The year 2020 has been a time of significant adjustment. From full-scale lockdowns to widespread social distancing measures, Air lines went from flying high to not flying. Everyday life has transformed for the majority of people around the world so as to contain the spread of Covid-19.
A surprising and perhaps unexpected consequence has been the increase in cybercrime. Malicious actors have been using the pandemic to their benefit, exploiting people’s number of concerns and confusion regarding the virus.
In this article, I’ll outline the three most common types of pandemic-related cybercrime and how you can protect yourself against each one.
According to a report by Interpol, there has been an increase in malicious domain registrations since the start of the pandemic, many of which feature keywords like “coronavirus” and “covid-19 Website”. (To help tackle this issue, domain hosting companies has been blocking registrations of new websites with such keywords.) Very often these websites sell counterfeit goods like face masks, testing kits, fake tracking apps, and false cures, as well as fraudulent treatments, from vaccines to essential oils and tinctures. Some sites even scam people out of money or personal information, claiming to be a charity or using WHO logo to camouflage people and harbor misinformation, with the World Health Organization (WHO) describing the problem as an infodemic.
If you land on an unknown website and aren’t sure if it’s legitimate, it’s best to err on the side of caution and treat it as suspicious. Sometimes such sites can be very convincing, and may even have adopted trust markers to seem more real, like SSL certificates. Only purchase goods from legitimate retailers that you’re familiar with, and only trust information provided by your country’s healthcare agencies.
One of the most common cyber-attacks, phishing involves cybercriminals sending convincing messages to victims, often posing as a real business or organization. Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers. Phishing most frequently occurs over email, but it can also happen via text or messaging apps, such as WhatsApp. These messages typically ask you to hand over your login details or personal information via an embedded link, and sometimes even include attachments with malware.
When you click on a link in phishing emails it generally leads to a site masquerading as a well-known website. The UN reported an increase in phishing websites in the first quarter of the year, many of which targeted hospitals and healthcare systems. The WHO has been exploited numerous times by phishing campaigns, many of which attempt to trick users out of their personal information or encourage people to donate to a fake version of their COVID-19 Solitary Response Fund.
The scammer asks you to provide or confirm your personal details. For example, the scammer may say that the bank or organization is verifying customer records due to a technical error that wiped out customer data. Or, they may ask you to fill out a customer survey and offer a prize for participating. If you get an email from an organization requesting that you log in or update your credit card details via an embedded link, or even offering something too good to be true, you should regard it as suspicious. Generally, legitimate companies won’t ask for this information over email, and certainly not a text message. Check the email of the sender. Often these scam email addresses are similar to an organization’s official email address, but are a little off. Head to the official website and compare it with the contact information featured there. Upon close examination of the email, you’ll probably notice that the design isn’t quite right and that there are misspellings.
For more information on how to recognize and avoid being tricked by phishing scams, check out this article from the FTC.
3.Vulnerable Remote Work Environments
Now, remote work has become the norm for many and could become a mainstay for some companies. A hybrid in-office work approach also may be an option. Yet, more than 50% of employees surveyed don’t have updated company security policies to navigate potential threats while working from home. Many people are force to work from home, which poses security concerns for company’s new to remote work, with staff using potentially less secure home networks and sometimes using personal devices rather than their office computers. There’s also the issue of communicating through online chat applications rather than in-person. These factors can leave organizations vulnerable to issues like malware and social engineering attacks. According to a report by Malwarebytes, in 2020, 19.8% of company leaders and IT directors surveyed have experienced a security breach because of a remote worker.
If you work from home, familiarize yourself with your company’s remote work policies and install any required software, such as VPNs, antivirus, and firewalls. Keep all your cyber defenses up-to-date, as old versions of software can be vulnerable to exploitation by hackers. Strengthen your Wi-Fi network security by ensuring it has a strong and unique password, enabling network encryption, and upgrading its firmware.
Protecting yourself from social engineering can be a bit trickier. Much like spotting phishing emails, you need to assess any unusual messages with a discerning eye. Hackers can pretend to be a colleague messaging you in an attempt to steal information or to access company networks. These messages can take various forms, like an unexpected ping from the CEO who has never communicated with you directly, asking for login details or sensitive information, or an email from IT asking you to download some kind of security update (which is actually a hidden malware). It can be easy to comply with these requests as they seem to come from people you trust.
It’s important to treat unexpected interactions that require you to hand over information or to download something as suspicious. When this happens, contact the sender through an alternative channel to confirm that it was them. Be sure to report any suspicious activity to your IT department.
What Else Can I Do to Protect Myself?
Apart from remaining vigilant and ensuring your work-from-home setup is as strong as it can be, ensure you’re following best practices for staying safe online. Stick to browsing websites you know, don’t download anything suspicious, and don’t believe everything you read on social media. If you’re a website owner, get an SSL certificate and follow these steps for boosting your website security. Lastly, learn how best to protect your computer from malware.
Times might be strange, but that doesn’t mean you have to be vulnerable to those seeking to take advantage of uncertainty. By following the tips in this article, you should be better equipped to protect yourself from cyber related attacks.