CURRENT ACTIVITIES
Phishing campaigns impersonate popular video conferencing platforms, AarogyaSetu app & WHO
Original Issue Date:May 15, 2020
In recent trends, threat actors are taking advantage of pandemic situation to trick the users to give up their sensitive information by taking advantage of the interest associated with recent novel coronavirus activities, news, and information.
Threat actors impersonate popular video platforms like Zoom, Google Meet, Microsoft Teams,the AarogyaSetuapp andWHO to send phishing messages through SMS(smishing), WhatsApp (whishing) or phishing emails to steal identities and engage in other nefarious activities during the COVID-19 pandemic.
Fake video conferencing apps
Threat actors are using fake domains impersonating popular apps such as Zoom, Google Meet, and Microsoft Teams to lure the victims.
Phishing scam related to AarogyaSetu App
AarogyaSetu app focused phishing have seen high rise. Scammers impersonate as HR department, CEO, or any other known person and target users by spreading messages as "Your neighbour is affected", "See who all are affected", "Someone who came in contact with you tested positive","recommendations to self-isolate","Guidelines to use AarogyaSetu".
Phishing centered impersonating WHO
Cyber criminals are sending phishing emails impersonating WHO and e-mails are appear to be originating from the domain of WHO. Such e-mails may contains malicious file and URLs.
Phishing websites around Corona, COVID-19
Threat actors are taking the interest of users related to Coronavirus and performing threats. New phishing domains are created which are centered around the subject such as "relief package", "safety tips during corona", "corona testing kit", "corona vaccine", "payment and donation during corona". Threat actors trick users through phishing e-mails and messages based on the above subjects.
Best practices
- Beware about phishing domain, spelling errors in emails, websites and unfamiliar email senders
- Beware about downloading, opening a file or document received over email.
- Check the integrity of URLs before providing login credentials or clicking a link.
- Do not submit personal information to unknown and unfamiliar websites.
- Beware of clicking form phishing URLs providing special offers like winning prize, rewards, cashback offers.
- Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.
References
|
| |
| Disclaimer |
|
The information provided herein is on "as is" basis, without warranty of any kind. |
|
|
Contact Information
|
|
Email:info@cert-in.org.in
Phone: +91-11-22902657
|
|
|
Postal Address
|
|
| Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|
|