The Centre has issued a warning on possible phishing attack by “malicious actors” which in the garb of official COVID-19 communication may attempt to steal data of individuals and businesses.
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology which tracks and handles cyber threats, said the attack may start on Sunday (June 21) under the suspicious email id of firstname.lastname@example.org.
“The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government funded COVID-19 initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” said a press release by CERT-In.
The statement said that the phishing campaign may impersonate government agencies, departments and trade associations who have been entrusted with the disbursement of government fiscal aid.
CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors. pic.twitter.com/x8WO3TseCM
— CERT-In (@IndianCERT) June 20, 2020
The ‘malicious actors’ plan to send emails under the subject ‘Free COVID-19’ testing for residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad’ and may individuals to furnish personal data.
Giving a format of the purported mail, the department has warned people not to open the attachments in unsolicited emails and never click on a URL in such e-mails. Asking users not to submit personal information to unknown and unfamiliar websites, the department has also warned them against clicking on phishing URLs providing special offers like winning prize, rewards and cashback offers.
“Consider safe browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall and filtering services,” it said asking individuals to report any attack to email@example.com.