According to Indian Computer Emergency Response Team (CERT-In), India faces the prospect of a large-scale cyberattack that could target individuals and businesses.

CERT-In has said that the attackers may use Covid-19 as a bait to steal personal and financial information. It further added that the potential phishing attackers could impersonate government agencies, departments and trade bodies tasked to oversee disbursement of government fiscal aid.

The phishing campaign is expected to start on June 21, 2020 with cyber attackers using email IDs such as “ncov2019@gov.in”. The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing government-funded Covid-19 support initiatives.

CERT-In has given a series of steps for users to protect themselves, including not opening attachments in unsolicited emails even if it comes from people in the contact list. It has asked users to encrypt and protect their sensitive documents to avoid potential leakage.

In its advisory, the agency has urged people to use anti-virus tools, firewalls and filtering services and asked them to report any unusual activity or attack immediately to CERT-In.

As per CERT-In, malicious actors are claiming to have 2 million individual/citizen email IDs and are planning to send email with the subject line: free Covid-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad in a bid to coax users to disclose personal information.