CERT-In has issued a warning to individuals citizens of India, as well as to small, medium and large scale enterprises about a massive cyberattack by malicious actors. The Indian Computer Emergency Response Team, Ministry of Electronics & Information Technology, Government of India says that the phishing campaign is expected to use malicious emails in the garb of local authorities in-charge of dispensing government-funded COVID-19 support initiatives.
The emails have been designed to trick users into either downloading spam files or take them to dubious websites where they will be asked to enter their personal details. “The malicious actors are claiming to have 2 million individual/citizen email IDs and are planning to send emails with the subject: free COVID-19 testing for all citizens of Delhi, Mumbai, Hyderabad, Chennai, and Ahmadabad inciting them to provide personal information,” says CERT-In.
Tips by CERT-In to Protect Individuals and Enterprises from Cyberattacks
CERT-In says that imbibing the following best practices can protect individuals and businesses from cyber attacks:
- Do not open attachments or click on URLs in unsolicited emails even if it is from known contacts.
- Encrypting and protecting private information in Internet-enabled devices should be done.
- Scan for and remove suspicious email attachments. The scanned attachment should be the true file type.
- Beware of phishing domain, spelling errors in emails, websites and unfamiliar senders.
- Checking the integrity of websites and its URLs before providing login credentials or clicking the link.
- Beware of emails from firstname.lastname@example.org.
- Avoid opening emails that mention cashback offers, prizes and rewards unless it is from a known and safe website.
- Submitting personal information to unknown websites must be avoided at all costs.
- Any unusual or suspicious activity must be immediately reported to email@example.com with the relevant logs and email headers.