A COVID-19 related phishing campaign has been targeting Indian government officials via Whatsapp, text, and email. Those who received SMS messages were being asked to provide a vaccination record on a cloned mygov.in site, but they first had to enter their email address and password. The messages users were receiving stated “as per directives of the Ministry of Health and Family Welfare (MoHFW), Confirm your COVID status on https://covid19india.in and generate your vaccination certificate.” Other officials received phone calls from someone claiming to be from the Army hospital stating that they needed officials to update their vaccination status via a link being sent over Whatsapp. A defense ministry official received a Google Drive link via email as well that was asking for information regarding post-vaccination measures. Due to the pandemic still causing a majority of Indian officials to work from home, it is likely more COVID-19 related scams will be seen.
Analyst Notes
Those who receive messages like the ones mentioned above are advised not to open them, or at least don’t click on links and enter passwords until they can be verified with a trusted source. It’s best to have Multi-Factor Authentication (MFA) required to prevent a stolen password from being the one mistake that lets an attacker have full control of a sensitive account or VPN. In the event an attack does result from phishing attempts, it is always good to have protective measures in place such as the Binary Defense Security Operations Center. Dedicated analysts provide 24/7 monitoring solutions of SIEM and endpoint detection systems to detect and defend from intrusions on an organization’s network.
https://securereading.com/malicious-web-link-targets-indian-government-officials/?web_view=true
