Kamath stated that the incident occurred when he clicked on a phishing email early in the morning while using his personal device at home. The email successfully bypassed spam and phishing filters and included a “Change Your Password” link.
Upon clicking the link and entering his credentials, the attackers were able to access a single login session.
He stated that the breach allowed the attackers to tweet a few scam cryptocurrency links. Fortunately, Kamath had two-factor authentication (2FA) enabled, which prevented a full takeover of the account.
The attackers gained access only to the session created through the phishing attempt. He added that the entire attack appeared to be AI-automated and not targeted or personal in nature.In his post, Kamath reflected on the broader implications of the incident, emphasising the importance of human factors in cybersecurity.“Goes on to show that no matter how careful we are, all it takes is one slip of the mind,” he wrote. He pointed out that while technical cybersecurity measures like 2FA are essential, they do not address the psychological vulnerabilities that often serve as the entry points for attackers.
Kamath stressed the need for cybersecurity frameworks within organisations and governments to adopt a holistic approach, addressing both technical and human vulnerabilities.
“This is why it is so important for cybersecurity frameworks within organisations and governments to be holistic and not fixate on technical solutions,” he noted.
Also read: Nestle India Q2 Results: Cons PAT declines 17% YoY to Rs 743 crore, but revenue rises 11%
He concluded by acknowledging the efforts made at Zerodha to raise awareness and implement policies and systems to address cybersecurity threats. However, he admitted that despite these measures, one minor lapse in judgment was enough to compromise his account.
(Disclaimer: Recommendations, suggestions, views and opinions given by the experts are their own. These do not represent the views of The Economic Times)