Cert-In on 19th June issued an advisory, warning citizen of a large-scale phishing attack, via emails, which promise free treatment for Covid-19. Fake emails lure individuals to fake websites where their personal and financial is sought or they may be asked to download some files containing malware. The stagers of the attack seem to have access to data base of more than 2 million citizen records and the attack campaign is expected to start from 21st June.
The number of email scams and phishing attacks have seen an exponential rise since the Covid-19 Pandemic. Malicious individuals, are using the Covid-19 scarce as an opportunity to advance their own interests and small businesses, remote workers etc. Have been at the receiving end of the spectrum. A report by BBC stated the incident of cyberattacks has been increased by 30,000% since Jan. More than 1,00,000 domains have been registered since the pandemic started. The new registered domains in general have corona themed content such as information on masks, Kit, government schemes and relief.
This particular phishing campaign is, speculated to try and impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government fiscal aid. Small business who lack awareness against such attacks are particularly vulnerable. A Spoofed Email ID which could be used for the phishing email is expected to be email@example.com Phishing E-mail Subject Line: Free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad.
Cert-In has issued advisory to prevent any cyber-attacks. The advisory has mentioned a list of dos and don’ts for the citizens:-
- Don’t open or click on attachment in unsolicited E-mail, SMS or messages through Social Media
- Exercise caution in opening attachments, even if the sender appears to be known
- Beware of e-mail addresses, spelling errors in e-mails, websites and unfamiliar e-mail senders
- Do not submit personal financial details on unfamiliar or unknown websites / links
- Beware of e-mails, links providing special offers like Covid-19 testing, Aid, Winning prize, Rewards, Cashback offers
While the mentioned guidelines indicate preventive measures that can safeguard citizens, identifying and reporting such domains is equally important. Identifying and reporting such domains will enable them to being flagged by email service providers and removing them from the internet.
To facilitate in the process of reporting Safehats has under its community yellow page initiative has launched a program “SPOOF- Spot the Fake” for reporting spoof mail id and domains, where in any one can report a Spoof mail id or domain and Safehats will take the responsibility of Coordinating with Cert-In to get the ID flagged across all email service providers and report to Certin to get the domain manned.
The Initiative by Safehats is driven by the zeal to keep the Internet Safe for all.
Please visit the Link to report any Spoof Mail You have discovered.