The Indian Computer Emergency Response Team, Cert-In confirmed, that there is an anticipated threat of a huge phishing attack in India. The agency warned that the latest phishing attack is likely to emulate the government organizations and will be able to purloin personal data that is sensitive, along with other important financial data.
The Indian government issued a notice that “malevolent actors” will be involved in this phishing attack, where they would circulate fake directives related to the coronavirus pandemic. The attack is expected to roll out on June 21. These cyber-attacks would target not only a person but also small and large business companies.
A statement released by CERT said, "The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information."
The attacking team is likely to guise and claim as the financial aid body, that has been started by the government to battle the COVID-19 pandemic. They can request various banking related details and personal information, that can be used by them in the future to perform robbery. According to the advisory, the spiteful attackers possess more than 20 lakh email IDs of individuals.
The advisory mentioned that the cyber attackers, “planning to send emails with the subject free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them to provide personal information." The mail IDs used can easily be mistaken for original government bodies and look quite similar to them. The advisory warned, while conducting the phishing attack, the malicious actors are expected to use an email ID like ‘firstname.lastname@example.org.’
The users have been provided with some tips and guidelines to follow, which has been rolled out by the government agency along with the cyber security team. The agency advised the mobile users to beware of those malicious mails, and shouldn’t download or open any files or URLs within such random email.
The agency also claimed, that even if the users get a mail or the content seems to be authentic, it would be advisable for them to visit the original website and get access to the page.
They also said that the users can look for any kind of spelling mistakes or any non-uniformity in the mails. Most of the phishing mails contain rewards or prizes and requests for personal information. The users should never provide their personal or bank related information attached to those emails.