Govt warns against phishing attacks from Sunday, using Covid-19 as bait

The government on Sunday asked people to be alert against a massive phishing attack to steal personal data on the pretext of communications related to Covid-19. The attack could begin on Sunday. The instructions came after the Indian Computer Emergency Response Team (CERT-In) issued an advisory in this regard. 

In it's advisory, CERT-In said that the phishing attack campaign by "malicious actors" is expected to start from June 21, and the suspicious email could be ncov2019@gov.in. In a phishing attack, entities dupe people into opening emails or text messages by making them click on a link leading to installation of malware, system freeze or revealing of sensitive information.

"The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information," CERT-In noted. 

The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded Covid-19 support initiatives.
 

CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors. pic.twitter.com/x8WO3TseCM

— CERT-In (@IndianCERT) June 20, 2020 "Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information," Indian Computer Emergency Response Team (CERT-In) said in its latest advisory dated June 19.

The advisory noted that the "malicious actors" are claiming to have 2 million individual/citizen email IDs and are planning to send an email with the subject line: free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information.

CERT-In has asked users to encrypt and protect their sensitive documents to avoid potential leakage. It also urged people to use anti-virus tools, firewalls, and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.