The government's cyber security arm on Sunday issued an advisory warning users against a large-scale 'phishing attack' that may take place against Indian Internet users today.
CNBC-TV18 had earlier reported that a North Korea-sponsored hacking group named Lazarus was planning to launch phishing attacks designed as COVID-19 relief efforts against citizens in six countries including India.
A ‘phishing' attack is a fake email designed to look as coming from a trusted source and dupe people into opening emails or text message that contain links to malicious websites.
“These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information,” said security research firm CYFIRMA which has exposed the Lazarus Group's plans.
The suspicious email could be from email@example.com, warned the government's cyber security arm CERT-in, which is responsible for pre-empting, identifying and mitigating cyber threats against the country.
Besides India, the other countries whose 5 million users are at the risk of attack are US, UK, Japan, Singapore and South Korea.
“There is a common thread across six targeted nations in multiple continents – the governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies,” CYFIRMA said.
For instance, the Indian government has announced Rs 20 lakh crore of credit, finance and collateral-free loans to micro, small and medium enterprises, as well as welfare packages for citizens.
“The Lazarus Group's upcoming phishing campaign is designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid,” CYFIRMA said.
“The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks,” it added.
“Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability.
”CYFIRMA researchers first picked up the lead on June 1, 2020, and have been analyzing the planned campaign, decoding the threats, and gathering evidence. Evidence points to hackers planning to launch attacks in six countries across multiple continents over a two-day period.
“Further research uncovered seven different email templates impersonating government departments and business associations,” it said. The hackers claimed to have 2 million individual email IDs in India.
The plan is to send emails free COVID-19 testing for all residence of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad inciting them to provide personal information, CYFIRMA warned.
How to prevent the phishing attack
1. Don't open or click on attachment in unsolicited e-mail, SMS or messages through Social Media
2. Exercise caution in opening attachments, even if the sender appears to be known
3. Beware of e-mail addresses, spelling errors in e-mails, websites and unfamiliar e-mail senders
4. Do not submit personal financial details on unfamiliar or unknown websites or links
5. Beware of e-mails, links providing special offers like COVID-19 testing, aid, prizes, rewards, cashback offers.