Large-Scale Phishing Attacks Using Covid-19 As Bait, Govt Warns
New Delhi: The government has warned of a major upcoming phishing attack which promises free Covid-19 testing across India. A large-scale cyberattack has been planned by cyber crooks where they may use Covid-19 as bait to steal personal and financial information.
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies. It stated, “Phishing campaign is expected to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government fiscal aid.”
It further said, “Spoofed email ID which could be used for the phishing email is expected to be email@example.com.”
The CERT-In warning advisory added that there would be a phishing email subject line like free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad.
“The malicious group claims to have 2 million individual email addresses and the attack campaign is expected to start on June 21,” the Indian government stated.
“Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” CERT-In said in the latest advisory dated June 19.
“It has been reported that these malicious actors are planning to spoof or create fake email Ids impersonating various authorities,” it cautioned.
CERT-In, in its advisory, outlined a list of steps for users to protect themselves, including not opening attachments in unsolicited emails even if it comes from people who are in the contact list.
It has asked users to encrypt and protect their sensitive document to avoid potential leakage. It also urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.
The government also issued preventive measures where it stated that not to open or click on the attachment in an unsolicited email, SMS or messages through social media. It further directed to exercise caution in opening attachments, even if the sender appears to be known.
“Beware of email addresses, spelling errors in emails, websites and unfamiliar email senders,” stated the advisory, warning every citizen not to submit personal financial details on unfamiliar or unknown websites or links.
“Beware of emails, links providing special offers like Covid-19 testing, aid, winning prize, rewards, cashback offers,” the government advisory stated.