New Delhi, June 22: Following the Australia government faced massive cyberattack, India's cybersecurity agency - Indian Computer Emergency Response Team (CERT-In) warned the people against Chinese malicious actors who are planning for massive large-scale "Phishing Attack" using Covid-19 as bait against Indian individuals and businesses.
The CERT-In in its advisory stated that such an activity was going to be carried out under the garb of spreading 'COVID initiatives' impersonating government agencies and departments. It underscores that malicious actors involved have claimed to have access to over 2 million email IDs and intend to send emails with the subject lines making mention of free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad using email IDs such as "[email protected]
The emails are expected to be designed in such a way, that lured by the bait, once the recipient opens them, they shall be redirected to fake websites where they shall be deceived into downloading malicious files on entering personal and financial information. The CERT-In in its advisory stated that they could steal all your data, including bank account and debit or credit card details.
They have asked users to encrypt and protect their sensitive documents to avoid potential leakage. It also urged people to use anti-virus tools, firewalls, and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.
The advisory has come after many countries such as Japan, Vietnam, and the latest Australia, have witnessed such types of cyber-attacks in their country. According to the Australian Strategic Policy Institute, the cyberattacks were “95% or more” likely to have been launched from China based on their massive scale and intensity.
What is Phishing?
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. Phishing is a cyber-attack where the attacker sends you a modified web page which looks like an authentic service, but it is not authentic, you feed your data in the form. It's one of the oldest types of cyberattacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated.