Massive phishing attack to steal personal, financial data by ‘malicious actors’ expected today: Centre

Rep Image Photo : Getty Images


The Centre has asked people to be alert against a major phishing attack that could steal personal data and financial information imitating official communication on Coronavirus pandemic.

The Indian Computer Emergency Response Team (CERT-In) which works under the Information Technology Ministry to protect citizens from cyber threats, tweeted, “The phishing attack campaign by “malicious actors” is expected to start from June 21 and the suspicious email could be ncov2019@gov.in.”

Under the garb of some trusted body these phishing attacks are conducted.  They trick people into opening emails or text messages and by mistake click a malicious link, which can lead to installation of malware, system freeze or revealing of sensitive information.

CERT-In said in a statement, “The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded COVID-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.”

“…The malicious actors are claiming to have two million individual/citizen email IDs and are planning to send emails with the subject free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them to provide personal information,” it added.

According to CERT-In these malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email ID expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as ‘ncov2019@gov.in’ and the attack campaign is expected to start on June 21, 2020.

The cyber security agency has asked people not to open uninvited email attachments, even if they come from people in their contacts list. It said they shouldn’t click on URLs in an unsolicited email, even if the link seems benign.

Any unusual activity or attack should be reported immediately at incident@cert-in.org.in with logs and email headers for analysis of the attacks and for taking action.