Indian cybersecurity agency Cert-In has warned Indian citizens about a potential cyber threat in the form of a phishing attack. The cybersecurity firm has claimed that “malicious actors” will be using email IDs of lakhs of people in order to get their sensitive information.
The agency has claimed that the attack will begin today and that users need to be extremely cautious with unsolicited emails even double-check the mails that they receive from known contacts.
The agency released an advisory on its website which contains simple steps that one can follow to avoid being a victim of a phishing attack.
Here’s how users should deal with suspicious mails, links, websites
- Don’t open attachments in unsolicited mails. If they come from people that seem to be in your contact list, make sure the mailing ID is correct before clicking on the URL contained in the email
- Even if the link seems to be benign, and you have to access something online, close the email and go to the organisation’s website directly through a browser
- Leverage Pretty Good Privacy in mail communications. Additionally, encrypt or protect the sensitive document stored in the internet-facing machines to avoid potential leakage
- Exercise caution when opening email attachments even if the attachment is expected and the sender appears to be known.
- Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” i.e. the extension matches the file header
- Be aware about phishing domain, spelling errors in emails, websites and unfamiliar email senders
- Check the integrity of URLs before providing log-in credentials or clicking a link
- Do not submit personal information to unknown and unfamiliar websites
- Beware of clicking URLs from mails and websites that make offers like winning prize, rewards, cashback offers
- Consider using safe browsing tools, filtering tools in your antivirus firewall and filtering service
- Update spam filters which latest spam mail contents
The agency has also asked user to report any unusual activity immediately to email@example.com with relevant logs, email headers for the analysis of the attacks and taking further appropriate actions.