Covid-19, Aarogya Setu related phishing scams see a massive spike in May: Report

Hemani Sheth Mumbai | Updated on May 13, 2020 Published on May 13, 2020

Phishing attempts centred around COVID-19 and Aarogya Setu have seen a massive spike over the past couple of weeks according to anti-phishing tech company HumanFirewall.

Phishing attempts related to the app has seen a massive surge from April 28, 2020, with a massive spike beyond May 4, 2020.

“HumanFirewall’s Security Operations Centre (SOC) and Anti-Phishing Lab that works for multiple global as well as Indian customers, solving for Zero-Day Phishing attacks collate these trends as part of its Threat Intelligence shared with customers. Aarogya Setu was seen as an outlier in this threat intelligence from Apr 28, 2020, onwards until the time of this release on May 13, 2020,” the company said in an official statement.

The Union Ministry of Home Affairs had earlier mandated the app for all public and private sector organisations resuming work laying the onus of compliance on the head of the organisation, “opening up CEO scams, Business Email Compromise (BEC) scams to rise

even further specifically after this was announced in Early May 2020,” the report said.

The phishing attempts are centered around messages and emails that are spread under the guise of information related to ‘HR release on Aarogya Setu’, ‘HR mandates Aarogya (sic) Setu’, ‘Your neighbour is affected’, ‘See who all are affected’, ‘Your area is the next to go into quarantine’, among others, it said.

“The massive rise in Aarogya Setu focussed scams has seen a meteoric rise among enterprise customers, specifically since the Indian government mandated the use of it for public and private organisations’ employees, and putting the onus of 100 percent compliance on the head of the organisation. Scammers have seen this as a huge opportunity because people expect to hear from their CEOs, Heads of organisations and HR departments at such times, meaning that emails will be opened, and employees baited,” said Ankush Johar, Director at HumanFirewall and Infosec Ventures.

According to the report, the Indian armed forces had also issued an advisory stating that ‘Inimical intelligence agencies’ are spreading fake Aarogya Setu apps via WhatsApp (whishing), SMS (smishing) and phishing emails.

“These fake apps take control of the army personnel’s devices and pose a huge risk, as affected phones can record voices, track locations, take videos without the user knowing,” it said.

Previously, multiple tech companies including Google have warned of rising number of phishing attempts surrounding Covid-19.

The search giant had said that it had flagged 18 million daily malware and phishing attempts related to Covid-19 across the globe.

Google India has also recently launched a website focussed on Covid-19 related security risks.

Globally, the HumanFirewall anti-phishing lab has seen a rise of over 700 per cent, in phishing attacks in April 2020.

Published on May 13, 2020

A letter from the Editor

Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!

Support Quality Journalism
This article is closed for comments.
Please Email the Editor
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.