• The government has warned against a large-scale cyber-attack against individuals and businesses, where attackers may use Covid-19 as bait to steal personal and financial information.
• India’s cyber security nodal agency, CERT-In has issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee the disbursement of government fiscal aid.

What are Phishing attacks ?

• Phishing is a cyber attack that uses disguised email as a weapon.
• The attackers are expected to send malicious emails under the pretext of local authorities that are in charge of dispensing funds because of which it may look like a genuine email.
• The goal is to trick the email recipient into believing that the message is something they want or need eg: a request from their bank, for instance, or a note from someone in their company and to click a link or download an attachment.

Where such information is used and how do we protect ourselves from suck attacks?

• Such kinds of attacks are generally used as a weapon against getting financial information of the individual or a company.
• In the last few years, phishing attacks are on a surge and recently Covid-19 situation has become a trigger point for such attacks.
• The information is used generally for the personal purpose or can be an agenda or planned attack of the enemy countries.

Ways to protect ourselves from such attacks:

• Generally, 2 aspects should be taken into account which are,

(i) Consumer/Citizens aspect: The consumers or citizens should be made aware of such attacks by conducting various awareness campaigns, seminars etc. which could help them to be safe from such kinds of attacks.

(ii) Technological aspect: In the recent era, technology is getting a new form day-by-day so in such a situation it is the responsibility of service providing institutions to have proper authentication and security safeguards to protect the consumers from such attacks.

• The institutions shall be responsible for checking the authentication  between sender and the user.
• The thumb rule for not getting trapped by such attacks is not to check any emails or SMS or not to click any link which may look different than the genuine or original one or we may be suspicious about something being wrong.
• Eg: If it is asking for personal information or some time limit is mentioned for submitting our details etc.

Do we have the requisite laws and framework to deal with cyber attacks?

• In today’s scenario, Covid -19 has created fear and panic which is being misused by criminals and thus various domains have been created.
• Even the Ransomware attacks and transponders crime is increasing day by day.
• Eg: Recently, Australia has faced many ransomware attacks.
• We have IT Act of 2000 in place which does have provisions and punishment for hacking, identity theft which has provision of imprisonment upto 3 years or fine or both and cyber terrorism which has provision for life imprisonment.
• The main challenge that lies here is the implementation or enforcement of the law or the other legal framework rather than non-existence of law.
• On the national front, the cyber-security policy of 2013 has been curled out.
• Thus, the cyber security policy should be re-framed and its proper implementation should be ensured.

How to differentiate between genuine information and malicious information?

• Generally, there is a very narrow difference or thin line between the genuine information and malicious information so we can’t recognise it easily.
• The only thing which can make us differentiate between genuine and malicious information is the maximum awareness regarding such attacks.
• Hence, we should never click a link for finding its authentic source or should not open a mail which does not have an authentic URL in order to avoid being trapped under such attacks.

How to use technology in dealing with such attacks and what needs to be done?

(i) As we are maintaining physical distancing during Covid-19 pandemic, it is also necessary to maintain digital distancing.

(ii) It is necessary to report each and every phishing attack which is happening around the world.

(iii) We should try to recognise the focal point or the source for origin of such attacks.

(iv) Strengthening our cyber defensive policies is the need of the hour.

(v) Alertness or awareness regarding such technological attacks is very important because these attacks are designed for physical warfare of minds.

(vi) Citizens should play a leading role in creating the awareness about such attacks for the illiterate, elders etc.

Thus, the bilateral and multilateral treaties should have the stringent provisions for such malicious attacks.

What are the legal options available for the protection from such attacks?

1. If the attack has been made on a financial aspect, there is a necessity to inform the banks regarding such an attack. Eg: Credit card should be blocked immediately if information regarding it is captured by someone by the way of phishing.
2. We can take the help of the police.
3. There is a remedy under Section 43 and 46 of IT Act under which the adjudicating authority grants compensation to the victim if the activity is reported.
4. There is a Bank Ombudsman scheme for the redressal of public grievances.

Hence, there are legal options available but what is needed is that every service provider should have a 2 step authentication for the consumer to avail each and every service.

Way Forward:

• The country’s security services should be enhanced in order to give  an alert to the public about such attacks.
• The cyber defensive policy should be designed and formulated strictly so that citizens should be cautious about the malicious nature of such attackers.
• Thus, Cyber awareness is the major key to contain such ever spreading attacks.

https://www.youtube.com/watch?v=_qFYkdCBClA