CERT-In Advisory against COVID-19 phishing campaign by malicious actors

On June 19, 2020, the Indian Computer Emergency Response Team (CERT-In) issued an advisory reportedly warning against a large-scale phishing campaign against Indian citizens and small, medium, and large-scale business enterprises. According to CERT-In, the attackers are expected to use COVID-19 as enticement while masquerading as the central government agencies.


CERT-In has issued an advisory with regards to COVID 19-related phishing attack campaign by malicious actors. This advisory warns against a large-scale phishing campaign against Indian citizens and small, medium, and large-scale business enterprises. These phishing attacks by malicious actors are intended to steal personal and financial information.

The nation’s nodal agency for cybersecurity has reported that the phishing attack is likely to use malicious emails under the disguise of local administration, authorized for providing COVID-19 support by the Central Government.

Phishing Email Subject and Contents

As per the advisory issued, the attackers claim to have around two million citizen email IDs. The attackers intend to send emails with the subject: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad. The purpose behind such emails is to push the recipients towards bogus websites to trick them into malicious downloads or sharing personal and financial information.

The phishing campaign is likely to be designed to masquerade as the government authorities, departments, and trade associations responsible for managing government-funded COVID-19 support initiatives. CERT-In has reported that these malicious actors are likely to use ncov2019@gov.in as the email for the phishing campaign. The attack campaign is expected to begin from June 21, 2020. At the time of publication of this article, you might likely have received an email.

Recommended Best Practices
  • Do not open attachments in unsolicited emails, even if they appear to come from one of your contacts.
  • Never click on links contained in such unsolicited emails.
  • Even for the emails that seem to come from genuine organizations, directly visit the website of those organizations.
  • Use encryption or protect sensitive documents to prevent data leakage.
  • Exercise cause even when you are expecting an email.
  • Block the following file attachments:
    • .exe
    • .pif
    • .tmp
    • .url
    • .vb
    • .vbe
    • .scr
    • .reg
    • .cer
    • .pst
    • .cmd
    • .com
    • .bat
    • .dll
    • .dat
    • .hlp
    • .hta
    • .js
    • .wf
  • Closely check the domains you are visiting for spelling emails.
  • Checks the URLs before entering your credentials.
  • Do not click links in phishing emails that provide special offers like winning prize, rewards, and cashback offers.
  • Using anti-virus/anti-malware tool on your computer system along with content-based filtering.
  • Update your spam filters with latest spam email contents.
What should you do if you receive phishing emails?

Report such emails immediately at incident@cert-in.org.in along with email headers and logs so that CERT-In can analyze the email contents and take appropriate actions. Through phone, CERT-In can be reached at +91-11-24368572.

Featured Image Credits: Technology vector created by freepik – www.freepik.com

Leave a Reply