To steal personal data (such as bank account details- debit/credit card information) of Individuals and Businesses across the country, from 21st June 2020, a large-scale Phishing attack has been planned by malicious actors. This information asking the citizens to be cautious was issued by the Nodal agency responsible to deal with cyber-attack threats in the country- The Indian Computer Emergency Response Team (CERT-In) of the Ministry of Electronics and Information Technology has said.

How you could be targeted?

Indian Citizens will be targeted through malicious ‘Emails’. These emails are likely to use COVID-19 as Bait by using details of local government authorities (details such as logo, name, etc of government officers or departments those who are in-charge for various COVID-19 initiatives of the government) for making it look Authentic. Large-Scale Phishing Attack using COVID-19 as Bait alerts CERT-In

The email will contain an external link that will drive the recipients of the email to some fake websites designed in such a way that the website may install a malicious file without the consent of the recipient of the email or may ask for entering personal or financial details on the pretext of raising fund for some government initiative.

As per the alert issued by CERT-IN: The Emails that will be sent might have a subject –‘Free COVID-19 testing for all residents’. The attackers could use various fake Email Accounts such as ‘ncov2019@gov.in’.

What you can do if you receive malicious email

  • Don’t open attachments in uninvited emails, even if they come from people in your contact list and never click on a URL contained in an unsolicited email, even if the link seems benign. If it seems a genuine URL, close the email and go to the organisation’s website directly through the browser and check if such information is given there.
  • Check the uprightness of URLs before providing logging credentials or clicking a link.
  • Don’t submit personal information to unknown and unfamiliar websites.
  • Any unusual activity or attack should be reported immediately at @cert-in.org.in Large-Scale Phishing Attack using COVID-19 as Bait alerts CERT-In