Aarogya Setu App

It is not surprising, but the meteoric rise in attempts centred around COVID-19, and Aarogya Setu in particular, have become a major phishing scandal in the last 12 days starting April 28, 2020, with a massive spike beyond May 4, 2020.

The Home Ministry in India earlier notified that the app is mandatory for all public and private sector organisations resuming work, and lay the onus of compliance of the head of the organisation, opening up CEO scams, Business Email Compromise (BEC) scams to rise even further specifically after this was announced in Early May 2020.

The number of attacks, and the variety of attacks ranging from but not limited to ‘HR release on Aarogya Setu’, ‘HR mandates Aarogya (sic) Setu’, ‘Your neighbour is affected’, ‘See who all are affected’, ‘Your area is the next to go into quarantine’, and many others are doing the rounds.

The Indian armed forces had also issued an advisory that ‘Inimical intelligence agencies’ are spreading fake Aarogya Setu apps via WhatsApp (whishing), SMS (smishing) and phishing emails. These fake apps take control of the army personnel’s devices and pose a huge risk, as affected phones can record voices, track locations, take videos without the user knowing.

aarogya setu phishing

Earlier Google said it was blocking 18 Million phishing emails a day related to COVID-19 alone. Globally too, the HumanFirewall anti-phishing lab has seen a rise of over 700%, i.e 7X increase in phishing attacks in April 2020.

Among its globally distributed customers spread across 142 countries, HumanFirewall’s, internal anti-phishing labs team has been battling a rise of over 700% in overall attacks, where COVID19 is the single biggest contributor over April and the first 9 days of May 2020.

HumanFirewall’s Security Operations Centre (SOC) and Anti-Phishing Lab that works for multiple global as well as Indian customers, solving for Zero-Day Phishing attacks collate these trends as part of its Threat Intelligence shared with customers. Aarogya Setu was seen as an outlier in this threat intelligence from Apr 28, 2020, onwards until the time of this release on May 13, 2020.