The Bhutan Computer Incident Response Team (BtCIRT), Department of IT and Telecom (DITT) would like to earnestly request the general public that there is a new phishing site (for harvesting login credentials) which is a cloned page of the login page of the “Citizens services website”.
Notice the difference between the valid and the fake url as shown in the figures above.
It has come to the notice of BtCIRT of a phishing email which originated from a private email id (gmail) whereby the message indicates the Royal Government of Bhutan has started COVID-19 vaccination and asks to register in that phishing URL http://covid19-citizenservices.42web.io/?i=1.
Remember that any COVID related support or information that the government provides would be announced through BBS, websites and official Facebook pages of the PMO, MoH or the official Covid-19 information website. Therefore, do not respond to or click on any links purporting to be from the government or any legible source.
The BtCIRT would therefore like to advise all to adhere to the following guidelines and recommendations with regards to scam/phishing emails and messages:
- Do Not click on any links received via SMS, Email, Instant Messaging Apps, etc. Always verify if the source is genuine.
- Never share your personal or financial information via email, text or instant messages, or over the phone. Be suspicious of unusual payment requests or requests for your personal and financial details.
- Avoid sharing such emails, messages or links to avoid misinformation.
- If you gave away sensitive information or clicked on links that harvest credentials without your knowledge, don’t panic. You can change your credentials immediately and still be safe.
- Review your privacy and security settings on social media and keep all your accounts secure.
- Henceforth, if you receive such messages, emails or calls please report to firstname.lastname@example.org so that we can disseminate information on it.