Cyber shadows loom! Govt officials warned against phishing links impersonating defence ministry to steal data
Government officials are under heightened scrutiny following a grave warning from cybersecurity experts about a sophisticated phishing scheme that aims to steal their login credentials by creating fake versions of the official government website.
Government officials are under heightened scrutiny following a grave warning from cybersecurity experts about a sophisticated phishing scheme that aims to steal their login credentials by creating fake versions of the official government website. The National Informatics Centre (NIC) has identified two harmful URLs—"mod.gov.in.aboutcase.nl/publications.html" and "mod.gov.in.army.aboutcase.nl/publications.html"—that are being used to trick users into thinking they are authentic Ministry of Defence (MoD) websites.
This phishing scam involves sending fraudulent emails to government officials, with an attachment titled "Hackers Targeted Defence Personnel in Mass Cyber Attack." Upon clicking, unsuspecting officials are lured to counterfeit websites, where entering their NIC-provided credentials redirects them to a "login-error.html" page, a stark red flag of the deceit.
According to the NIC's advisory, "Both the phishing URLs have mirrored the original MoD website to lure end users into believing they are legitimate MoD websites." The advisory further warns, "The two links are 'mimicking' the Ministry of Defence and the phishing campaign is primarily aimed at harvesting the NIC credentials of government officials to steal sensitive documents pertaining to the Indian government."
In response to this urgent threat, the NIC has instructed all government employees to promptly delete any suspicious emails. Those who have inadvertently engaged with the malicious links are advised to sever their computer’s internet connection immediately, update their passwords, and ensure their operating systems are current.
Officials are also cautioned to remain vigilant against links shortened by services such as Bit.Ly and to be skeptical of emails from dubious sources, particularly those fraught with spelling or grammatical errors. "Be cautious of links shortened by using Bit.Ly or other link-shortening techniques," the advisory emphasized.
This alarming development echoes a similar phishing attempt identified earlier this year, which targeted the National Investigation Agency (NIA), underscoring the persistent and evolving threats facing government cybersecurity.