Cybercriminals are exploiting the Covid-19 situation by executing malicious campaigns. With increasing number of COVID-19 tests being conducted in the country, attackers have reportedly planned to launch a large-scale phishing campaign in the garb of reimbursement of COVID-19 treatment, to steal sensitive information form unsuspecting targets.
The attacker may send phishing emails to the targets using spoofed email address (likencovid19[@]gov[.]in, ncov2019[@]gov[.]in or similar) appearing to come from the authorities responsible for dispensing government funded COVID-19 support initiatives under Government of India (Gol).
- The email may inform the target about mandatory COVID-19 testing orders from Government of India and prompts him to register for testing by clicking on a malicious link. The link takes the target to a phishing webpage asking for personal and financial details, for stealing personal information.
- Avoid downloading emails attachments or clicking on suspicious links received in emails from unknown or untrusted sources (especially in relation to Health Information or having the theme of COVID-19)
- Use only trusted sources, such as legitimate government websites for up-to-date, fact-based information about COVID-19.
- Never respond to unsolicited requests for personal or financial information on email.
- Verify the authenticity of communications related to COVID-19 prior to performing the action prompted by it
- Organizations are recommended to share information about such campaigns at the earliest with their employees to remain alert.