India’s biggest lender State Bank of India (SBI) has tweeted and issued a public warning to account holders to be cautious of a cyber attack that could hurt almost 2 million people if not more. The tweet states that as per the Indian Computer Emergency Response Team (CERT-In), cybercriminals might try a phishing attack on a large scale starting June 21st.
According to the warning, cyber criminals claim to have records of over 2 million citizens with their email addresses. They can attempt to send in a phishing email or use social media or other platforms with the subject “Free COVID-19 Testing” prompting users to click on the link. This is where they will urge users to provide personal details thereby taking the phishing attack to its ultimate goal.
The advisory also states that citizens/individuals living in metropolitan cities like Chennai, Hyderabad, Mumbai, Delhi, and Ahmedabad could be under cybercriminal’s radar where they will be sending an email with the said subject line and the emails will be coming from firstname.lastname@example.org which appears to be an official email address thereby people will automatically trust on it.
The advisory further adds that the phishing attack is not just limited to sending emails to millions of Indians but it could also arrive through text messages and social media posts asking users to sign up for a free COVID-19 testing pan-India which isn’t a thing.
There are multiple steps that one can take when he/she receives a malicious or suspicious email. First thing, never open attachments in emails from any unknown sources. Next up, if an email adds an URL that looks genuine such as from a bank, it is better to visit their website separately than clicking the link that arrived in the mail. Cybercriminals often use powerful words like free COVID-19 testing, in this case, winning lottery or prizes as a way of luring people to surrender their personal information which allows criminals to carry out phishing attacks without any hassle.