Officials targeted in new phishing bid via govt IDs | Latest News India - Hindustan Times
close_game
close_game

Officials targeted in new phishing bid via govt IDs

ByAnisha Dutta, New Delhi
Feb 26, 2021 08:21 AM IST

The attack, which took place on Monday, prompted the government’s IT departments to send out an alert the following day to large groups of officials, according to emails seen by HT.

A new phishing email using compromised government accounts targeted groups of officials this week, attempting to lure them into sharing their passwords on a page that mirrored the government’s official mail server sign-on website, an attack that could let the attackers gain access to sensitive credentials and files.

Altogether, HT is aware of five NIC domain addresses – four with @gov.in suffixes and the fifth an @nic.in one – that have been used to launch cyber attacks.(File photo. Representative image)
Altogether, HT is aware of five NIC domain addresses – four with @gov.in suffixes and the fifth an @nic.in one – that have been used to launch cyber attacks.(File photo. Representative image)

The attack, which took place on Monday, prompted the government’s IT departments to send out an alert the following day to large groups of officials, according to emails seen by HT. The incident is the latest in a series of such cyber attacks that leverage compromised @gov.in or @nic.in email addresses issued by the National Informatics Centre (NIC), which may be more successful in luring the targets into sharing sensitive information.

“There has been another phishing attempt using the same MO [modus operandi] but this time it also provided the link to a fake email log-in page. Many officials fell for it as it mirrored the same log-in page and clicked on the link in the phishing email and tried logging in to their government email accounts. The link to that page is still live. Several ministries and departments were alerted about the phishing attack on Tuesday,” an official said, asking not to be named.

An alert issued by one of the IT departments of the government said that phishing attack “...entices email users to authorize email ID for kavach by clicking on a web-link... When email user clicks on the web-link to verify his/her email ID, a login page similar to www.email.gov.in opens. This is to inform that the login page is malicious/phishing in nature”.


Altogether, HT is aware of five NIC domain addresses – four with @gov.in suffixes and the fifth an @nic.in one – that have been used to launch cyber attacks. HT is not disclosing these addresses in order to protect any investigations there may be.

“It is being observed that you did not AUTH your account til deadline of KAVACH, its intimated to you that please AUTH your account now otherwise your account will be locked permanently,” the latest phishing mail said.

In response to queries from HT on these attacks, an NIC official said: “In phishing attacks End User awareness is a very critical component and NIC is focusing on this through routine advisories and workshops. In addition to this, based on the evolving threat landscape, security posture of the Government email setup and networks are continuously reviewed and steps are taken to mitigate emerging cyber-attacks.”

The NIC, on February 19, had said phishing attempts are among common email-based threat vectors to target users of any email service. Such phishing attacks intend to harvest user details/credentials.

According to cybersecurity experts, the address mentioned in the latest phishing email is a redirection page. “The attack is phishing with the intent of credential harvesting. Once these credentials are stolen, more such attacks will continue from these stolen identities. There is no malware in the link but redirection, which is bad and not transparent,” said a security researcher at Sequretek, a cybersecurity firm. This person requested not to be identified.

The Indian Computer Emergency Response Team (Cert-IN), which investigates incidents of cyber breaches, did not respond to requests for a comment.

On February 21, HT also reported that the devices of multiple former defence personnel may have been compromised in a phishing attack launched through similar attacks carried out by government domain email addresses.

Catch every big hit, every wicket with Crickit, a one stop destination for Live Scores, Match Stats, Infographics & much more. Explore now!

See more

Get Current Updates on India News, Budget 2024, Weather Today along with Latest News and Top Headlines from India and around the world.

SHARE THIS ARTICLE ON
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Thursday, July 25, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On