CERT-In said that hackers can steal important personal and financial data of citizens
The phishing campaign is expected to be designed to impersonate government agencies
The malicious actors are claiming to have 2 Mn individual email addresses
In the latest Covid-19 related cybercrimes in the country, the government has issued an advisory against a large scale phishing campaign which impersonates the government and promises free Covid -19 tests and other resources.
The government’s Indian Computer Emergency Response Team (CERT-In) said that hackers can steal important personal and financial data of citizens. The malicious actors are claiming to have 2 Mn individual email addresses and the attack campaign is expected to start on June 21.
“It has been reported that malicious actors are planning a large scale phishing attack campaign against Indian individuals and businesses… The emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” the advisory said.
CERT-In further claimed that the phishing campaign is expected to be designed to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government aid.
Surendra Singh, Senior Director and Country Manager at Forcepoint noted that according to the company’s three-month trend analysis of the web and email traffic, there has been a 358% jump in the number of malicious emails, in the week of March 23. The company claims to have blocked over 500 Mn spam emails every day, since mid-March. In April, Gmail was every day detecting 18 Mn malware and phishing emails, and over 240 Mn spam messages related to Covid-19.
Earlier this month, user data from two Indian startups — Zoomcar and Unacademy — was leaked onto the dark web. This was not the first instance of data leaks among Indian startups — there have been cases of security holes in startups such as Skolaro, Justdial and others — but it comes at a time when India’s cyber-infrastructure is at its most vulnerable.
According to MeitY, India witnessed 3.94 Lakh instances of cybersecurity incidents in 2019. According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.