Indian Government warns against Major upcoming COVID 19-related email Phishing Attack Campaign by Malicious Actors

The Indian Government has issued an advisory to citizens warning them against a large scale phishing campaign which impersonate the Indian government and promises free Covid -19 tests and other resources. In return, hackers steal important personal and financial data of citizens. The malicious actors are claiming to have 2 million individual email addresses and the attack campaign is expected to start on June 21st.

It has been reported that malicious actors are planning a large-scale phishing attack campaign against Indian individuals and businesses (small, medium,and large enterprises). The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.

The phishing campaign is expected to be designed to impersonate government agencies, departments, and trade associations who have been tasked to oversee the disbursement of the government fiscal aid. They are planning to send emails with the subject: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmadabad, inciting them to provide personal information.

It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email id expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as “ncov2019@gov.in”. The email may look as follows:

Dear Citizen,

The Ministry of health and family welfare, Government of India has announced a mandatory COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmadabad above age of 40 years.

Government of India has decided to reimburse testing cost incurred. A medical staff will come to your residence to collect samples.

Please immediately register using link below for all free COVID-19 test. Do not forget to provide complete contact details with PAN no.

Thanks for your support in keeping India fight against COVID-19.

Thank You;

Ministry of Health and Family Welfare (MOHFW)
Nirman Bhawan,Maulana Azad Road
New Delhi 110011

Best Practices

1. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the-mail and go to the organization’s website directly through browser.
2. Leverage Pretty Good Privacy in mail communications. Additionally,advise the users to encrypt / protect the sensitive documents stored in the internet facing machines to avoid potential leakage
3. Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
4. Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e. the extension matches the file header). Block the attachments of file types, “exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf”
5. Beware about phishing domain, spelling errors in emails, websites and unfamiliar email senders
6. Check the integrity of URLs before providing login credentials or clicking a link.
7. Do not submit personal information to unknown and unfamiliar websites.
8. Beware of clicking form phishing URLs providing special offers like winning prize, rewards, cashback offers.
9. Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.
10. Update spam filters with latest spam mail contents
11. Any unusual activity or attack should be reported immediately at incident@cert-in.org.in . with the relevant logs, email headers for the analysis of the attacks and taking further appropriate actions.

Follow me on

Twitter @kapilmehrotra

Instagram : @kapil.mehrotra (#Kapilmehrotra)

LinkedIn : https://www.linkedin.com/in/kapil-mehrotra-0a54bb15/

YouTube : https://www.youtube.com/user/KapilMehrotra79

How to keep balance of your mental wellness and physical fitness while working from home

Feeling low, left out, uncomfortable during important conference calls or daily reviews? Are you feeling confused, anxious, depressed, experiencing unknown fear, mood swings and getting angry quickly? Is that all CXOs way of working?

Rather than blaming to your will power, CXOs must take 10 minutes break between their busy “Work From Home” schedule for the mental wellness. To reach your greatest potential during current situation, follow below given advices to improve you mental health:

Make a very crisp and clear daily “To Do” list.

Start work on time and finish on time by creating clear boundaries between work and life as much as possible.

Set alarms to remind you to take breaks. Don’t fall into trap of being “over productive” just because there are no distractions.

Be mindful of your workspace, audio setup, and desk and chair comfort which can affect your posture and productivity.

You may choose to wear work clothes or work shoes to trigger your brain to differentiate between work time and home time.

Eat on time, 5 course of meal in a day and hydrate your body adequately which will manage the stress level properly.

Remember person/team members you are grateful to, socialize online or call them and thank them for every contribution they have made in your project or life. It will increase 20% in performance as per Yerkes Dodson Law.

Focus on the place you are seating at home. Try to listen carefully every sound and notice everything in the room and do a quick scan of your body and pay attention to how it feels with regular practice you’ll be less distracted by yesterday’s problems and tomorrow’s worries.

Act and change your behaviour positively, gradually you will notice the changes in your thoughts and emotion hygiene.

CXOs not only need mental wellness but also physical fitness by engaging in Home Workout/Meditation/Yoga to remain agile. Physical fitness plays a very vital role in improving your health and immunity to fight with any virus or clinical conditions. Here are a few exercises to improve your physical fitness:

For Beginners:

Warm up and Stretches

Squats: 15 reps * 3 times

Push-ups: 10 reps * 3 Times

Walking lunges: 10 each leg

Dumbbell rows (using a gallon milk jug or another weight): 10 each arm.

