- Massive phishing attack expected to begin from today
- The email will redirect recipients to bogus websites which can steal important information
- The email id could be firstname.lastname@example.org
The government has requested all the people to put up their guard as a massive phishing attack is on its way which could start from today mimicking official communication on COVID-19 pandemic trying to steal the personal data and also financial information.
The phishing attack campaign by the “malicious actors” is expected to begin from 21st June 2020, and the suspicious email id which could be used is “email@example.com”, said the Indian Computer Emergency Response Team (CERT-In). CERT-In comes under the Ministry of Information Technology and works towards safeguarding the people of India from cyber threats.
In a statement, CERT-In said, “The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded COVID-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,”.
Phishing attack comes disguised as trusted entities and try to con people into opening the email or text messages. People, thinking the origin is genuine, click on the link which can lead to installing of malware, system freeze or even theft of sensitive information.
CERT-In tweeted, “CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors.”
CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors. pic.twitter.com/x8WO3TseCM— CERT-In (@IndianCERT) June 20, 2020
The note read, “The malicious actors are claiming to have two million individual/citizen email IDs and are planning to send emails with the subject free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them to provide personal information,”.
CERT-In, in the note, added, “These malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email ID expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as ‘firstname.lastname@example.org’ and the attack campaign is expected to start on June 21, 2020,”.
The note also added the best practices that one should follow in order to protect oneself from any potential phishing attacks.
The cyber-security agency has asked the people to not open any “attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In case of genuine URLs close out the e-mail and go to the organization’s website directly through the browser”.
CERT-In has asked people to report “any unusual activity or attack immediately at ‘email@example.com with the relevant logs, email headers for the analysis of the attacks and taking further appropriate actions”.