The world is in the midst of the deadliest Coronavirus pandemic and we can see business slowing, transportation disruptions, schedules being uprooted, educational institutions closing and many other changes in our lives. Even as the nature of crisis is magnanimous and dangerous, there are quite a few who are actually trying to create scams with it and make money for the same!
Some of the scams are:
1. Hackers and scamsters always make use of the current political and economic climate to trick people to part with their financial and personal details. The most popular attack in the Information security domain is always the ‘phishing attack’ and in the wake of the ‘Coronovirus’ outbreak, there are more number of incidents regarding the same. While most of us are glued online trying to educate ourselves about the latest health threat, there are yet others who make use of this very factor and send us malicious messages and seek monetary and personal gains through them.
According to a press release by the Department of Homeland Security, in one recent phishing attack case, scamsters sent emails impersonating as health organizations related to Coronavirus to innocent victims by playing the ‘fear card’. The innocent victims also clicked these malicious links and found that malware was injected onto their devices or their personal/financial information was stolen.
2. ‘Work From Home’ or WFH has become common for most of the corporate IT sector today.
If employees who have never been given permission to work from home due to enhanced security regulations (maybe some conservative organizations) have now been given permission to WFH, it is better to provide them with corporate locked down laptops. This will ensure that there is enhanced security while working with highly sensitive corporate information from home.
On the other hand if, corporate apps and data are accessed through personal laptops/devices, scamsters will make this use of this opportunity to infect the devices through the employee’s habits of browsing websites, accessing email and other third party apps.
As remote work has become the defacto standard around the globe today, there is more evidence of stolen data and credentials by exploiting WFH business models and it is up to the WFH employees to stay updated and safe.
3. Have you been looking at maps along with information relating to COVID -19? Well, you are not looking for it alone… Hackers know this exactly and it has been revealed that they show visual Corona maps in the foreground and a malware works in the background all along stealing your data that is stored in your browser.
This is a strain of malware known as ‘AZORult’ which was first seen in 2016. This malware steals usernames, passwords, cookies, credit card information and any other information stored in the browser and it is put for sale in the deep web or the hackers can use it to login into your social media accounts.
Measures to avoid these scams:
Even as fear spreads all over the world, over the COVID-19 outbreak, it is always good to use caution in the online world. This will ensure that the situation doesn’t become worse than it already is:
1. According to the WHO (World Health Organization), there are a number of false emails stating to originate from ‘WHO’ relating to the COVID -19 emergency. It advises you to first check:
a. email addresses before clicking them( as an example, emails from ‘WHO’ will be marked as ‘@who.int’)
b. check all the links that come to you via SMS, email or Whatsapp
c. stop and think before giving your personal information
d. in case, you do feel you got scammed, please report it to law enforcement or appropriate officials right away
2. If allowing employees to WFH and if they use their personal devices to connect, enable them to connect only via a VPN client to the corporate networks
3. WFH policies should be clearly stated for all employees
4. Endpoint attack vectors should be sealed for WFH employees
These are some security scams in the online world relating to the COVID -19 emergency. It is a sure bet, that many more will sprout and it is up to us to stay informed and be vigilant!
For more of InfoSec Train’s training courses, do visit us at this link. https://www.infosectrain.com/
References:
1. https://cdn2.hubspot.net/hubfs/5411606/Content/Coronavirus%20Work%20From%20Home%20Whitepaper.pdf
2. https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
3. https://www.who.int/about/communications/cyber-security
4. https://www.secretservice.gov/data/press/releases/2020/20-MAR/Secret_Service_Coronavirus_Phishing_Alert.pdf