The government has warned against a large-scale cyber attack against individuals and businesses, where attackers may use COVID-19 as a bait to steal personal and financial information.
India's cybersecurity nodal agency, CERT-In has issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid.
The phishing campaign is expected to start on June 21, 2020 with cyber attackers using email IDs such as "ncov2019@gov.in", it added.
The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded COVID-19 support initiatives.
"Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information," Indian Computer Emergency Response Team (CERT-In) said in its latest advisory dated June 19.
The advisory noted that the "malicious actors" are claiming to have 2 million individual/citizen email IDs and are planning to send email with the subject line: free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information.
"It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities," it cautioned.
CERT-In, in its advisory, outlined a list of steps for users to protect themselves, including not opening attachments in unsolicited emails even if it comes from people in the contact list.
It has asked users to encrypt and protect their sensitive document to avoid potential leakage.
It also urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.