A big scam has happened with Zerodha founder and CEO Nitin Kamat. He has shared his entire experience on microblogging website X. Another interesting thing is that he has called X as Twitter. Most people still call X Twitter.
Zeroddha founder became victim of phishing
Nitin Kamat has written on X that his Twitter account was hacked. The reason for this was a phishing scam, because they accidentally opened an email that was sent by scammers.
Kamat wrote on X, ‘My personal Twitter account was hacked yesterday. There was a slight mistake and an email bypassed the spam and phishing filters and landed in my inbox. I clicked on the Change Your Password link and entered my password. The attackers got a single login session of my account and then also made some scam tweets related to cryptocurrency.
Automated hacking through AI?
Nitin Kamat further says, ‘I had enabled two factor authentication in my account, so luckily the scammers could not take complete control of my account. This whole matter seemed to be AI automated, not personal.
Zerodha founder has also said that two factor authentication is very important, but it is not a technical solution for human psychology. Due to a small mistake the account can be hacked. He has also shared a screenshot in which an email related to unusual login on X is visible.
How do scammers do phishing scams?
Most hacking in the world is actually done through phishing, because it is easy. The target of scammers is only to get the users to click on the link sent by them. Scammers are taking the help of AI to get links clicked.
Some important looking mails like warning or strike come to your email. At first glance these mails appear genuine. Actually, there is some text written here which makes you feel that if you do not click on it, your account will be hacked or scammed.
Users open such emails. Phishing links are designed in such a way that when opened, they look exactly like the real website. Same thing happened with Nitin Kamat. Through a user interface that looked like X, the password of
AI angle in hacking, are bots hacking?
From what Kamat posted, it became clear that the attack did not appear to be very targeted, but was a large-scale automated phishing nexus that was sending very real-looking emails. He wrote that the email passed all the spam and phishing filters and so he clicked on the ‘Change Your Password’ link, and that one click was enough.
The impact of this cyber attack may have been small, but the lesson is big. The attackers posted some crypto-scam links using that single-login session, i.e. tried to cause harm, but Kamat was saved due to Two Factor Authentication (2FA).
Recent phishing campaigns often use AI-generated persuasive text and cloned UI (such as a page that looks like an
Now what should be done for common users and companies?
- Keep 2FA on, but basic precautions are necessary with this. 2FA avoided major losses in Kamat’s case.
- Trust email filters, but don’t trust them completely: Filters can also miss them, so check any mail with ‘Change your password’, ‘urgent’ or ‘strike’ on a separate device or directly by visiting the service’s website. Avoid clicking on the link directly.
- Employees and their own training: Cyber security is not just the responsibility of IT, every user should be given regular cyber-hypothetical training so that the ‘human factor’ does not become weak. Kamat also said that process, policy and human psychology have to be kept in mind.
- Monitor automated scam patterns: Add real-time alerting and limiting to accounts that suddenly start posting crypto-links or spam to prevent such posts.
—- End —-
