In the same proportion that the adversity scenario can reinforce the good side of people, this can also intensify bad intentions. Cybercriminals were quick to take advantage of a new opportunity to take action – this can be seen in the growth of malicious software and covid-19 relaphishing scams.
Records of hundreds of potentially suspicious new web domains have been identified, with cybercriminals taking advantage of the fact that many people may be using their own computers to access corporate networks due to the widespread home office. Since these machines are not necessarily as tightly regulated and protected as business PCs, this exposes new threat vectors.
Numerous phishing campaigns have emerged in the form of emails disguised as updates on the new coronavirus. A recent specific campaign tried to appeal to human nature, asking for donations (in bitcoin) for a false initiative by the World Health Organization (WHO) that “seeks to ensure that all countries are prepared, especially those with weaker health systems”.
Most fraudulent activities related to covid-19 are characterized as:
Free of charge: selected services, such as video conferencing, online training and even free food delivery. Cybercriminals also offer services like a “honeypot”, tricking users into providing bank details and personal information. It is necessary to reflect – is this a genuine offer or is it too good to be true – before subscribing to new services.
Digital gift cards: The scammers behind the popular commercial email compromise (BEC) attacks have started trying to persuade people to buy digital gift cards, as many physical stores are closed.
Compensation schemes: With millions of people affected by canceled holidays and flights, there has been an increase in the number of dubious compensation sites – schemes that promise travelers the chance to get their money back. A particularly effective approach has been to pressure users to spontaneously provide personal information, under the pretext that a “travel compensation offer expires in 12 hours”, because cybercriminals always want victims to act first and think later.
Too good to be true
The best line of defense is to use common sense and not let your guard down. Anything that seems too good to be true is probably just that. Maintaining your defenses also means installing software updates, even if they take a long time to download. Many varieties of malware use software vulnerabilities to maintain persistence and confidentiality on infected systems.
We all need to keep in mind that especially now is the time to adhere to some basic rules like avoiding opening attachments or links in e-mails from unknown external contacts. Scammers have become sophisticated, and it is often difficult to differentiate a genuine email from a fake one, so we emphasize the importance of never interacting with emails, even if they seem legitimate.
Recently, we heard many extraordinary tales about how people overcame the adversities of the covid-19 pandemic. Unfortunately, there is also a dark side: those who seek to take advantage of the situation.
Jun Ueda, author of this article, is Chief Operating Officer at Fujitsu do Brasil