Phishing attacks around Aarogya Setu app on the rise, says Cert-in
nNEW DELHI: India’s cyber security agency CERT-IN has issued an alert saying phishing attacks centered around the government’s contact tracing application — Aarogya Setu — are spiking as cyber criminals try to take advantage of the pandemic.
The advisory states that “Aarogya Setu app-focused phishing (attacks) have seen a high rise . Scammers impersonate as HR department, CEO, or any other known person and target users by spreading messages like ‘your neighbour is affected’, ‘see who all are affected’, ‘someone who came in contact with you tested positive’, ‘recommendations to self-isolate’, ‘guidelines to use Aarogya Setu’ among others”.
The advisory, however, fails to mention the number of such phishing cases or the rise thereof.
Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution and are lured into providing sensitive data such as banking and credit card details.
The CERT-IN or Indian Computer Emergency Response System is a government-mandated information technology (IT) security organisation whose purpose it is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country.
“New phishing domains are created which are centered around subjects like ‘relief package’, ‘safety tips during corona’, ‘corona testing kit’, ‘corona vaccine’, ‘donation during corona,” CERT-IN advisory said. CERT-IN says people should beware spelling errors in emails, websites and unfamiliar email senders .
Pavan Duggal, one of the top cyber experts in the country, said, “Aarogya Setu is an insecure app. It doesn’t have the basic parameters of cyber security. We don’t have strong laws on cyber security and things like phishing are not directly covered by IT Act. The Act needs to be amended.”