BEWARE OF PHISHING ATTACK!
What is a phishing attack?
As the word is pronounced as “fishing”, the analogy is of an angler throwing a baited hook out there (the phishing email) and hoping you bite. Phishing is a cyber-attack, it is often used to steal users data, from login credentials to credit/debit card, net banking details. It occurs when an attacker creates an identity of himself on the internet which appears to be legitimate, but is not in actual, and by using that identity the attacker dupes its victim into the opening of a mail, instant text message or a simple text message. As soon as the person receiving such emails opens that particular message/mail sent by an attacker, the attacker gets access to the victims personal data.
In 2004, Indian Cyber Community constituted Computer Emergency Response Team India (CERT-In), it is the national nodal agency for responding to cybersecurity incidents as and when they occur[1].
These days where there is a fear in people’s mind amid COVID 19 situation worldwide, attackers are exploiting the netizens by taking advantage of the situation, they are sending junk mails with subjects like “COVID 19 Vaccine” or “CURE FOR COVID 19” or "FREE COVID 19 TEST" etc., after reading these subject lines, one might get deceived and in order to know more about the mail or out of curiosity, netizens will open the mail and as soon as the mail is explored, one has become a victim to the crime thereby losing personal data.
On 21.06.2020 CERT-In issued advisory regarding a potential cyber offensive attack from the Chinese army. The advisory states that there is high possibility that Chinese cyber warriors could be carrying a massive phishing attack. CERT-In has issued some preventive measures[2], which are as follows:
1. Don't open or click on an attachment in an unsolicited e-mail, SMS or messages through Social Media.
2. Exercise extra caution in opening attachments, even if the sender appears to be known.
3. Beware of e-mail addresses, spelling errors in e-mails, websites and unfamiliar e-mail senders.
4. Do not submit personal financial details on unfamiliar or unknown websites/links.
5. Beware of e-mails, links providing special offers like Covid-19 testing, Aid, Winning prize, Rewards, Cashback offers.
6. Check the integrity of URLs before providing login credentials or clicking a link.
7. Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services. Update spam filters with latest spam mail contents.
8. Leverage Pretty Good Privacy in mail communications. Additionally, advise the users to encrypt/protect the sensitive documents stored on the internet-facing machines to avoid potential leakage.
Any unusual activity or attack should be reported immediately at [email protected]. with the relevant logs, email headers for the analysis of the attacks and taking further appropriate actions.
[1] https://www.cert-in.org.in/
[2] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2020-0040