The government has cautioned people against a phishing attack that is expected to use malicious emails under the pretext of “local authorities in charge of dispensing government-funded COVID-19 support initiatives.”
A statement released by the Indian Computer Emergency Response Team (CERT-In) mentioned that the attack campaign is expected to start on Sunday, 21 June and the email id to be used for this attack could be firstname.lastname@example.org.
The CERT-In statement further mentioned, “Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.”
"...The malicious actors are claiming to have two million individual/citizen email IDs and are planning to send emails with the subject free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them to provide personal information," it added.
The agency also listed a few practices for the public to help them from the attack campaign. These include not clicking on the URL contained in an unsolicited e-mail, even if the link seems benign.
It further urged people to exercise caution in opening attachments even if the sender is known. The statement mentioned that people should immediately report any unusual activity or attack at email@example.com with logs and email headers for analysis of the attacks and for taking further appropriate actions.