Phishing attacks are being inspired by the Aarogya Setu app and various video calling apps, as cyber criminals are taking advantage of the COVID pandemic. The Indian Computer Emergency Response Team (CERT-IN) in its latest alert says that there has been a significant rise in phishing attacks in the name of the Aarogya Setu contact tracing app as well as video meeting apps such as Zoom, Microsoft Teams and Google Meet.
It turns out that scammers are impersonating the World Health Organization (WHO), HR departments and top executives of companies or any other person who you may possibly know to spread fake and reference these popular apps that suggest “Your neighbor is infected”, “See who all are infected”, “Someone who came in contact with you tested positive”, “recommendations to self-isolate” and “Guidelines to use Aarogya Setu app”.
Software technologies company Check Point recently said that they have seen 192,000 coronavirus-related cyber-attacks per week over the past three weeks, a 30% increase compared to previous weeks. They say, “in the past three weeks, almost 20,000 new coronavirus-related domains were registered and 17% of these are malicious or suspicious.”
“Threat actors are taking the interest of users related to Coronavirus and performing threats. New phishing domains are created which are centered around the subject such as "relief package", "safety tips during corona", "corona testing kit", "corona vaccine", "payment and donation during corona". Threat actors trick users through phishing e-mails and messages based on the above subjects,” says CERT-in in the advisory.
The advisory says that we should watch out for phishing domains, spelling errors in emails, websites and unfamiliar email senders. Users should also not download or open any file received in an email or an SMS link. Also, never submit your personal information on unfamiliar websites and beware of clicking on links that offer rewards etc. It is recommended that computing devices should use firewalls and antivirus solutions to warn you in case of phishing attempts.