Safeguarding Against Pandemic-Related Cybercrime
The year 2020 has been a time of significant adjustment. From full-scale lockdowns to widespread social distancing measures, everyday life has transformed for the majority of people around the globe so as to curb the spread of Coronavirus.
An unfortunate and perhaps unexpected consequence has been the rise in cybercrime. Malicious actors have been using the pandemic to their advantage, exploiting people’s myriad concerns and confusion regarding the virus.
In this article, I’ll outline the three most common types of pandemic-related cybercrime and how you can protect yourself against each one.
1. Scam Websites
According to a report by Interpol, there has been a 569% increase in malicious domain registrations since the beginning of the pandemic, many of which feature keywords like “coronavirus” and “covid”. (To help tackle this issue, Namecheap has been blocking registrations of new websites with such keywords.) Very often these websites sell counterfeit goods like face masks, testing kits, fake tracking apps, and false cures, as well as fraudulent treatments, from vaccines to essential oils and tinctures. Some sites even scam people out of money or personal information, claiming to be a charity or stimulus-themed website. Other sites harbor misinformation, with the World Health Organization (WHO) describing the problem as an infodemic.
If you find yourself on an unknown website and aren’t sure if it’s legitimate, it’s best to err on the side of caution and treat it as suspicious. Sometimes such sites can be very convincing, and may even have adopted trust markers to seem more real, like SSL certificates, for example (read more about some websites with SSLs aren’t necessarily trustworthy here). If something seems too good to be true, it probably is. Only purchase goods from legitimate retailers that you’re familiar with, and only trust information provided by your country’s healthcare agencies.
One of the most common cyber attacks, phishing involves cybercriminals sending convincing messages to victims, often posing as a real business or organization. Phishing most frequently occurs over email, but it can also happen via text or messaging apps, such as WhatsApp. These messages typically ask you to hand over your login details or personal information via an embedded link, and sometimes even include attachments with malware.
When you click on a link in phishing emails it generally leads to a site masquerading as a well-known website. The UN reported a 350% increase in phishing websites in the first quarter of the year, many of which targeted hospitals and healthcare systems. The WHO has been exploited numerous times by phishing campaigns, many of which attempt to trick users out of their personal information or encourage people to donate to a fake version of their COVID-19 Solitary Response Fund.
If you get an email from an organization requesting that you log in or update your credit card details via an embedded link, or even offering something too good to be true, you should regard it as suspicious. Generally, legitimate companies won’t ask for this information over email, and certainly not a text message. Check the email of the sender. Often these scam email addresses are similar to an organization’s official email address, but are a little off. Head to the official website and compare it with the contact information featured there. Upon close examination of the email, you’ll probably notice that the design isn’t quite right and that there are misspellings.
For more information on how to recognize and avoid being tricked by phishing scams, check out this article from the FTC.
3. Vulnerable Remote Work Environments
More people than ever are working from home, which poses security concerns for organizations new to remote work, with staff using potentially less secure home networks and sometimes using personal devices rather than their office computers. There’s also the issue of communicating through online chat applications rather than in-person. These factors can leave companies vulnerable to issues like malware and social engineering attacks. According to a report by Malwarebytes, in 2020, 19.8% of company leaders and IT directors surveyed have experienced a security breach because of a remote worker.
If you work from home, familiarize yourself with your company’s remote work policies and install any required software, such as VPNs, antivirus, and firewalls. Keep all your cyber defenses up-to-date, as old versions of software can be vulnerable to exploitation by hackers. Strengthen your Wi-Fi network security by ensuring it has a strong and unique password, enabling network encryption, and upgrading its firmware.
Protecting yourself from social engineering can be a bit more tricky. Much like spotting phishing emails, you need to assess any unusual messages with a discerning eye. Hackers can pretend to be a colleague messaging you in an attempt to steal information or to access company networks. These messages can take various forms, like an unexpected ping from the CEO who has never communicated with you directly, asking for login details or sensitive information, or an email from IT asking you to download some kind of security update (which is actually hidden malware). It can be easy to comply with these requests as they seem to come from people you trust.
It’s important to treat unexpected interactions that require you to hand over information or to download something as suspicious. When this happens, contact the sender through an alternative channel to confirm that it was them. Be sure to report any suspicious activity to your IT department.
Check out our blog on social engineering to learn more about how it can manifest and steps you can take to protect yourself.
What Else Can I Do to Protect Myself?
Apart from remaining vigilant and ensuring your work-from-home setup is as strong as it can be, ensure you’re following best practices for staying safe online. Stick to browsing websites you know, don’t download anything suspicious, and don’t believe everything you read on social media. If you’re a website owner, get an SSL certificate and follow these steps for boosting your website security. Lastly, learn how best to protect your computer from malware.
Times might be strange, but that doesn’t mean you have to be vulnerable to those seeking to take advantage of uncertainty. By following the tips in this article, you should be better equipped to protect yourself from cybercrime.