Millions of Indians could be targeted by fake emails, social media posts or texts messages related to Covid-19 in order to steal their credentials or compromise their computers, India’s official cybersecurity agency Cert-IN said in an advisory uploaded on Friday, citing a report from independent researchers who said the attack is being planned by North Korea-based cyber criminals.
The alert is the latest in a series of warnings from cybersecurity firms across the world about hackers exploiting interest in the coronavirus disease pandemic to lure people into clicking on fake login pages or downloading malicious files that could create a backdoor in their computers.
“The phishing campaign is expected to impersonate government agencies, departments and trade associations tasked to oversee the disbursement of the government fiscal aid,” the advisory by Cert-IN (Indian Computer Emergency Response Team) said, citing a report by Singapore-based cybersecurity firm Cyfirma.
Such campaigns usually have a financial motive since access to a person’s email account or their computers in entirety could allow the cybercriminals to break into people’s bank accounts.
The potential for damage “is immeasurable”, Cyfirma’s CEO Kumar Ritesh said in response to questions over email. “When PII (personally identifiable information) is stolen, impersonation will take place where hackers can use your identity to commit all sort of crimes, or infiltrate corporate systems. For this particular phishing campaign, hackers are looking personal details / PAN no / communication address / health conditions,” he added.
