CERT-In warns of phishing campaign against citizens, businesses

Attackers likely to use COVID-19 as bait while impersonating govt. authorities to deceive users

June 22, 2020 03:20 am | Updated 03:20 am IST

Image for representaion purpose only.

Image for representaion purpose only.

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning of a large-scale phishing campaign against Indian citizens and businesses aimed at stealing their personal and financial information.

In the advisory, issued late of Saturday, the country’s nodal agency for cybersecurity said the attackers were likely to use COVID-19 as bait while impersonating government authorities to deceive users into divulging information or downloading malicious files.

“It has been reported that malicious actors are planning a large-scale phishing attack campaign against Indian individuals and businesses [small, medium and large enterprises]. The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded COVID-19 support initiatives,” the advisory said.

Fake websites

It added that such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.

CERT-In said the phishing campaign is expected to be designed to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government fiscal aid.

Watch | Cyberthreats during the COVID-19 pandemic

“The malicious actors are claiming to have 2 million individual/citizen email IDs and are planning to send emails with subject: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, enticing them to provide personal information,” it cautioned.

Further, the agency said these malicious actors were planning to spoof or create fake email IDs impersonating various authorities. “The email ID expected to be used for the phishing campaign is expected to be from email such as “ncov2019@gov.in” and the campaign is expected to start on June 21, 2020.”

CERT-In has advised that citizens do not open attachments in unsolicited emails even if they come from people in their contact list. “...never click on a URL contained in the unsolicited email even if the link seems benign. In case of genuine URLs, close the email and go to the organisation’s website directly through the browser.”

Spelling errors

In addition, it has asked users to beware of spelling errors in emails and websites, to not submit personal information to unknown and unfamiliar websites, to not click URLs providing special offers like winning prize, rewards or cashback offers, among other things and to encrypt and protect their sensitive document to avoid potential leakage.

It also urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.