Several government offices, including Defence Ministry officials, were targeted on June 9 by a malicious web link sent on WhatsApp and SMS, asking them to update their vaccination status.
The message asked officials to click on www.covid19india.in to generate a digital certificate of COVID-19 inoculation.
The SMS, signed with an abbreviation “MoHFW”, that expands to the Ministry of Health and Family Welfare said, “as per directives of MoHFW, Confirm your COVID status on https://covid19india.in and generate your vaccination certificate”.
An official said that when he clicked on the link, it directed to a page “@gov.in” that resembled the government website mygov.in, and asked to key in the official e-mail and password.
An e-mail received by a Defence Ministry official said that as part of an awareness drive regarding “post vaccination measures to be followed by armed forces” a questionnaire was required to be filled and a Google drive link was shared. Some officials even received phone calls where the caller said he was calling from an Army Hospital and the official need to update the vaccination status on a link being sent on WhatsApp.
The officials were sensitised to not click on the link as it appeared to be a phishing attempt to access their official e-mails and correspondence. A considerable part of government offices are still working from home owing to COVID-19 restrictions.
The government had informed the Rajya Sabha in March that a total of 110, 54 and 59 websites of Central Ministries, Departments and State governments had been hacked in 2018, 2019 and 2020, respectively.