The world is certainly a drastically different place than it was just a few weeks ago. As the COVID-19 pandemic sweeps the globe, people everywhere are anxious, scared and concerned. Unfortunately, it’s also the perfect opportunity for cyberattacks to flourish. Yes, asshole cybercriminals are already cashing in on the devastating coronavirus disruption. As the world sits on edge, it’s critical to be aware and vigilant against the latest evolving cyber threats. Here’s what you need to know:
The Art of Social Engineering
Cybercriminals have long used the art of social engineering to manipulate people into giving up sensitive information. As the COVID-19 pandemic evolves, cyber risk is exploding as ‘threat actors’ seek a golden opportunity to cash in on people’s tense emotions. Social engineering tactics are so popular because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software. Meaning, it is much easier to trick someone into giving you their password than it is for you to try hacking their password.
Phishing emails are often disguised as a credible organization like financial institutions or government departments and create a sense of urgency that triggers an individual into taking an action before they think it through. Like an email that appears to be from your credit card company requesting you click a link to login and verify suspicious transactions. If you log in, bam – the hacker now has access to your account, and some type of malware was most likely installed on your device to access other personal information.
Preying on Remote Workers
Although I’ve been used to working from home in my pj’s for years, remote work is new to most. The coronavirus outbreak has created an unexpected switch in the way we conduct day to day business. Self-isolation, work from home policies, and limitations on in-person meetings have created a heavier-than-usual reliance on virtual and electronic channels. Cybercriminals are taking advantage of security loopholes and using it to gain sensitive information.
Now, instead of attacking a company’s network, which would likely be secured with advanced security measures, protection, and real-time monitoring – hackers now just have to locate and attack the employee’s home network. This means WAY less chance of discovery.
‘Click for an Urgent Coronavirus Update’
Cybercriminals are luring people into online scams masquerading as important information related to the pandemic. Emails pretending to be from the World Health Organization, Centre for Disease Control and British, Canadian and Australian Governments have been circulating. Here’s an example of one:
“Canadian Prime Minister Justin Trudeau approved an immediate check of $2,500 for those who choose to stay at home during the Coronavirus crisis. Here is the form for the request. Please fill it out and submit it. The attachment file is called “Covid19 relief.doc.”
Of course, this is a scam because the Prime Minister has not approved that payout. And if you click on that attachment you’ll be infected.
It’s not just phishing emails. There have been multiple malicious coronavirus apps – like infection trackers – that once downloaded install malware or ransomware onto your device.
Not all the new scams are coronavirus related either. But many are related to money as so many people sit on edge, panicking about their financial future. Just this week alone, I’ve seen phishing emails in the guise of Paypal and Windows Defender – the Paypal one claiming to have locked access to funds and requesting an account login to review and the Windows Defender claiming a $200 charge was just processed and to call to dispute if not authorized.
The last thing anyone needs now is to be screwed over by a hacker. And the last thing a business that has had to shut its doors, not earning a cent needs is a data breach.
Wash Your Hands AND Watch Out
So, please be super aware. Do not click ANY links. If there was a real email communication from the government or whatever, all the essential information would be included in the message – there wouldn’t be a request to download a document or click on a link. Likewise, if you get something from your bank or credit card – don’t click these links. Open a browser and go to the actual site. They will have updates posted. Or you can call and ask.
Robert Krug, the network security architect for Avast, the antivirus software giant, recently offered some sage advice. “Computer viruses can spread just as easily as human viruses,” he says. “Just as you would avoid touching objects and surfaces that are not clean, so should you avoid opening emails from unknown parties or visiting untrusted websites.
“In short, the same steps that one takes to ensure they don’t get sick should be translated into steps that keep devices and networks secure. You may use hand sanitizer to remove germs from your hands, and you should have an effective antivirus solution to keep germs off your computers and networks.”
You have been warned.