Phishing mail (Bitcoin blackmail scam)

This is for your kind attention that there have been certain incidents of email phishing attacks(Bitcoin blackmail scam) targeting the users/mail ids of Government department which demanding payment using bitcoin. The content of the fraudulent phishing mail is attached for your kind reference.

You are advised to kindly take the following preventive measures to protect your system/networks and information from this type of similar attacks:

• Do not open attachments in unsolicited e-mails, even if they come from people in your contact list. Never click on a URL contained in an unsolicited e-mail, even if the link seems genuine. Also don not respond to these types of phishing mails.
• Phishing emails often copy the entire look of legitimate emails, making it appear authentic. Even if email comes from legitimate organization requesting personal financial/sensitive information, to be safe, first make a call to the legitimate organization to see if they really sent that email.
• Establish a Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
• Beware of emails that greet you impersonally, such as 'Hi following <Email ID'> or 'Dear Friend'. Real organizations greet by the name of the recipient in their mails start with a salutation like 'Dear Mr. <Name of the recipient>'. Besides impersonal greetings, phishing mails may often contain spelling and grammatical errors that reputed organizations would not make.
• Check the integrity of URLs before providing login credentials or clicking a link. Do not submit personal information to unknown and unfamiliar websites.
• Never submit confidential information via forms embedded within email messages. Senders are often able to track all information entered.
• In cases of genuine URLs, close the e-mail and go to the organization's website directly through browser's address bar.
• Beware of emails and Web Pages providing special offers like winning prize, rewards, cash back offers etc.
• Ensure that the "REMEMBER PASSWORD" option isn't configured anywhere, i.e in the browser or in POP client such as outlook, thunder bird etc.
• Install antivirus software and keep it up to date, will help detect and disable malicious software.
• Update spam filters with latest spam mail contents.
• Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
• If you suspect to have been phished, change the password immediately and inform the mail administrator.

Note: Any unusual activity or attack should be reported immediately at incident@cert-in.org.in, cert.ksitm@kerala.gov.in with the relevant logs, email headers etc. for analysis and taking further appropriate actions.