Massive Phishing Attacks Warning: May Imitate Communication Related to COVID-19

The government warns people to beware of a large-scale phishing attack campaign in relation to COVID-19 that might mimic government communications in order to steal crucial personal and financial information. The attack could be targeting Indian individuals and businesses.

The CERT-In advisory has mentioned that the phishing campaign is likely to employ malicious emails under the name of local authorities. They are said to look like being sent by authorities responsible for providing government-funded assistance to COVID-19 initiatives. These emails are intended to drive recipients to fake websites where they are tricked with malicious files or requests to enter personal and financial details.

The malicious hackers claim to have 2 million individual/business email IDs and are intending to send emails with a subject line that states free COVID-19 testing for all residents of Delhi, Hyderabad, Mumbai, Ahmedabad, and Chennai, urging users to provide personal data.

The CERT-In advisory has mentioned that the phishing attack is intended to be crafted to imitate government departments, agencies, and trade groups that have been asked to monitor the disbursement of financial assistance rendered by the government.

Also Read: COVID-19: GSTN Alerts Taxpayer About Fake Messages on GST Refund

The email IDs are intended to look similar to the official government domains, which could easily be mistaken by the users as to be sent by the original ones. The advisory claims that email IDs, such as “ncov2019@gov.in” could be utilised in the phishing campaign.

The government agency accountable for cybersecurity has also set out guidelines for users to keep themselves safe. It mentioned that users should not click on any URL or open attachments sent through an unsolicited email, even when it comes from someone they know. The agency has asked users to close their email and visit the organization’s website directly instead of clicking on the link received in the email.

Users are advised to check the integrity of the URL before providing login credentials. Phishing domains and emails, typically, have spelling or grammatical mistakes, so users can search for the same to remain on the safer side. 

The CERT-In advisory has asked users to not click on phishing URLs which provide exclusive deals, such as winning prizes, bonuses, or cashback offers. The advisory has also informed users to report any suspicious activity or attack at incident@cert-in.org.in with pertinent logs and other information.

For any clarifications/feedback on the topic, please contact the writer at bhavana.pn@cleartax.in.

You May Also Like
Aadhaar Update

UIDAI Introduces a New Service—“Order Aadhaar Card”

UIDAI has launched “Order Aadhaar Card” service. With the help of this…

Cryptocurrency and Income Tax in India

Regulations on cryptocurrencies are different in different countries across the globe. Even…

Role of Technology in the Era of COVID-19 Pandemic

Technology will not be able to avoid the onset of a pandemic;…

Everything You Need to Know About Aarogya Setu e-Pass

The Aarogya Setu e-Pass has been launched for emergency purposes and to…