It is well known, cyber-criminals will exploit natural disasters and global crises and the Coronavirus is providing possibly the largest-ever opportunistic attack or cybersecurity threat right now.
There are millions of people around the world that have started working from home amid the COVID-19 outbreak and cybercriminals are looking to take advantage of this situation. Overall daily internet usage has increased around the world during this pandemic, with home networks often without the same defences in place like firewalls and anomaly detection monitoring as the corporate environments. It is estimated that 70% of the emails uncovered by cybersecurity teams over the last 5 weeks have been attempts at delivering Malware and a further 30% of the emails have been aimed at stealing a victim’s credentials. In times of stress. or distraction, people are more likely to fall for these malicious scams and tricks. Even extra-cautious people may be more likely to fall for phishing emails because, when working from home, they are less likely to check whilst not in person, if their colleague, for example, really initiated a payroll payment routine.
Cyber experts have observed attacks increasing in the following areas:
- Credential phishing;
- Malicious attachments and links;
- Business email compromise;
- Fake landing pages;
Example of phishing emails and what to look for
Here are a few examples of Phishing emails and messages:
Some people were receiving text messages regarding free Netflix subscriptions due to the COVID-19 pandemic. The link takes you to a fake Netflix landing page which would prompt for personal information and payment details and assure you they will not charge you and the information is collected only for verification purposes. This way cybercriminals can collect banking information of thousands of people.
Other forms of cyberattacks could involve a ransomware or malware disguised as a Coronavirus Safety guide sent by the World Health Organization. Once downloaded, it could encrypt the hard drive and loss of information if the ransom is not paid. This could also lead in the stealing of company data where a malware could share confidential files to a hacker over the network.
These attacks can also be carried out through Ads that claim to offer a treatment or cure for Coronavirus. These ads often try to create a sense of urgency, for example, “Buy now, limited supply”. One of two things could happen if people respond to these Ads: – One, a click on the ad could result in a download of malware onto your device. Two, you might buy the product which never arrives. Both will result in the sharing of your personal information such as name, address and credit card number.
For more about email phishing read this blog post.
How to be cyber smart?
So, what can we do to be safe from these attacks? Here are a few tips to remember:
- Beware of online requests for personal information. A coronavirus-themed email from a government agency or medical sector that seeks personal information like your login information is a phishing scam. Do not respond to this email in any way. Legitimate government agencies won’t ask for that information.
- Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate like the Netflix example above. Although, keep in mind to carefully review email and web addresses before providing information since cybercriminals can create links that closely resemble legitimate addresses. Delete the email.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” could signal that the email might not be legitimate. Ask around about the email and also check if there are other signs.
- Avoid emails that insist you act now. Phishing emails often tend to create a sense of urgency and immediate action. The goal is to get you to click on a link and provide personal information before you realise things have gone south. Instead, delete the email.
- Refrain from clicking on links from unknown senders. This could download malware or prompt you to give out information and data on the company network.
- Keep applications up-to-date. Keep the operating systems, applications and anti-virus software up to date, and make sure you have the anti-phishing features turned on if available.
- Verify the identity of the person contacting you. Over emails or phone calls, cybercriminals may try to pose as disaster aid organizations. Don’t give them personal information.
- Use a trusted Virtual Private Network. VPN usage for your team/organization would help because it creates an encrypted private network within an organisation which cannot be penetrated by hackers.
- Keep your personal information private. Do not provide email addresses and phone numbers to every different online service. This information could be used to phish for personal and banking information.
- Use a trusted Adblock. The use of an Adblock for your browsers/systems will help in not only getting rid of the scams posing as ads but also give you an ad-free experience.
We at Evolution Business Systems recommend that everyone stay particularly vigilant for malicious emails regarding remote access and fake websites aimed and report these to their IT departments if at all suspicious. And it’s better to go directly to reliable sources for information about the coronavirus. That includes government offices and health care agencies.
It’s not only the virus in the air we need to stay vigilant about, but also in our digital environment. Take care out there.
Kaushik (aka KC) is Business Intelligence Analyst at EBS with a strong interest in predictive analytics, machine learning and visualization. His knowledge and skills are used to help our clients better use their data to identify patterns and predict outcomes using Power BI, to enable better business decision making.