Archive

Cybercrime in the context of COVID-19

The period 2020-2021 was a time of significant adjustments. From large-scale lockdowns to large-scale social distancing measures, everyday life has been transformed for most people around the world to limit the spread of the coronavirus.

An unfortunate and perhaps unexpected consequence has been the rise of cybercrime by using the pandemic to their advantage, exploiting the countless concerns and confusions about the virus.

In this article, I’ll outline the most common types of pandemic-related cybercrime and how you can protect yourself against each.

1.Phishing

One of the most common cyber attacks, phishing involves sending convincing messages to victims, often presenting themselves as a real business or organisation. Phishing most commonly occurs through email, but it can also happen through apps from text messages to WhatsApp messaging. These messages usually ask you to hand over your login details or personal information via an embedded link and sometimes include malware attachments.

When you access a link in phishing emails, it generally leads to a site masquerading as a well-known website. The UN reported a ~365% increase in phishing websites in the first quarter of the year, many of which targeted hospitals and health systems. These phishing campaigns often attempt to trick users into obtaining their personal information or encourage them to donate to a fake version of a COVID-19 solitary response fund.

If you receive an email from an organisation asking you to log in or update your credit card details via an embedded link or even offering you something too good to be true, you should consider it suspicious. In general, legitimate companies won’t ask for this information via email and certainly not a text message. Check the sender’s email address. Often, these deceptive email addresses are similar to an organization’s official email address, but are a little different. Go to the official website and compare it with the contact information listed there. After carefully examining the email, you will probably notice that it is not quite correct and that there are spelling mistakes.

2.Misleading websites

According to an Interpol report, there has been a ~575% increase in malicious domain registrations since the start of the pandemic, many of which have keywords such as “coronavirus” and “covid”. Very often, these websites sell counterfeit goods such as face masks, test kits, fake tracking apps and fake remedies, as well as fraudulent treatments from vaccines to essential oils. Some sites even trick people for money or personal information by pretending to be a charity or specialist website and thus lead to misinformation.

If you’re on an unknown site and it doesn’t look legitimate, it’s best to treat it as suspicious. Sometimes such sites can be very convincing and may even adopt trustworthy markers to make it look more genuine, such as SSL certificates, for example. If something seems too good to be true, it probably is. Only buy goods from legitimate retailers with whom you are familiar and trust through the information provided by the medical agencies in your country.

3.Vulnerable remote working environments

More people than ever are working from home, which poses security concerns for organisations starting to work remotely, with staff using potentially less secure home networks and sometimes using personal devices rather than their desktop computers. There is also the issue of communicating via online chat applications rather than in person. These factors can leave companies vulnerable to problems such as malware and social engineering attacks. According to a Malwarebytes report, in 2020, 19.8% of company leaders and IT executives surveyed experienced a security breach due to working remotely.

If you work from home, familiarise yourself with your company’s remote working policies and install any necessary software, such as VPNs, antivirus and firewalls. Keep all these applications up to date, as older versions of software may be vulnerable. Strengthen your Wi-Fi network security by making sure it has a strong and unique password, enabling network encryption and updating its firmware.

Protecting against social engineering can be a little more complicated. Just like identifying phishing emails, you need to evaluate any unusual messages. Hackers may be pretending to be colleagues sending you messages in an attempt to steal information or access company networks. These messages can take different forms, such as an unexpected message from the CEO who has never communicated directly with you, asking for login details or sensitive information, or an email from IT asking you to download some kind of security update (which is actually hidden malware). It can be easy to comply with these requests, as they appear to come from people you trust.

It is important to treat unexpected interactions that require you to pass on information or download something as suspicious. When this happens, contact the sender through an alternative channel to confirm it was them. Be sure to report any suspicious activity to your IT department.