Major phishing attack likely under garb of free coronavirus testing, warns Govt
As per CERT, one should not open or click on attachments in unsolicited emails, SMS, or messages on social media.
Indian Computer Emergency Response Team (CERT), a national nodal agency that comes under the purview of the Ministry of Electronics and Information Technology has issued an advisory dated June 19, 2020.
The advisory is in light of reports that "malicious actors are planning a large-scale phishing attack campaign against Indian individuals and businesses". On its official website, CERT goes further to state that the phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives.
This is being done "to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information", CERT says.
- A phishing campaign is expected to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of financial aid
- Spoofed email ID which could be used for the phishing email is expected to be email@example.com
- Phishing email subject line: Free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad
- The malicious group claims to have two million individual email addresses and the attack campaign is expected to start by June 21
As per CERT, one should not open or click on attachments in unsolicited emails, SMS, or messages on social media. The body clarifies that caution must be exercised even while opening attachments sent by a known person.
It is important to look out for suspicious email addresses, spelling errors in emails, websites, and unfamiliar e-mail senders. The officials at CERT advise users not to submit any personal financial details on unfamiliar/unknown websites or links.
One must beware of emails, links providing special offers like free Covid-19 testing, government aid, prizes, rewards, cashback offers etc
In case one comes across any such suspicious email, website or link, CERT can be made aware of the same at firstname.lastname@example.org