The government has warned against a large-scale cyber attack against individuals and businesses, where attackers may use COVID-19 as a bait to steal personal and financial information. India’s cybersecurity nodal agency, CERT-In has issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid.
The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded COVID-19 support initiatives. “Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” Indian Computer Emergency Response Team (CERT-In) said in its latest advisory dated June 19.
The advisory noted that the “malicious actors” are claiming to have 2 million individual/citizen email IDs and are planning to send email with the subject line: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information. It also urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.