice phishing are constantly emerging. Therefore, companies must keep their security policies updated and regularly alert users.
How to Stay Safe?
Given the increasing threats on the internet, every user should keep the following in mind:
- Do not take hasty action on any call, message, or email.
- Do not download software from anywhere other than the official website or app.
- Do not share your passwords and sensitive information.
- Never open suspicious links or attachments.
- Regularly check the security settings of your devices and accounts.
