Government’s Cyber Watchdog Warns Citizens of Massive Phishing Attack from today


The government’s Cyber watchdog has asked people to guard against a massive phishing attack that could mimic official communication on COVID-19 pandemic to steal personal data and financial information.

The phishing attack campaign by “malicious actors” is expected to start today, and the suspicious email could be, the Indian Computer Emergency Response Team or CERT-In tweeted. The CERT-In under the Information Technology Ministry works to protect Indians from cyber threats.

“The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded COVID-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information,” CERT-In said in a statement.

Phishing attacks come disguised as trusted entities and dupe people into opening emails or text messages. People are then tricked into clicking a malicious link, which can lead to installation of malware, system freeze or revealing of sensitive information.

“…The malicious actors are claiming to have two million individual/citizen email IDs and are planning to send emails with the subject free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them to provide personal information,” it said.

“…These malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email ID expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as ‘’ and the attack campaign is expected to start on June 21, 2020,” it said.

The cyber security agency said people shouldn’t open attachments in unsolicited emails, even if they come from people in their contacts list. It said they shouldn’t click on URLs in an unsolicited email, even if the link seems benign.

Any unusual activity or attack should be reported immediately at with logs and email headers for analysis of the attacks and for taking action.