Himachal Government website hacked: Fake Relief Fund Page Exposes Critical Cybersecurity Lessons

Fresh off the headlines — in a recent cyberattack, the official website of the Himachal Pradesh Department of Industries was hacked. You won't believe, attackers replaced part of this website with a fake donation page for the relief fund of Chief Minister of Himachal Pradesh. The page displayed a QR code and a bank account number for payments. So, what was the motive? Don't you think, hackers aimed to solicit public's money and damage the reputation of both the Himachal Pradesh Government and Department of Industries? Well, according to PTI news service, the Additional director of the Department of Industries of Himachal Pradesh Government, Tilak Raj Sharma also suspected this motive and confirmed it in his complaint statement.

At last — the hack was exposed!

Tilak Raj Sharma gave his statement — the hack was uncovered by a member of the EY team, who is currently working with the department. At the time of reviewing the site, he suddenly noticed an unusual page that appeared to be quite suspicious! He decided to take the investigation further — So, would you also have taken this step if you saw something suspicious?

There was a QR code linked to a bank account in the name of Purav Maan. To authenticate the scam, the EY team member transferred just ₹1 to the displayed QR code for further verifying the account holder's details and UPI ID. As suspected— the page turned out to be fraudulent.

Rapid Action Makes all the Difference!

The moment the cyberattack came to light, the clock started ticking— each passing second meant another victim could fall into this kind of trap. But the State Data Centre Team didn't think twice before taking swift action disabled the website and restored it back next day after adding fresh security layers. But if they had taken a bit longer time, the fake page might have drained more money, destroyed public trust.

As per the highlights of PTI news service: Though the hacker has not yet been identified, to continue with the investigation further, Himachal Pradesh police have registered a case under:

• Section 318(4) (cheating) of the Bharatiya Nyaya Sanhita (BNS) 2023
• Section 66(C) (identity theft) of the Information Technology Act, 2000

Now, time for some lessons!

1. Remember, official portals also be exploited if intrusion detection and patching are not prioritized. So, do not always trust the sites you think are truly secure!
2. Don't forget to double check before donating to what looks like an official relief fund. No matter, hackers leverage public trust in government cause to steal money.
3. Incident response should have the top-most priority. So, in this kind of situation, rapid shutdown of the site can help you to prevent further destruction or damage.
4. Do you remember when was the last time you verified a payment link before sending money? So, always remember to confirm any fraudulent intent by implementing ₹1 test transaction.

So, the final wake up call: Attackers are not slowing down anyhow— and they don't even need enough time to cause damage. One unverified payment, one weak link or one overlooked notification is all it takes. So, next time, if you come across any payment link or QR code, even on a trusted site — stop, think, verify and then take the further step!