The Indian Computer Emergency Response Team (CERT-In) has issued an advisory to warn citizens about a large-scale phishing attack that could imitate government-funded Covid-19 support initiatives and offer free coronavirus testing.
The phishing campaign, expected to have begun on June 21, is likely to impersonate agencies, departments and trade associations overseeing the disbursement of government fiscal aid, the country’s nodal agency for cybersecurity said in a statement.
Malicious actors may send emails with the subject “free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad”, using IDs such as “firstname.lastname@example.org”, the statement said, adding that the cybercriminals are believed to have over two million receipient email IDs.
“Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” it said.
To be sure, phishing attacks attempt to obtain personal information such as passwords and credit card details via emails or messages by posing as a trustworthy entity.
Search giant Google recently detected 18 million malware and phishing Gmail messages related to Covid-19 everyday.
In fact, Covid-19 themed phishing attacks increased 667% by the end of March alone, according to US cloud security firm Barracuda Networks. The attacks used a myriad of methods from email scams to brand impersonation attacks to blackmailing and business email compromise, it said.