We have been overrun these past few months with everything Coronavirus, COVID-19-related, and with it, a near-constant stream of information and disinformation sent to us/available from/on every platform known and used by man.
The world has gone a little crazy.
The problem here – besides the fear, panic and already crippling, economic ripple-effects from the virus itself – are the opportunistic cyber criminals who revel in exploiting this fear and chaos in order to steal money and compromise businesses.
Three cyber security issues to watch out for especially at present:
1. Fake Websites: These fake coronavirus-related websites offer a “cure” to the virus. Such cures can consist of natural and pharmaceutical remedies, vaccines, testing kits, and other bogus health solutions. The key to determine if a website is fake is to check:
Does the website have a secure connection with a padlock icon? The vast majority of malicious websites being used by criminals these days do have security certificates, however if a website has no padlock icon in the URL it is definitely one to avoid!
Are these websites offering in-demand items at extremely low costs? These malicious actors could be trying to steal credit card information and install malware. As the saying goes, if it sounds too good to be true, it probably is.
Carefully read over the verbiage on the website. Most fake websites are poorly written. Identifying this trait early on can help determine a website’s legitimacy.
2. Spoofing Government and Health Care Organisations: Hackers are already impersonating the UN’s health agency in an effort to carry out a variety of scams, from account takeovers to phoney donation requests and the spread of malware.
The Federal Trade Commission (FTC) is also warning of spoofed emails, text messages, and phone calls that claim to be from the Centres for Disease Control (CDC). Watch out for coronavirus-related phishing emails, smishing (text message phishing), and phone fraud scams over the coming weeks. These scams will focus on our insecurities about how the virus is spreading. The scams could be fake health agency warnings about infections in your local area, vaccine and treatment offers, and alerts about critical supply shortages.
These contact points can be highly convincing due to cyber criminals using professional phishing kits like perfectly matched logos and email formats of legitimate organisations. In addition hackers will incorporate “combosquatting” and “typosquatting” tactics to fool users into thinking the link is legitimate. One example of typosquatting is when an attacker uses popular domains that are misspelled incorrectly but look like real a domain name. For example, faecbook.com or wellsfagro.com. Combosquatting and typosquatting have similar tactics used to fool users, however, the domain name is appended with -security. For example, wellsfargo-security.com or security-chase.com. Notice the domains are not misspelled but prepended or appended with the word security.
3. Social Media: Social media users need to be wary when scrolling through their timeline or clicking on links unwitting family members may forward. Two specific scams that are likely to play off of the current coronavirus situation are fake fundraising and investment scams.
Fundraising hackers will use stories and images of real people to tap into your limbic system – the emotional part of your brain. Notably, these scammers will utilise legitimate fundraising platforms like GoFundMe to collect donations. Be cautious of any individuals asking for donations.
The second threat for coronavirus-related scams deals with investments. As the Securities and Exchange Commission (SEC) recently warned, criminals will use social media to promote microcap stocks which they claim have a product or service that can help prevent or treat coronavirus. These are pump-and-dump scams that could cost investors lots of money. Be sure to perform some research. A quick search will help clear any cloudiness about the proposed investment.
Our handy infographic summarises three things to look out for… share amongst your friends, family and colleagues to better protect against cyber crime.
Check out our recent post on creating a more cyber secure home environment whilst setting up / working from your home office.
And check out how to keep the kids safe online if they’re using their devices more than normal during these challenging times.
CybACADEMY courses powered by GoldPhish® educates users on the cyber risk and helps build a more secure organisation with awareness training.