The Centre has said the attackers may use Covid-19 as a bait to steal personal and financial information. CERT-In says the potential phishing attackers could impersonate government agencies, departments and trade bodies tasked to oversee disbursement of government fiscal aid.
The phishing campaign is expected to start on June 21 with cyber attackers using email IDs such as “firstname.lastname@example.org”.
The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded Covid-19 support initiatives.
“Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” the Indian Computer Emergency Response Team (CERT-In) said in its advisory dated June 19.
CERT-In spelt out a series of steps for users to protect themselves, including not opening attachments in unsolicited emails even if it comes from people in the contact list. It has asked users to encrypt and protect their sensitive documents to avoid potential leakage.
It also urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.
The advisory noted that the “malicious actors” are claiming to have 2 million individual/citizen email IDs and are planning to send email with the subject line: free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information.
“It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities,” it cautioned.