“The campaign often involves emails pretending to be from NIC asking users to “verify” their account or other such pretexts. The email contains a link to one of the spoofed websites which steal the user's login credentials,” saiud CERT-In.
After a victim’s email account is phished it is then used to send malware-containing emails to other sensitive Government organizations and users. These mails contain topical and context-aware content to lure the target into opening the malicious attachment, thus infecting their system. The malware can then create persistence inside the targeted organisation's network, and be used for various malicious activities such as stealing sensitive data, it added.
It also released some of the phishing URLs which were active in last few weeks:
1. hxxps://loveindiamail.000webhostapp[.]com2. hxxps://email-gov.in/indexi[.]php3. hxxps://safebrowsingindia.000webhostapp[.]com/secure.html 4. hxxps://emalegovin.000webhostapp[.]com/secure.html5. hxxps://email.gov.in.mailgovin[.]com
CERT-In is advising users to check the address bar and ensure that the URL is exactly https://email.gov.in whenever you are entering your credentials for the website. “Ensure that no other characters (hyphen, nume ..
Support the originator by clicking the read the rest link below.