The move comes from Maharashtra cyber cell issuing a statement in the past week acknowledging increased cybercrime activity. India’s government has released an advisory through its national cybercrime platform, warning users of large-scale phishing attacks intended by state-backed Chinese hackers.
The advisory alerts users against a particular email address, ‘firstname.lastname@example.org’ which the Chinese attackers allegedly used to send phishing emails. As per the government advisory, more than 2 million email addresses have been held by the Chinese cybercrime perpetrators and use the email address above to send messages claiming to offer “free Covid-19 testing for all Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad residents.”
It is this that poses a considerable threat to all of the country’s individuals, making it extremely important to be safe. Here are a few essential tactics you need to adopt to keep yourself safe online.
Use of ‘Gov.in’ Suffix
Why the Chinese attackers use a spoofed email address with the ‘gov.in’ the suffix is important to remember here. This suffix is usually reserved for government use, and that may lead others to find it an official email. That may not always be the case though, as spoofing an email address is not a task that is very difficult.
If you receive such an email, before checking this information for yourself, do not open, respond or take any action on such an email. For any email that includes words like ‘free,’ ‘offers,’ ‘rewards,’ ‘discounts’ or something relevant to them, the first move is to verify the details and email address from which the email came. Also verify the email address correctly, as spam emails frequently have email addresses with traces of being false.
DO NOT open mail attachments. Some of these emails contain attachments that disguised as PDF files or other harmless files. They claim to provide you with information. In fact, they come with executable malware that downloads to your device(s). It may work in the background to steal information which may include personal IDs and financial data. Therefore, be sure to avoid opening any such email attachments, unless the email comes from a person or source you know for yourself, and know that the attachment is mail to you for a specific purpose.
Avoid Using Personal Data
Do not reply to personal data or financial information recognizable. Many such phishing emails say that in order to get the free benefits. The users must respond with some information. It may include IDs, banking details and so on within a defined time span. When you get emails like this, make sure you don’t answer them with your personal information. As several businesses have said repeatedly, you should not share your personal information. It is anywhere unless official authorities directly ask you for identification on official channels.
Check and cross-check connections before they download or transacted. Phishing attacks frequently attempt to imitate official websites in links attached. It is when in reality they link to a remote server which will steal your data. If you open any such links from convicting emails. Also, scrutinize the connection to see if it is replicating the same as the official website. A simple Google Search also shows certain information that follows by any user. Search for the ‘https’ tag at the beginning of a connection to see if there are valid certificates. It is on the web page you access. Usually, such details is at the left corner of the address bar of a browser.
Warn authorities about any suspicious activity. Government advisory authorised on this issue has encouraged individuals. It is to report any emails on India’s official anti-phishing portal, which can be accessed at report phishing.in. If you receive these emails, be sure to record them immediately, rather than ignore them. This can help blacklist sites and senders by authorities, and even track emails to find the perpetrators behind those crimes.