State Bank of India (SBI) has issued a warning for its account holders to be cautious of an imminent cyber attack. Warning the customers about the attack, India's largest lender tweeted, "Attention! It has come to our notice that a cyber attack is going to take place in major cities of India. Kindly refrain yourself from clicking on emails coming from firstname.lastname@example.org with a subject line Free COVID-19 Testing."
"We have received a worrying report from CERT-In that the phishing attack is expected to be carried out by cybercriminals using the suspicious email - email@example.com from 21st June."
"The cybercriminals are claiming to have a 2 million individual/citizen's email IDs and are planning to send email with subject "Free COVID-19 Testing" inciting personal details from the residents of following cities: Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad," the advisory added.
The Indian Computer Emergency Response Team (CERT-In) on Sunday had warned that in a major phishing attack, millions of Indians could be targeted by fake emails, social media posts or texts messages, which promises free Covid-19 testing across India.
What to do if you receive such malicious email
- Don't open attachments in unsolicited emails, even if they come from people in your contact list and never click on a URL contained in an unsolicited email.
- If it seems a genuine URL, close the email and go to the organisation's website directly through the browser and check if such information is given there.
- Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
- Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e. the extension matches the file header).
- Beware about phishing domain, spelling errors in emails, websites and unfamiliar email senders.
- Beware of e-mails, links providing special offers like Covid-19 testing, aid, winning prize, rewards, cashback offers."
- Check the integrity of URLs before providing logging credentials or clicking a link.
- Don't submit personal information to unknown and unfamiliar websites.
- Consider using safe browsing tools, filtering tools in your anti-virus, firewall and filtering services.
- Update spam filters with latest spam mail contents.Any unusual activity or attack should be reported immediately at @cert-in.org.in.