Plank: 30 seconds *3 times

Jumping Jacks: 25 reps * 3 Times

For intermediate:

Warm up and Stretches

Jumping jack 30 seconds * 3 Times

Push-ups: 20 reps * 3 Times

Squats: 20 reps * 3 times

Crunches 20 reps *3

Bench Dips 20 reps * 3

Plank: 1 minute *3 times

High knee 30 Seconds

Lunges 30 Seconds

Apart from the above exercises, you can choose any kind of fitness format like yoga, meditation, Zumba, bhangra etc. to improve your inner strength, immunity and to burst the stress.

Regards

Kapil Mehrotra

Is CIOs are bad in Project Management?

One side, top management wants a world class high profile CIOs those should be good into technology and having good understanding of Processes, Business and Operations as well. On the Other side, It’s  an interesting discovery CIOs change job very frequently with an n numbers of the reasons. Out of that the major reason which  have observed due to lack of skills of Project/Program management and Governance because of that they leave their jobs every couple of years so they fail to complete the projects on which they embark.

Another problem is that some CIOs have failed to change with the times. The Internet has accelerated the pace of change in most industries and brought fundamental shifts in the way companies do business. Speed in decision making is critical to success, and global companies need to coordinate their decisions using the same data warehouses, cutting across time zones and functions. The global economy is also forcing global mergers, which means IT systems must cut across boundaries and cultures.

All Service Industry, BFSI, Health Insurance, Manufacturing Industries are growing sectors and needs to keep up with the changing market dynamics. New products, continuous need to improve customer experience and reach out to the Customer base with self help capabilities have become the norms more than a USP now-a-days. All back office servicing functions like Operations, HR, Facilities Administration and Finance need to align to Sales function requirements and need Technology support to deliver changes faster. 

For the CIOs this is a big question of delivering projects faster puts a huge constraint and pulls Process and Delivery in different directions – more so in a captive IT unit. Process is seen as an impediment to quicker delivery! So, does that mean that the IT function needs to focus only on delivery and not processes? The answer is definitely, No! The way to address this is to successfully synergize between processes and delivery by creating and implementing best practices in project management that are repeatable processes and become second nature to the Project Manager (PM). They need to be able to visualize “potential” issues (e.g., a FMEA – Failure Mode and Effect Analysis); document them; and come up with multiple scenarios and solution sets, as appropriate. Not doing this as part of the project planning exercise leads to longer delays, patched up delivery that is neither on time nor effective. 

This is so  called  Managing by Risk. This requires creating capabilities and a tool-kit for the Project Manager so they are able to analyze what could possibly go wrong! A smart PM starts by thinking exhaustively on who would be impacted with what I am supposed to deliver? Once, the stakeholders are on board, it is easier to distinguish facts from assumptions and visualize the dependencies. The moment one completes this activity an outline of the plan is ready. Speaking to stakeholders and Subject Matter Experts (SME) helps to understand the Systems and the required synergies between them better. However, is it enough or do it need to let all these stakeholders know of all the possible interactions? Hence, the need for a PM to put pen to paper and sort it through a project plan for communicating with the stakeholders (Project Planning). Also, whenever a plan is based on assumptions – the assumptions should be treated as risks and used as a basis for solutions to avoid these risks (Risk Management and Mitigation). As long as a PM continuously reviews these identified risks to his satisfaction and is communicating effectively with all identified stakeholders (Project Tracking and Status Reporting) surprises can be minimized and chances of a successful delivery are dramatically improved.

So  an effective PM automatically creates positive synergy between processes and successful delivery and gives an effective and practical meaning to all process jargons.A point to remember; always start by thinking where your project can go awry and what you can do to avert issues and not take unnecessary risks. Assessing and managing risks is the best and time tested method; one has as a PM, against project catastrophes. By evaluating your plan for potential problems and developing strategies to address them, anybody will improve its chances of a successful, if not a perfect  project. 

Bring Your Own Device

It’s a concept that is quickly gaining grip within corporates as a way to give employees the freedom to choose the devices they use on a daily basis because employees are demanding not only to use their own devices at work, but also to have more flexibility as well…

The rapid growth in Smartphone and tablet usage in people’s personal lives, along with core and noncore applications available, has caused a massive shift on employee’s behavior. Employees are much more particular about deices they use and carry on a daily basis. They no longer want a work device that focuses specifically on email, or a personal device that can’t access the information they need. They want one device to handle everything – work/personal email, company apps, watching movies, listening to music, playing games, share pictures, using Facebook/Twitter.

