The Ministry of Home Affairs (MHA) has issued guidelines for government employees to protect them from honey trap and social engineering attacks that aim to extract sensitive information from them. The guidelines cover various aspects of cybersecurity, such as reporting suspicious contacts, avoiding unknown dating sites, and following standard operating procedures.
What is honey trapping?
Honey trapping is a technique used by malicious actors to lure a target into a romantic or sexual relationship and then exploit them for information or blackmail. Honey trapping can be done through online platforms, such as social media, dating sites, or video calls, or through physical meetings in isolated places.
How prevalent are honey trap cases in India?
According to media reports, honey trap cases have been on the rise in India, especially targeting government officials and defence personnel. In 2023, a Defence Research and Development Organisation (DRDO) official was arrested by the Maharashtra police for allegedly sharing secrets with Pakistan-based intelligence operatives in a suspected case of honey trapping. The MHA also warned of malware-laden emails disguised as recommendations on how to prevent honey trapping.
What are the MHA’s guidelines for government employees?
The MHA issued internal guidelines in January 2024, outlining standard operating procedures for government officials in dealing with cybersecurity incidents . The guidelines advise officials to:
- Be wary of individuals who show excessive interest in their personal or professional lives or who ask for sensitive information.
- Inform their superior officers if an unknown person tries to contact them through WhatsApp, Telegram, Facebook, LinkedIn, or other social media platforms.
- Stay away from unknown dating sites and not meet any unknown or little-known person in any shady or lonely places like hotel rooms.
- Not engage in video calls from unknown numbers on social media platforms and not share any personal or official information or documents through such platforms.
- Follow the National Information Security Policy and Guidelines (NISPG) 2019, which are being updated and finalized to incorporate measures for strengthening network and infrastructure security, physical security, application security, data security, personnel security, threat and vulnerability management, security and incident management, and identity, access, and privilege management.
The MHA’s guidelines are aimed at enhancing the cybersecurity awareness and preparedness of government employees and preventing any compromise of national security.