Beware of Cyberattacks

With the public becoming more worried about COVID-19 growing, the number of phishing attempts referencing the virus is increasing.

As you are probably aware, phishing is the act of spreading mass emails that look like they are coming from a legitimate source, but actually has malicious attachments or links. These emails are made to trick recipients into opening attachments or clicking links that allow the attacker to access personal credentials, gain access to a computer system, etc.. There have even been recent situations where phishing has been used to attempt to pose as health agencies.

Malicious cybercriminals are quick to take advantage of high profile events, specifically ones that will cause worry and concern.

There have been a number of email and text scams going around.

The FBI has even issued a warning that cybercriminals are looking for individuals to help them move money around after someone has fallen victim. With so many people being laid off, people may be eager for a job.

So, stay away from those postings and emails of jobs promising easy money for little effort! Some red flags are: being asked to receive funds to your personal bank account, forward money via wire transfer or money service business, asked to open new accounts in your name for another business while being told you will make money by keeping a portion of the money transferred.

The FBI has detected email and phone scams from people saying they are abroad and need financial help because a loved one has COVID-19 or that they are a US service members/citizens working/are quarantined abroad. It doesn't matter what the excuse is, they ask you to send or receive money to help a loved one.

Another common trick is to claim that they're in the medical equipment business or with a charity. They also ask you to send or receive money on their behalf.

Each of these examples are of the cybercriminal trying to get into your bank account.

A security company, Wandera, did an analysis and has suggested that people aren't getting the message. This company compared the growth of traffic to safe sites with info on the pandemic (ex, governments, public health agencies) with bad sites (with phishing campaigns, donation scams, and malware).

What's scary is that at the end of March, the amount of people going to the bad sites was growing more than those going to the safe sites. Although this number doesn't show how many people are falling victim, it is a worrying trend.

There is some good news though.

Apple and Google are working on making their platforms work together to help slow the spread of the virus. The idea being to help governments and public health authorities to create apps for voluntary contact tracing virus victims. Contact tracing identifies, educates, and monitors people who have had contact with someone who has COVID-19. Any form of tracing app should include assurances that minimal personal data is collected, data will be held securely, and is held by an agency or government for a limited time.

Also, Dutch police have taken down 15 booter websites. These types of sites are service-for-hire that help cybercriminals, activists, or people just wanting to cause an annoyance to launch cyberattacks that hit websites until they temporarily collapse. This type of attack might be to achieve a thrill of bringing something down or as a distraction for breaking into a site somewhere else. This is one reason why individuals should apply security patches and have good anti-virus software.

How to Protect Yourself

Below are a few ways you can protect yourself, and your device, from malware.

Against Malicious Emails:

• Check the address or the attachment to make sure it's relevant to the email content
• Ensure you know the sender of the email message
• Look for any typos
• Use anti-virus or anti-malware software

Against Malicious Attachments:

• Ensure that the email address of the sender has a valid username and domain name
• Be more cautious if the tone of the email is urgent
• If you weren't expecting an attachment, double check with the sender

For more information check out the government's publication for Security IT Actions to Protect Your Organization

We have reached the end of this post. We hope that you have been able to take away some key things on how to stay cyber safe during this pandemic. Stay safe!

If you have any comments or questions, use the section below.

Now is the perfect time to look into security awareness. Click below to get your security awareness kit.

Sources:

Government of Canada. (2020). Cyber Hygiene for COVID-19. Retrieved March 14, 2020 from https://cyber.gc.ca/en/guidance/cyber-hygiene-covid-19

Soloman, Howard. (2020). Cyber Security Today - COVID-19 hiring and sob story scams, Apple and Google partner on contact training, cops make arrests and more. Retrieved March 14, 2020 from https://www.itworldcanada.com/article/cyber-security-today-covid-19-hiring-and-sob-story-scams-apple-and-google-partner-on-contact-tracing-cops-make-arrests-and-more/429514