How To Protect Yourself Against Cybercrime During The COVID-19 Crisis
Cybercrimes are nothing new, but with the outbreak of COVID-19, there’s a new threat looming online. Cyberattacks have picked up pace in recent months as cybercriminals have started spreading misinformation.
For instance, the Department of Health & Human Services (HHS) was recently hit by cybercriminals that hacked its system.
Moreover, investigative journalists have reported spear-phishing attacks led by Russia, China, and North Korea hiding behind the pandemic.
It hasn’t stopped there after the WHO also reported that criminals are using fake URLs and emails to scam users of their money and information.
First Things First – What is Cybercrime?
Any criminal activity that is carried out using computers or other similar devices on the internet falls under the category of cybercrime.
Most of these online crimes are performed with the sole purpose of reaping profits by encrypting personal data of users.
Malware such as WannaCry has created a lot of havoc in recent years.
With the advancement of technology, cybercriminals are upgrading the strategies they use to infiltrate private computers and networks.
The outbreak of COVID-19 has led to many additional gateways for these criminals. As more and more websites go live with information revolving around the topic, proxy URLs, spam emails, malware-laden attachments, and more are being used across the world to spread misinformation and profit from panic.
In recent weeks, Chinese group TEMP.Hex is said to have leveraged the current pandemic using COBALTSTRIKE and SOGU payloads to target users in the Philippines, Taiwan, and Vietnam.
Another Chinese group has reportedly targeted the Mongolian government using POISONIVY malware.
Russian and North Korean espionage groups have also been sending out spear-phishing campaigns by masking the contents in coronavirus-themed lures. Incidents such as these make it pivotal to stay extra cautious while browsing online.
What To Look Out For?
There are different types of cyber threats, but the majority of present-day malware is COVID-19 themed. Stay extra cautious of pop-up advertisements, unsolicited emails and attachments, spam URLs, fake news, impersonations, and more.
Additionally, there’s a lot of fake news being spread using social media and alias websites.
Advertisements Of COVID-19 Related Products?
According to FireEye, a lot of victims of these ongoing cybercrimes fall prey to the classic lure. You can find a lot of content revolving around the COVID-19 topic.
As the global economy came to a standstill, a sudden surge in the demand for essentials, breathing masks, and sanitation products opened backdoors for criminals.
You’ll even find fake emails from the government or an NGO seeking charity to support the poor and needy. When clicked, victims are routed to proxy websites wherein all of their personal and financial data are being collected.
Make sure to double-check links and emails before clicking on them. Then again, other forms of themed attacks such as attachments can take control of the host files if they’re installed.
The best way to be safe is to only visit and deal with websites that are secured. Avoid websites that don’t have an SSL certificate, clicking on pop-up ads (better yet, use an Ad Blocker), and use an antivirus solution for enhanced security.
Untrue Documents, Fake News & Spam
Recent cyberattacks on the HHS forced the National Security Council (NSC) to advise Americans that a nationwide lockdown on March 16th was a rumor.
Another South Korean NGO received a spear-phishing email with the title “Coronavirus Correspondence”. Similar incidents have been reported in Taiwan, Vietnam, and other Southeast Asian countries where tweets and statements by prominent leaders have been used as lures.
A lot of fake posts about shortages of essentials and medical guides to battle COVID-19 are being shared online.
Please be informed that most of these are spam posts and clickbait links. Once you click on these, you’ll probably end up installing adware, spyware, or other similar malware.
You shouldn’t believe in every news snippet that you find online, and make sure to not download files or software from untrusted sources. Additionally, you should mark suspicious emails as spam and try not to give out sensitive information without verifying the source first.
Cybercriminals have also started masquerading as the World Health Organization (WHO) and sending out phishing campaigns, ads, and other similar lures appealing for donations and charity.
For instance, in February 2020, a new COVID-19-themed phishing scam was detected by Sophos.
The email impersonated official email correspondence from the WHO and contained a link that redirected users to a domain where credentials were being harvested.
Similar impersonation cybercrimes were reported in Japan by the end of January 2020. The emails were replicas of those sent from health and public service offices with attachments offering information about COVID-19. When clicked, a malware tool called EMOTET is installed in the system and starts stealing critical user information.
The easiest way to identify fake emails is by reading between the lines. In most cases, the email itself will contain many grammatical and formatting errors.
Furthermore, a real-time antivirus solution will also scan and notify users if it finds something suspicious contained in the attachments and URLs.
How To Maintain Overall Safety
Cybercrime is an ever-increasing threat. Unfortunately, there isn’t a kill-switch, but staying informed and cautious can go a long way towards keeping yourself secure.
Running frequent scans, cleaning up redundant files, and backing-up your data every now and then are other good habits.
Other than these tips, here are a few things that you can do:
- Download Only From Trusted Sources – Always review the source website from where you’re downloading content. Most free websites and the bundled software they offer are perfect spots for hackers. Make sure to check the SSL and encryption of the website before downloading anything.
- Be Careful Of Free Software – Most free software is bundled with browser extensions and other adware, spyware, or trackers. When you download something, make sure to read through the T&Cs and select custom installation so you can uncheck the unwanted add-ons.
- Report Spam – If you find fake news on social platforms, websites, and other messaging apps, you should immediately report it as spam. This way the service providers can block problematic posters.
- Mark Spam Messages – Although most ISPs auto-mark suspicious emails as spam, some emails slide past the gates. If you find such emails, mark them as spam immediately to stop receiving them.
- Check Everything – Read between the lines, check the authenticity of the source, and double-check links before clicking on them.
The best way to stay safe is to be cautious. Make sure you review the source before clicking on anything to protect your data and privacy online.