The government of India has issued an advisory through the national cyber crime portal, warning users of large scale phishing attacks planned by Chinese state-backed hackers. The advisory warns users against a specific email address, ‘[email protected]’, which is reportedly being used by the Chinese attackers to send phishing emails. According to the government advisory, the Chinese cyber crime perpetrators have gotten hold of over 2 million email addresses, and are using the above-mentioned email address to send messages that claim to offer “free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad.” It is this that raises considerable threat for all individuals in the country, making it extremely important to keep yourself safe. On this note, here are some essential tactics that you must adopt in order to keep yourself safe online.
1. Scrutinise who you received the email from
What is important to note here is how the Chinese attackers are using a spoofed email address with the ‘gov.in’ suffix. Typically, this suffix is reserved for government usage, and this may lead to many deeming this to be an official email. However, that may not always be the case, as spoofing an email address is not very difficult a task. If you receive such an email, do not open, reply or take any actions on such an email before verifying this information for yourself. For any email that has words such as ‘free’, ‘offers’, ‘rewards’, ‘discounts’ or anything related to them, the first step is to verify the information and the email address that the mail came from. Also check the email address properly, since spam mails often have email addresses that carry traces of being fake.
2. DO NOT open attachments sent on mail
Many of these emails contain attachments, which may be disguised as PDF or other harmless files claiming to give you information. In reality, they actually come with executable malware that get downloaded on your device(s), and may work in the background to steal information that may include personal IDs and financial data. Hence, be sure to not open any such email attachments, unless the mail has come from a person or source whom you know for yourself, and know that the attachment has been sent to you for a certain purpose.
3. Do not reply with identifiable personal data or financial information
Many such phishing emails claim that to get the free benefits, users must reply within a stipulated time period with certain information that may include IDs, banking details and so on. If you receive such an emails, make sure that you don’t respond to them with your personal details. As many companies have said repeatedly, unless official authorities specifically ask you for identification on official channels, you should not be divulging your personal details anywhere.
4. Verify and cross-verify links before downloading or transacting on them
Phishing attacks often try to emulate official websites in attached links, while in reality they are actually fabricated links connected to a remote server that will steal your data. If you open any such links from convincing emails, scrutinise the link to see if it is the same as the official site it is replicating. A simple Google Search often reveals these details, which every person must follow. Also check for the ‘https’ tag at the start of a link, and see if the webpage you have opened has valid certificates. These information are typically found at the left corner of a browser’s address bar.
5. Report any suspicious activity to alert authorities
Government advisory issued on this matter has urged individuals to report any such emails on India’s official anti-phishing portal, which can be reached on reportphishing.in. If you get such mails, be sure to report them instantly, instead of ignoring them. This can help authorities blacklist sites and senders, and even track the emails to find the perpetrators behind these crimes.