New Delhi, June 21: The government has warned against a large-scale cyber attack against individuals and businesses, where attackers may use COVID-19 as a bait to steal personal and financial information.
India's cybersecurity nodal agency, CERT-In has issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments, and trade bodies that have been tasked to oversee the disbursement of government fiscal aid.
The phishing campaign is expected to start on 21 June 2020 with cyber attackers using email IDs such as "email@example.com", it added.
The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded COVID-19 support initiatives.
"Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information," Indian Computer Emergency Response Team (CERT-In) said in its latest advisory dated 19 June.
The advisory noted that the "malicious actors" are claiming to have 2 million individual/citizen email IDs and are planning to send an email with the subject line: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information.
"It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities," it cautioned.
CERT-In, in its advisory, outlined a list of steps for users to protect themselves, including not opening attachments in unsolicited emails even if it comes from people in the contact list.
It has asked users to encrypt and protect their sensitive documents to avoid potential leakage.
It also urged people to use anti-virus tools, firewalls, and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.