One of the surveys report says more than 39 percent of college students and employees said they would accept a lower-paying job that had more flexibility with regard to device choice and mobility than a higher-paying job with less flexibility.

After seeing these kinds of demands we need comprehensive approach that unifies policy and supports a better user experience and simplifies management to deliver an uncompromised user experience in any workspace.

“BYOD” is not just about connecting user-owned devices and allowing guest access. Beyond that we have to think for monitoring, Access management, how many points and how many clients can have access, allow flexible, scalable wireless network that can support higher capacities while lowering operational costs.

Taking a 360’ view of the overall scenario, I feel that it would be somewhat unjust to put a check on employees bringing their own devices at workplace; rather organization should call on for better and strict monitoring and user access management policies for ensuring a more secured and better control over the” BYOD” concept…

Kapil Mehrotra Tips For BPaaS

Kapil Mehrotra

I see cloud computing as opportunity for Business process as a service (BPaaS) is emerging to be a BPO game-changer reminiscent of Software as a Service (SaaS) a decade ago. Specifically, BPaaS is adding arrows to organizations’ outsourcing quiver in how they approach their finance and accounting and other back-office functions. Businesses are looking for more flexibility, innovation, and responsiveness from their outsourcers. BPaaS is providing that alternative.”

BPaaS proposition may include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and SaaS as well as the traditional benefits of outsourcing such as process expertise and labor arbitrage. In addition, he predicts BPaaS offerings will provide a cost, sales, and delivery model to reach the medium-sized enterprise market.

Service providers are now providing the robust proprietary platforms and application modules they developed for their BPO practice to organizations for their in-house use as either fully integrated solutions or on a modular basis.

Naturally, security concerns around the cloud need to be addressed. I believe that this risk can be effectively mitigated by simply allowing third-party assessors to conduct security reviews of a vendor. But a careful examination of a BPO service provider, and a transparent policy that should build trust with an outsourced partner, can go a long way in realizing the benefits of BPaas. The other factor that will drive this trend is the commoditization of cloud computing. It will then become a more widely-accepted platform for enterprises to outsource their business processes using a shared-service model, and revolutionizing the way organizations do business.

The role of BPaaS in the future

Here is what the service providers are saying about BPaas:

“The cloud will provide the platform for service providers of all shapes and sizes to re-energize traditional outsourcing services and also to launch new services. One key implication is that businesses will ask for cloud/BPaaS innovations within the renegotiation of traditional outsourcing contracts. Adoption as just the beginning.” Robert McNeill, Vice President for analyst firm Saugatuck Technology

“In the medium term, we believe there is going to be significant traction. BPaaS will force people to standardize their processes. Infrastructure and software become more of a choice that allows buyers to leverage the right ecosystem. I think that is a huge shift that changes the landscape and is fundamental to how this will play out.” Shantanu Ghosh, Genpact Senior Vice President – Practices, Solutions, and Transitions

“We think BPaaS will continue to take a larger share of the BPO market. This delivery model provides advantages that go beyond cost savings and hence will find widespread acceptability. For capital-starved firms especially, this model offers tangible business advantages. We are quite bullish about BPaaS adoption in the future.” Raj Agrawal, Global Head, Platform BPO Solutions for Tata Consultancy Services Limited (TCS)

“Many of the concerns around BPaaS include long-term commitment, perceived risks, and the complexities around technology and BPO service integration. We continue to see increased adoption across many industries as more clients share their implementation experience and especially the return on investment.” Aniket Maindarkar, Associate Vice President, Infosys BPO

“Technology is becoming more of a key component to the businesses. Now, everything is about process improvement. Part of the process improvement is running analytics around what is currently transpiring. We see service providers using software more as a proactive analytical tool curing things without getting people involved.” Mark Vengroff, CEO of Vengroff, Williams & Associates (VWA)

Kapil Mehrotra Tips For Cloud Computing :

Kapil Mehrotra - Head Applications

1. What is cloud computing?

“Cloud computing is a new way of delivering computing resources to run websites and web applications. Cloud computing allows customers to take advantage of a self-service, pay-as-you-go utility model that ensures they are only running (and paying for) as much computing capacity as they need. Think home utilities, such as water and electricity.

