<p>With tension between India and China at an all-time high, state-run Indian Computer Emergency Response Team (CERT-In), last week, warned citizens to be wary of COVID-19 related phishing scams in the coming days.</p>.<p><strong>What exactly is online phishing?</strong></p>.<p>Phishing is a criminal offence in which internet attackers convince users to disclose sensitive information ranging from bank statements to personal identification, using the names of accredited websites as a front. The practice includes sending of spam emails containing malicious links and attachments that steal user data, thus rendering the ploy illegal. Day by day, these scams grow in deceitfulness and innovation. Something that might seem like a neat offer to win tickets for a holiday cruise may actually be a veiled phishing attack aimed at extracting personal details.</p>.<p>CERT-in says the emails, at first glance, appear to be legitimate as they uncannily mimic a government standard-issue email. Under the pretense of conducting mandatory testing for the Coronavirus for residents over the age of 40 in Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, the sham emails collect personal information including contact information and PAN card details. The mails also contain links that divert recipients to fake websites, where they are misled to download malicious files or impart personal data.</p>.<p>As per the information provided on the CERT-In official website, the malicious actors claim to be in possession of at least 2 million citizen email IDs and plan to launch the online phishing campaign in June. CERT-In warns users to beware of fraudulent email ids, such as “<a href="mailto:ncov2019@gov.in">ncov2019@gov.in</a>”, which is expected to be used in the phishing campaign.</p>.<p><strong>How can I protect myself from falling victim to such online scams?</strong></p>.<ul> <li>Refrain from providing sensitive information online, such as credit card information, personal identification (PAN, Aadhaar or passport) details, contact information, etc. unnecessarily, however, legitimate the website may seem.</li> <li>Beware of unknown email ids, do not click links or download documents that they may endorse.</li> <li>When entering personal information online, be sure to verify that you are on an official website, as phishing scams often lure in victims by creating fake websites employing the names of well-known companies.</li> <li>Also, whenever you get a message on email or an SMS from a bank agency, or Income Tax department person, make sure to read with a keen eye. Most often than not, the cybercriminals make spelling mistakes in the department name. FYI: Private or government-run IT never ask for revealing any financial details on a mail, or phone messages or a call</li> <li>Don’t open links or attachments from unbidden sources, even if they may seem to come from persons in your contact list.</li> <li>Users are advised to encrypt important documents so that information cannot easily be siphoned from the device.</li> <li>Some malicious content may masquerade as protection against malicious content. Do not download unrecommended protection software as that may be a virus itself.</li> <li>Utilize commended security and antivirus software services as they serve as good basic protection against unwarranted infiltrations.</li> <li>Update spam filters and periodically empty the backed-up spam content.</li> <li>Any unusual activity or attack should be reported immediately at <a href="mailto:incident@cert-in.org.in">incident@cert-in.org.in</a> with the relevant logs, email headers for analysis of the attacks and taking further appropriate actions.</li></ul>.<p><em>Get the latest news on new launches, gadget reviews, apps, cyber security and more on personal technology only on <b><a href="https://www.deccanherald.com/tag/dh-tech" target="_blank">DH Tech</a>.</b></em></p>
<p>With tension between India and China at an all-time high, state-run Indian Computer Emergency Response Team (CERT-In), last week, warned citizens to be wary of COVID-19 related phishing scams in the coming days.</p>.<p><strong>What exactly is online phishing?</strong></p>.<p>Phishing is a criminal offence in which internet attackers convince users to disclose sensitive information ranging from bank statements to personal identification, using the names of accredited websites as a front. The practice includes sending of spam emails containing malicious links and attachments that steal user data, thus rendering the ploy illegal. Day by day, these scams grow in deceitfulness and innovation. Something that might seem like a neat offer to win tickets for a holiday cruise may actually be a veiled phishing attack aimed at extracting personal details.</p>.<p>CERT-in says the emails, at first glance, appear to be legitimate as they uncannily mimic a government standard-issue email. Under the pretense of conducting mandatory testing for the Coronavirus for residents over the age of 40 in Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, the sham emails collect personal information including contact information and PAN card details. The mails also contain links that divert recipients to fake websites, where they are misled to download malicious files or impart personal data.</p>.<p>As per the information provided on the CERT-In official website, the malicious actors claim to be in possession of at least 2 million citizen email IDs and plan to launch the online phishing campaign in June. CERT-In warns users to beware of fraudulent email ids, such as “<a href="mailto:ncov2019@gov.in">ncov2019@gov.in</a>”, which is expected to be used in the phishing campaign.</p>.<p><strong>How can I protect myself from falling victim to such online scams?</strong></p>.<ul> <li>Refrain from providing sensitive information online, such as credit card information, personal identification (PAN, Aadhaar or passport) details, contact information, etc. unnecessarily, however, legitimate the website may seem.</li> <li>Beware of unknown email ids, do not click links or download documents that they may endorse.</li> <li>When entering personal information online, be sure to verify that you are on an official website, as phishing scams often lure in victims by creating fake websites employing the names of well-known companies.</li> <li>Also, whenever you get a message on email or an SMS from a bank agency, or Income Tax department person, make sure to read with a keen eye. Most often than not, the cybercriminals make spelling mistakes in the department name. FYI: Private or government-run IT never ask for revealing any financial details on a mail, or phone messages or a call</li> <li>Don’t open links or attachments from unbidden sources, even if they may seem to come from persons in your contact list.</li> <li>Users are advised to encrypt important documents so that information cannot easily be siphoned from the device.</li> <li>Some malicious content may masquerade as protection against malicious content. Do not download unrecommended protection software as that may be a virus itself.</li> <li>Utilize commended security and antivirus software services as they serve as good basic protection against unwarranted infiltrations.</li> <li>Update spam filters and periodically empty the backed-up spam content.</li> <li>Any unusual activity or attack should be reported immediately at <a href="mailto:incident@cert-in.org.in">incident@cert-in.org.in</a> with the relevant logs, email headers for analysis of the attacks and taking further appropriate actions.</li></ul>.<p><em>Get the latest news on new launches, gadget reviews, apps, cyber security and more on personal technology only on <b><a href="https://www.deccanherald.com/tag/dh-tech" target="_blank">DH Tech</a>.</b></em></p>
