A Major Phishing Campaign Is Coming Your Way, Promising Free Covid Testing

As the government dips its toes into opening up the cities again, we see the Covid-19 cases fluctuate. On the one hand, people are eager to resume normal routine, but on the other, the number of rising cases is cautioning us the worst hasn’t happened yet. In between this chaos of Unlock 1.0, people want to safeguard themselves and want definite reports on their health. Say you are one such person, who has recently put on hold the restriction of quarantine. Say you receive an email saying you could get a free covid testing done, know for sure whether going outside has affected you. Would you follow through?

In all fairness, the answer would be ‘yes’. But that’s how they get you.

Government suspects a new Covid-related phishing campaign

Indian governmental agencies are at a risk of impersonation. The government says emails may start going out in bulk, in the disguise of bureaucratic agencies. The emails will offer free covid testing and also other helpful resources for citizens. The catch is that the branches impersonated are in fact providing fiscal help to the public. Reports of various official wings of the government, in partnership with other organizations for relief measures, offering pandemic assistance are very much public. The masses know of these efforts and hence will take any relevant emails at face value.

What unsuspecting people would not know is that there is a ‘man in the middle’, waiting to pounce on this opportunity for phishing. There are cyber criminals on the ready for misusing the current narrative for their own benefits. According to cyber surveys, the criminals have gotten hold of 20 lakh email addresses, and a phishing campaign was expected to start from 21^st June. Using the covid bait, the phishing companies would start gathering personal and financial information from unsuspecting individuals. The malicious activities they could do with that kind of information are potentially limitless. From identity theft to siphoning money, cyber criminals will essentially have the keys to all the cyber locks you have in place.

To shed more light on the campaign, India’s Computer Emergency Response team (CERT) has outed the email id that would be used for the campaign: ncov2019@gov.in. CERT also says the email will likely contain names of major cities in the body, most likely tailored to the victim’s location. The security agency is in the process of compiling a list of do’s and don’ts for such phishing attacks and when it becomes public, we would surely help in spreading it far and wide.

But until then, we would like to leave you with our own list, curated after studying several phishing cases.

Best Practices

1. Be mindful of the underlying URL to the links in any email. By hovering over the link, you can make out the actual address which the link will take you to. If it’s different from where the email is promising to take you, run.
2. Fake email senders usually focus on duping people. However meticulous they may be about victim targeting, there are tell-tale signs in the email itself. Fake emails are typically ridden with typos and poor grammar. They may have generic salutation like ‘Dear User’. The tone and wording of such emails will not resonate with the educated authoritativeness of the organization they are personating. Go with your gut, and don’t interact with these emails.
3. If there’s an email attachment locked for editing, don’t click ‘Enable Editing’. Your tool developers have developed your applications to ensure your security. If you override their caution, you are countering what they intended for you.
4. Always check official websites of the authorities who have supposedly sent you the email. They likely have some bulletin on their website saying they have undertaken a task of, like in this case, say free covid testing centers. You might get an idea of the validity of the email from this, but it’s always better to double-check. You can do this by contacting the helpline the website will have provided.
5. If the sender’s address and the Reply To address are conflicting, it’s a potential sign of a phishing threat. Also check the domains carefully. If the phisher has used cousin-domain spoofing, you can make out a minute change in the domain (for e.g. Covid with a zero instead of ‘0’). If the hacker has used a lookalike audience, a glance won’t tell you that. But we have tools for that.

Logix Infosecurity also provides top-notch email security through the Email Advanced threat Protection service.