“Cloud computing allows customers to scale vertically and horizontally, and based on the demands of their users, it ensures there are enough resources at any given time. If a traffic spike occurs, it’s easy to add more capacity. After the traffic trails off, it’s just as easy to reduce capacity. And if additional components are added, you simply adjust capacity as needed.

“Ultimately, a customer’s cloud computing resources can grow, shrink, or morph based on the changing demands of their business. This significantly reduces the costs of running websites and web applications, often eliminating capital expenditures and lowering operating costs.

“One important thing to note about cloud computing is that while it offers obvious cost savings by helping companies offload the task of racking and stacking hardware, it also requires a new set of software development expertise in terms of enabling applications to run in the cloud. This is what Engine Yard and other cloud providers do: We provide a platform-as-a-service that allows applications to leverage cloud computing capacity.”

2. How is it different than “regular” hosting, where a customer pays for a fixed amount of storage and bandwidth for a fixed monthly fee?

“Cloud computing is different from traditional hosting because it doesn’t lock customers into expensive contracts that are based on calculating resources to meet their peak demands. Every month, whether all the resources are utilized or not, a customer will always have to pay for the contracted resources with regular hosting. That monthly cost translates directly into wasted operating expenses.”

3. When was the cloud hosting concept started?

“The concept of the ‘cloud’ comes from network architecture drawings of modern telephone systems and later the Internet. The early cloud service providers included Amazon Web Services, and Google, which uses it for Gmail and several other applications and services.

“Today, cloud computing typically includes three main offerings (in order):

SaaS (Software-as-a-Service). Delivers applications and end-user tools, such as ecommerce applications, and other brands like Google Apps and Salesforce.com.

PaaS (Platform-as-a-Service). Provides pre-built technology frameworks and development tools, such as Engine Yard AppCloud or xCloud, Microsoft Azure, andGoogle App Engine.

IaaS (Infrastructure-as-a-Service). Enables computing, storage and network resources to be provisioned without owning physical devices. Example IaaS providers are Amazon Web Services and Terremark.”

4. Our audience is smaller ecommerce merchants, mainly. Will cloud hosting help any of them?

“The short answer is it will help all of them.

“Ecommerce is an ideal space for cloud computing because of the cyclical nature of the business. Many online shops, web retailers and vendors have large traffic events (holiday season and new product launches) that require additional resources to meet the short-term, increased demand. Cloud computing enables business owners to add computing resources (memory or processors), storage (disk space) or network (bandwidth), but just enough to cover the additional requirements and only for as long as they’ll be needed.

“For example, an electronics e-tailer might see a traffic increase of 2 to 3 times during November and December from holiday shoppers. Cloud computing allows the company to add just enough resources for those 6 to 8 weeks to meet the increased traffic demands. Once the holidays are over, those resources can be turned off. The company’s operating costs will presumably be more in line with revenue.”

5. Amazon is a major cloud hosting provider via its Amazon Web Services division. What other companies are major cloud hosts?

“In addition to Amazon Web Services, we currently work with Terremark for IaaS services. There are a growing number of IaaS vendors as evidenced by this Wikipedia listing.”

6. What distinguishes a cloud host from a “regular” host? Is it the same equipment, but a different billing and monitoring system? Something else?

“Generally, cloud computing includes three elements:

Self-service. Customers can access a personalized dashboard, console or command-line interface and modify resources as needed.

Metered/Utility model. Services are provided on a ‘pay only for what you use’ basis.

Fully virtualized/automated. There is little-to-no hardware or software provisioning required to get an application up and running.

“Typically, traditional hosting has none of these benefits, which significantly drives up costs.”

7. What are the downsides to moving to cloud hosting?

“For eCommerce users, there shouldn’t be any downside to moving your application [versus a hosted solution or shopping cart] to the cloud because of the cost savings and benefits you get from not having to rack and stack hardware. In addition, using a platform-as-a-service like Engine Yard offloads additional cost by allowing your developers to forget about building the complex application stack that applications in the cloud require and focus on developing revenue-generating features for your applications.”

And for small ecommerce merchants that are building new applications, I encourage you to investigate Ruby on Rails if you’re not familiar with it. It’s open source, so it’ll help you control costs, and I heard from developers that they can write code 2 to 5 times faster in Ruby than in Java.