A possibility of cyber attack on a large scale, warns the government, amid COVID-19. The individuals and businesses will be attacked by attackers- “Phishing”, using COvID-19 as a bait in order to obtain financial and personal information.
CERt-In, an agency of India’s cybersecurity issued an advisory warning regarding possible phishing attackers impersonating bodies involved to see the disbursement of government fiscal aid. These bodies include trade bodies, government agencies, and departments.
It further said that it is expected that the phishing campaign will start from June 21, 2020. In these phishing attacks, cybercriminals will be using Ids like “firstname.lastname@example.org”.
It is expected that attackers may send malicious emails declaring them as emails from local authorities who are in charge of dispensing government-funded COVID-19 support initiatives.
“Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” Indian Computer Emergency Response Team said in its latest advisory dated June 19.
Around 2 million email Ids of citizens or individuals are with these “malicious actors”, noted the advisory. It further noted that these cybercriminals are planning to send emails with subject lines – free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information.
“It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities,” it cautioned.
In its advisory, CERT-In outlined several steps about ways in which users can protect themselves. The outline suggested the non-opening of attachments in emails that are unsolicited even if it comes from people in the contact list.
It further requested users to protect and encrypt all sensitive documents in order to avoid any possible leakage.
Use anti-virus tools, firewalls, and filtering services urged the advisory further. It also urged users to ensure reporting of any suspicious activity or an attack, immediately to CERT-In.