Cybersecurity during COVID-19

Understanding how to protect yourself from malicious cyber threats.

COVID-19 has changed nearly every aspect of our daily lives, including how we work, socialize, and communicate. Unfortunately this also means many of us will be subject to a range of new cybersecurity threats, including the all-too-common phishing attacks but with an added pandemic twist. Cybersecurity threats are moving very quickly during the COVID-19 pandemic, and this poses unique problems for mitigating such risks. Further, the overwhelming amount of news coverage surrounding the coronavirus has helped create a perfect storm for cybercriminals to exploit the situation for their own good and prey upon the public’s fear and need for information.

 

What is it? 

Cyber-attacks are when hackers use a variety of methods to collect personal identification information (PII) that they then use to steal identities, open lines of credit, and access online bank accounts.  Phishing campaigns are the most common form of cybercrimes and they have increased over 350% since the pandemic started in mid-March.   If you are unfamiliar with the term, phishing campaigns are a scam by which an Internet user is tricked (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly.  Phishing often involves impersonating someone you know or a platform that you trust which can make it challenging to identify.

 

How does it work? 

Malicious people use COVID-19 as the theme to lure victims into opening harmful attachments or links. Cyber criminals and other parties have been carrying out several types of scams since the Coronavirus pandemic was announced. Here are just a few types of cyber-attacks we’ve seen over the past few weeks:

  • Phishing– There have been numerous emails going around containing links or attachments supposedly providing information about the Coronavirus, when in fact, they aim to infect PCs or mobile devices with malware.
  • Malware– Cyber criminals have been using the Coronavirus theme to distribute malware.  A lot of them are impersonating health authorities to get users to click a link that contains malware in the form of Trickbot or other trojans.
  • Malicious Websites– More than 3,600 new domains containing the phrase “Coronavirus” were created in the past few days. The vast majority of them are destined to host phishing sites, spread malware, etc.
  • Malicious Apps– Several malicious apps have also been uploaded to app stores (Google Play, Apple Store), mostly disguised as Coronavirus related content. In some cases, these were apps created by governments to track citizens, which raised suspicions of foul play.
  • Misinformation– A lot of websites and emails have been appearing containing false information regarding the pandemic, meant to frighten the public or get people to take actions they wouldn’t otherwise take. In many cases the senders are pretending to be from official organizations, such as the WHO, the CDC, etc.
  • Fraudulent Products– Cyber criminals have also begun advertising fraudulent products claiming to help people cope with the situation, such as face masks. These criminals often disappear after receiving the money.

 

Here’s what you can do.

Below are some recommended best practices to decrease the chances of falling victim to a scam:

  • Be suspicious of every email you get regarding Coronavirus, especially if it is from an address you do not recognize or contains grammar and spelling mistakes. Also, avoid opening links or attachments from unknown sources. It is possible to hover the mouse cursor over hyperlinks to see where they actually lead.
  • Don’t panic and avoid emails or advertisements that urge you to “act now.” This sense of urgency is meant to enhance the already induced panic of the situation, to pressure people into making irrational decisions.
  • Use caution and do not give money or personal information to websites or people you do not trust 100%. If you are approached, try to verify details and call back yourself via a number obtained from a different source, e.g. Google.
  • Trust the source and get your information from official sites such as the CDC or WHO and try to avoid unreliable sources, such as social media posts.
  • Go directly to the source if you wish to donate money to charity organizations by searching for their official websites or phone numbers, and not through advertisements or when approached.

Since COVID-19 shows no signs of disappearing anytime soon, it’s safe to assume that cyber criminals will continue trying to exploit the situation and create more attacks, using the methods mentioned above and in new ways as well. It is important to stay as vigilant as possible to safeguard your personal information.   Coronavirus can be an emotional topic so remember: do not let anyone put pressure on you to ‘act immediately’, never share your pin numbers or passwords with anyone, always look for the “HTTPS” and the lock icon on your browser to ensure you are using a secure connection, and when in doubt contact the financial institution or Howe & Rusling directly for assistance.