Phishing attacks around Aarogya Setu app on the rise, says Cert-In

When recipients click on such messages, they are asked to provide some information, usually personal or financial.

Phishing attacks around Aarogya Setu app on the rise, says Cert-In


India’s cyber security agency CERT-In has issued an alert saying phishing attacks in the name of the government’s contact tracing application – Aarogya Setu -- are spiking as cyber criminals try to take advantage of the pandemic.

The advisory states that “Aarogya Setu app-focused phishing (attacks) have seen a high rise . Scammers impersonate as HR department, CEO, or any other known person and target users by sending messages such as “your neighbour is affected”, “see who all are affected”, “someone who came in contact with you tested positive”, “recommendations to self-isolate”, and “guidelines to use Aarogya Setu”.

When recipients click on such messages, they are asked to provide some information, usually personal or financial.

The most common form of phishing is from websites that impersonate a recipient’s bank or credit card company, hoping to elicit personal financial information.

The advisory, however, did not mention the number of such phishing cases or the rise thereof.

Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution and are lured into providing sensitive data such as banking and credit card details.

The CERT-In or Indian Computer Emergency Response System is a government-mandated information technology (IT) security organisation whose purpose is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.

“New phishing domains are created which are centered around subjects like ‘relief package’, ‘safety tips during corona’, ‘corona testing kit’, ‘corona vaccine’, ‘donation during corona,” the CERT-In advisory said.

Pavan Duggal, one of the top cyber experts in the country, said: “ We don’t have strong laws on cyber security and things like phishing are not directly covered by IT Act. The Act needs to be amended.”

He also added that the Aarogya Setu app isn’t secure enough.