The Coronavirus pandemic has been an unprecedented time in many ways. Beyond entire populations and societies having to adjust to deal with its impact, there has also been an unfortunate uptick in cyber crime related to the virus.
Cyber criminals are using the confusion surrounding the virus, as well as workforces now in more vulnerable work-from-home environments, to their advantage. They’re ramping up the size and scope of attacks during this vulnerable time, targeting individuals, businesses, and even government agencies.
In this article we’ll discuss some recent examples of Coronavirus-related cyber crime, what should you watch out for, and what you can do to increase online protection going forward. Read on to find out more.
The four most common types of cyber attack
According to a recent report by Interpol on the impact of Covid-19 on cyber crime, there has been an increase in cyber crime related to the following areas:
- Online scams and phishing
- The use of various types of malware
- Malicious URLs
Let’s take a closer look at each one and what they involve.
1.The rise of cyber crime during Coronavirus
From the outset of the pandemic, there was a sharp increase in online scams and phishing emails. Phishing involves cyber criminals sending convincing emails to a target while posing as a friend, business, or trusted organization, in an attempt to steal personal information or to trick the recipient into downloading malware, either by sending people to a fake website or through email attachments. Coronavirus-related phishing scams seek to capitalize on people’s anxieties, offering things like non-existent vaccines and consumer relief packages.
These kinds of attacks are happening across every sector. Back in April, the World Health Organization reported that it had experienced five times the number of cyber attacks than the same period in 2019, with attacks directed at staff and the general public alike. These scammers even directed people to donate money to a fake version of WHO’s COVID-19 Solitary Response Fund.
Meanwhile, UK Finance — an industry body that represents more than 250 financial-related firms in the UK — have reported their top ten scams related to Coronavirus. Some of the most shocking include a fake contact tracing email claiming to be from the national health service, council tax reductions, fake emails from online tv subscription services, and even fake online dating profiles.
As you can see, even top organizations are being used in these attacks. Avoid being ensnared by a phishing attack or an online scam by regarding any unsolicited email with suspicion. If something seems too good to be true, it probably is. Strange layouts, misspellings, and inaccurate logos are usually a dead giveaway in these kinds of scams. Study the email address the email has been sent from — it’s usually very different from the official organization’s email. Search for the official site in Google and check if the same things are being offered there. If not, report it to the organization in question so they can warn subscribers or customers.
For more information on phishing and how to protect yourself, check out our blog post on the subject.
In the report, Interpol also reported an increase in the use of disruptive malware, like DDoS attacks and ransomware, and data harvesting malware. DDoS (distributed denial-of-service) attacks involve flooding a website or service with fake traffic so that it is overwhelmed and rendered unavailable. Ransomware encrypts user files so that they cannot be accessed, basically holding it hostage for a price. Meanwhile, data harvesting malware can steal sensitive data from computers and even divert funds.
There are all sorts of methods for installing these types of malware on computers, including the aforementioned combination of phishing emails and scam websites. To protect yourself, never download anything from a website or source you aren’t 100% sure is the real deal. Some of these malware email scams even pretend to offer protection against these types of scams, so you really need to be careful. There have even been reports of such emails targeting work-from-home environments as a means of gaining access to company networks.
Even if an email seems like it has your best interests at heart, you need to exercise caution. In case you do accidentally download something suspicious, make sure you have anti-virus software installed on your computer and that it’s kept up-to-date.
According to the report, there has also been a 569% increase in malicious domain registrations since the beginning of the pandemic. Many of these domain URLs contain keywords like “coronavirus” and “covid”. According to a cyber security report by Check Point, a great deal of these websites were set up as landing pages for phishing scams, selling phony drugs, remedies, vaccinations and home testing kits, as well as suspicious apps. Many also likely harbor the kind of malware we mentioned in the previous point.
Remember, if you’re not familiar with a website, treat it as suspicious, and don’t hand over any information. When it comes to Covid-related treatments and apps, only trust those recommended by your country’s official healthcare provider websites.
Beyond spam and phishing emails, there has also been a rise in social media and community forum posts containing false information, often accompanied by malware attachments or links to malicious domains. You should also be wary of social media ads offering treatments or in-demand items like face masks and hand sanitizer.
Fake news regarding the coronavirus has also been an issue, with WHO describing the influx of rumors and information from unreliable sources as an “infodemic”. Do your part by regarding anything shared on social media with a critical eye. If the source isn’t credible and the information seems dubious or even dangerous, don’t share it. Report to the site administrators so that it can be removed.
How to avoid being a target of a cyber attack
Be extra vigilant and discerning when it comes to all online communications, even if it claims to be from a well-known source or work colleague. If you receive an email, text message, or any other kind of digital communication that appears suspicious or unusual, operate on the assumption that it is.
Don’t click on any links, don’t download attachments, and don’t provide any sensitive information, such as login credentials or credit card information. Contact a representative from the company through the proper channels (official website or email) to verify whether they were the ones to send the message.
Beyond social engineering attacks, be sure that all your cyber defences are up-to-date. If you work from home, follow your company’s remote policies carefully, and ensure to install all recommended software, such as VPNs, antivirus, and firewalls. Update them regularly, as out-of-date software can be vulnerable to hacker exploitation, giving them a back door into your system or work network. Some security experts even suggest implementing digital distancing in work-from-home environments.
If you’re a website owner, we of course recommend enhancing your website security with an SSL certificate. Check out this article to find out which type is right for you. After that, take a look at our piece on strengthening your website’s security beyond SSL.
Staying safe online, now more than ever, requires a combination of common sense and preventative security measures on your home network and on your website, if you have one. Protect yourself by casting a critical eye on any emails, social media postings, or websites that seem too good to be true. Always use an antivirus and keep all your software up-to-date. If you’re working from home, make sure you utilize all the tech tools recommended by your company.