CERT-In has warned people to guard against a massive phishing attack
New Delhi:
The government has asked people to guard against a massive phishing attack that could mimic official communication on the COVID-19 pandemic to steal personal and financial information.
The campaign of phishing attacks by “malicious actors” should start today, and the suspicious email could be [email protected], the Indian computer emergency response team or CERT-In tweeted. The CERT-In of the Ministry of Information Technology works to protect the Indians against cyber threats.
“The phishing campaign should use malicious e-mail under the pretext of the local authorities responsible for delivering government-funded COVID-19 support initiatives. These emails are designed to trick recipients into fake websites where they are tricked into downloading malicious files or entering personal information. and financial information, “said CERT-In in a statement.
Phishing attacks are disguised as trusted entities and trick people into opening emails or text messages. Users are then clicked on a malicious link, which can lead to the installation of malware, system freezes, or the disclosure of sensitive information.
CERT-In published a notice on the campaign of phishing attacks linked to COVID 19 by malicious actors. pic.twitter.com/x8WO3TseCM
– CERT entry (@IndianCERT) June 20, 2020
“… The malicious actors claim to have two million individual / citizen electronic identifiers and plan to send emails with the COVID-19 test free for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, prompting to provide personal information, “he added.
“… These malicious actors plan to spoof or create false email identifiers that impersonate various authorities. The email identifier that should be used for the phishing campaign against Indian individuals and businesses should come from an email such as’[email protected] “and the attack campaign is expected to start on June 21, 2020,” he added.
The cybersecurity agency said people shouldn’t open attachments in unsolicited emails, even if they come from people on their contact list. He said that they shouldn’t click on URLs in an unsolicited email, even if the link looks benign.
Any unusual activity or attack should be reported immediately to [email protected] with logs and email headers for analysis of the attacks and for taking action.
