Security agencies alert personnel about potential Chinese cyber attack

Beware of emails promising free Covid-19 tests in Indian metros as it could be a "potential cyber offensive attack from the Chinese Army", security agencies have warned its personnel.

The warning was issued after CERT-in issued an advisory that "malicious actors are planning a large-scale phishing attack campaign against Indian individuals and businesses (small, medium and large enterprises)".

The security agencies alert came against the backdrop of tensions at the India-China border after a "violent face-off" left 20 Indian soldiers killed.

In the alert, the agencies said the phishing attack from the Chinese cyber warriors -- a "malicious group" claiming to have two million individuals' email addresses -- could be in the guise of a free Covid-19 test.

"Watch out for IDs like 'ncov2019@gov.in'. Beware of malicious phishing e-mails/ SMS/messages on social media inciting you to provide personal and financial information," it said.

Phishing campaign is expected to impersonate government agencies, departments and trade associations who have been tasked to oversee the disbursement of the government fiscal aid and could use a spoofed email with "free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad" in the subject line, it said.

"It is seen that a well educated/aware person is likely to be less prone in falling prey to such kind of cyber attacks," the alert said adding security personnel should be educated about the possible cyber attack.

The alert also advised personnel not to open or click on attachment in unsolicited e-mail, SMS or messages through social media, exercise extra caution in opening attachments, even if the sender appears to be known and beware of e-mail addresses, spelling errors in emails, websites and unfamiliar email senders.

One should not submit personal or financial details on unfamiliar or unknown websites or links, check the integrity of URLs before providing login credentials or clicking a link and consider using safe browsing tools, filtering tools (antivirus and content-based filtering) in antivirus, firewall, and filtering services. Update spam filters with latest spam mail contents.

The users should also try to encrypt sensitive documents to avoid potential leakage, the alert said.