On June 19, 2020, the Indian Computer Emergency Response Team (CERT-In) issued an advisory reportedly warning against a large-scale phishing campaign against Indian citizens and business enterprises. According to CERT-In, the attackers are expected to use COVID-19 as enticement while masquerading as central government agencies.

This phishing attack intends to trick the users into downloading malicious files or steal personal and financial information through fake websites. The nation’s nodal agency for cybersecurity has reported that the phishing attack is likely to use spoofed/deceptive emails under the disguise of local administration, authorized for providing COVID-19 support by the Central Government.

Phishing Email Subject and Contents

As per the advisory issued, the attackers claim to have around two million citizen email IDs. The attackers intend to send emails with the subject:

Free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad.

The purpose behind such emails is to push the recipients towards bogus websites to trick them into malicious downloads or sharing personal and financial information.

CERT-In has reported that these malicious actors are likely to use ncov2019@gov.in as the email for the phishing campaign. The attack campaign is expected to begin from June 21, 2020. At the time of publication of this article, there is a definite chance that you might received a phishing email of this type.

Recommended Best Practices

• Do not open attachments in unsolicited emails, even if they appear to come from one of your contacts.
• Never click on links contained in such unsolicited emails.
• Even for the emails that seem to come from genuine organizations, directly visit the website of those organizations.
• Use encryption or protect sensitive documents to prevent data leakage.
• Exercise caution even when you are expecting an email.
• Block the following file attachments:
  • .exe
  • .pif
  • .tmp
  • .url
  • .vb
  • .vbe
  • .scr
  • .reg
  • .cer
  • .pst
  • .cmd
  • .com
  • .bat
  • .dll
  • .dat
  • .hlp
  • .hta
  • .js
  • .wf
• Closely check the domains you are visiting for spelling errors.
• Check the URLs before entering your credentials.
• Do not click or open the links in phishing emails that provide special offers like winning prize, rewards, and cashback offers.
• Use anti-virus/anti-malware tool on your computer system along with content-based filtering.
• Update your spam filters with latest spam email contents.

What should you do if you receive such phishing emails?

Report such emails immediately at incident@cert-in.org.in along with email headers and logs so that CERT-In can analyze the email contents and take appropriate actions. Through phone, CERT-In can be reached at +91-11-24368572.

Featured Image Credits: Technology vector created by freepik – www.freepik.com