Staying safe from phishing attacks is as necessary as staying safe from Covid-19 as both can give you a heavy damage.
Indian cybersecurity agency Computer emergency report team (CERT - IN) has released an advisory on its website which contains simple yet effective steps that one can follow to avoid being a victim of a phising attack.
What is Phising?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.Typically carried out by email spoofing or instant messaging it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
CERT-In issued advisory on COVID 19-related Phishing Attack Campaign by Malicious Actors. pic.twitter.com/x8WO3TseCM— CERT-In (@IndianCERT) June 20, 2020
Cert-In has warned Indian citizens about a potential cyber threat in the form of a phishing attack.The cybersecurity firm has claimed that “malicious actors" will be using email IDs of lakhs of people in order to get their sensitive information.
The agency has claimed that the attack will begin today and that users need to be extremely cautious with unsolicited emails even double-check the mails that they receive from known contacts.
The agency released an advisory on its website which contains simple steps that one can follow to avoid being a victim of a phishing attack.
How Users should deal with suspicious mails, links, website
• Don't open attachments in unsolicited mails. If they come from people that seem to be in your contact list, make sure the mailing ID is correct before clicking on the URL contained in the email
• Even if the link seems to be benign, and you have to access something online, close the email and go to the organisation’s website directly through a browser
• Leverage Pretty Good Privacy in mail communications. Additionally, encrypt or protect the sensitive document stored in the internet-facing machines to avoid potential leakage
• Exercise caution when opening email attachments even if the attachment is expected and the sender appears to be known.
• Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type" i.e. the extension matches the file header
• Be aware about phishing domain, spelling errors in emails, websites and unfamiliar email senders
• Check the integrity of URLs before providing log-in credentials or clicking a link
• Do not submit personal information to unknown and unfamiliar websites
• Beware of clicking URLs from mails and websites that make offers like winning prize, rewards, cashback offers
• Consider using safe browsing tools, filtering tools in your antivirus firewall and filtering service
• Update spam filters which latest spam mail contents
If you found any unusual activity, you can report it to incident@cert-in.org.in with relevant logs, email headers for the analysis of the attacks and taking further appropriate actions.
The agency released an advisory on its website which contains simple steps that one can follow to avoid being a victim of a phishing attack.
How Users should deal with suspicious mails, links, website
• Don't open attachments in unsolicited mails. If they come from people that seem to be in your contact list, make sure the mailing ID is correct before clicking on the URL contained in the email
• Even if the link seems to be benign, and you have to access something online, close the email and go to the organisation’s website directly through a browser
• Leverage Pretty Good Privacy in mail communications. Additionally, encrypt or protect the sensitive document stored in the internet-facing machines to avoid potential leakage
• Exercise caution when opening email attachments even if the attachment is expected and the sender appears to be known.
• Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type" i.e. the extension matches the file header
• Be aware about phishing domain, spelling errors in emails, websites and unfamiliar email senders
• Check the integrity of URLs before providing log-in credentials or clicking a link
• Do not submit personal information to unknown and unfamiliar websites
• Beware of clicking URLs from mails and websites that make offers like winning prize, rewards, cashback offers
• Consider using safe browsing tools, filtering tools in your antivirus firewall and filtering service
• Update spam filters which latest spam mail contents
If you found any unusual activity, you can report it to incident@cert-in.org.in with relevant logs, email headers for the analysis of the attacks and taking further appropriate actions.
0 Comments