Advisory for Phishing Email mimicking NIC Email Web Client Sign In
Description:
A phishing URL “email.gov.in.indiagov.ws” is mimicking NIC Email Web Client Sign In page. The Phishing campaign is primarily aimed to harvest the NIC Email credentials of Government officials to steal sensitive documents pertaining to Indian government and to get unauthorized access to Government Servers.
In view of above, NIC-Cyber Security Group advises following:
1. In case such a phishing mail is received, do not enter your NIC Login Credentials when redirected login prompt appears.
2. Delete these phishing emails from your inbox.
3. In case, you have already clicked the phishing URL
a. Take your device offline – Disable your internet connection.
b. Change your password - You need to change the passwords for any accounts that might have been hit in the cyberattack.
c. Change your passwords from a different device to ensure that the hacker can't access your new information.
d. Turn on multi-factor authentication for the account that might have been attacked.
e. Back up your files - To protect your data from the phishing attack, back up your files to an external hard drive or USB.
f. Scan your device with anti-virus software.
g. Update your Operating System, Web Browsers, and other Software with the latest security patches.
h. Report suspicious message to your email service provider or NIC designated mail address
i. Avoid sharing personal information.
By following above steps, you can effectively sanitize your system and mitigate the potential risks associated with clicking on a phishing URL.
CIS Governance Division NIC-CISG/2024-12/583 Cyber and Information Security Group, Dated: 16-12-2024 National Informatics Centre, A-Block, CGO Complex, Lodhi Road, New Delhi - 110003 India
csg-advisory@nic.in
Some ways to recognise a phishing email are given below:
a. Be suspicious of emails that claim you must click, call, or open an attachment immediately or urgently.
b. If a mail received from unknown source, this may be a source of phishing.
c. If an email message has obvious spelling or grammatical errors, it might be a scam.
e.g. nlc.in where the first "i" has been replaced by “l”, or gov.in, where the "o" has been replaced by a "0" (zero).
d. Images of text used in place of text (in messages or on linked web pages) may be scam.
e. Be cautious of links shortened by using Bit.Ly or other link shortening techniques
DOP Directorate Letter File No.Te-51/12/2020-Tech dated 17/12/2024
File No.Te-51/12/2020-Tech
Government of India
Ministry of Communications
Department of Posts (Technology Division)
Dak Bhawan, Sansad Marg,
New Delhi - 110 001 Dated 17.12.2024
To
All Heads of Circle
HOC, CEPT, Bengaluru
CGM (PLI/BD/PD)
Dir. (RAKNPA)
Sub: Circulation of Advisory for Phishing Email mimicking NIC Email Web Clint Sign In regarding.
Madam/Sir,
Kindly find enclosed herewith Advisory No. NIC-CISG/2024-12/583 dated 16.12.2024 issued by Cyber and Information Security Group, National Informatics Centre (NIC) on the above cited subject.
2. It is informed that a phishing URL "email.gov.in.indiagov.ws" is mimicking NIC E-mail Web Client Sign In page. The Phishing campaign is primarily aimed to harvest the NIC Email credentials of Government Officials to steal sensitive documents pertaining to Indian government and to get unauthorized access to Government Servers.
3. In view of the above, it is requested to cause to circulate the aforesaid advisory to all officers/officials under your jurisdictions for their guidance and necessary action please.
This issues with the approval of competent authority.
Encl: As above.
Copy to:
1). Secretary (PSB) - for information and n/a.
2) NIC - for putting advisory in e-office notice board
ADG (PMU)
Updates:
Follow us on WhatsApp, Telegram Channel, Twitter and Facebook for all latest updates
Post a Comment