‘Surokkha’, a digital platform for managing the Covid-19 vaccine developed by in-house innovators. Some Fraudsters are trying to spoof certificates by creating multiple phishing clone sites of the security system. Several such site links have already been provided by the Information and Communication Technology Division to the regulatory body BTRC. The alleged ‘clone’ sites have been shut down after confirming the allegations.
According to sources, scanning the QR code of the vaccination certificate was leading to a domain other than the original website, which was providing fake certificates. Fraudsters have been trying to cheat by providing various misleading information through advertisements on social media.
As directed by the Prime Minister’s Office, the Department of Health has been providing technical support for conducting the vaccine program.
Recently, it has been reported from different media that various fraudsters are deceiving common people by providing misleading information about vaccination through the ‘Surokkha app’. On the basis of this news, a call has been made by the Directorate of ICT to draw the attention of the general public.
It says, be aware of fraudsters. Help the government deliver important citizen services. Inform concerned authorities and law enforcement agencies if irregularities or fraud are observed.
It is worth mentioning, no technical security issues have yet been observed in the security Surokkha so far. Surokkha systems are certified by SQTC (Software Quality Testing and Certification Center) before being released for use. The system is highly securely stored in the government’s KPI organization 3-tier (NDC- National Data Center). The Department of Information and Communication Technology from time to time provides the User ID to the designated competent representative of the Department of Health through the appropriate authority for use of the Surokkha app as per the requirement of the Department of Health.
The Division of Information and Communication Technology does not provide user ID directly to any user. The designated user can enter the system only by confirming the OTP (One Time Password) on the user’s own mobile provided by the appropriate authority each time using the provided user-password while logging in to the system.