This pandemic seems to be the only thing on our mind these days. In this post, we'll talk about how COVID-19 is affecting cybersecurity.
Cybersecurity is probably the last thing on your mind during this pandemic, but it's something that should still be a priority.
Sadly, cyber scams are still happening. In this post, we want to bring awareness to some of the things going on and how you can stay safe.
The Cyber Centre has received and seen increases in reports of cybercriminals using COVID-19 in phishing and malware attacks.
The response to the pandemic is being managed by the Public Health Agency of Canada (PHAC) with help from public health officials and agencies across Canada.
For more information regarding the pandemic, please visit COVID-19 Outbreak Update for up to date information.
Beware of Cyberattacks
With the public becoming more worried about COVID-19 growing, the number of phishing attempts referencing the virus is increasing.
As you are probably aware, phishing is the act of spreading mass emails that look like they are coming from a legitimate source, but actually has malicious attachments or links. These emails are made to trick recipients into opening attachments or clicking links that allow the attacker to access personal credentials, gain access to a computer system, etc.. There have even been recent situations where phishing has been used to attempt to pose as health agencies.
Malicious cybercriminals are quick to take advantage of high profile events, specifically ones that will cause worry and concern.
There have been a number of email and text scams going around.
The FBI has even issued a warning that cybercriminals are looking for individuals to help them move money around after someone has fallen victim. With so many people being laid off, people may be eager for a job.
So, stay away from those postings and emails of jobs promising easy money for little effort! Some red flags are: being asked to receive funds to your personal bank account, forward money via wire transfer or money service business, asked to open new accounts in your name for another business while being told you will make money by keeping a portion of the money transferred.
The FBI has detected email and phone scams from people saying they are abroad and need financial help because a loved one has COVID-19 or that they are a US service members/citizens working/are quarantined abroad. It doesn't matter what the excuse is, they ask you to send or receive money to help a loved one.
Another common trick is to claim that they're in the medical equipment business or with a charity. They also ask you to send or receive money on their behalf.
Each of these examples are of the cybercriminal trying to get into your bank account.
A security company, Wandera, did an analysis and has suggested that people aren't getting the message. This company compared the growth of traffic to safe sites with info on the pandemic (ex, governments, public health agencies) with bad sites (with phishing campaigns, donation scams, and malware).
What's scary is that at the end of March, the amount of people going to the bad sites was growing more than those going to the safe sites. Although this number doesn't show how many people are falling victim, it is a worrying trend.
There is some good news though.
Apple and Google are working on making their platforms work together to help slow the spread of the virus. The idea being to help governments and public health authorities to create apps for voluntary contact tracing virus victims. Contact tracing identifies, educates, and monitors people who have had contact with someone who has COVID-19. Any form of tracing app should include assurances that minimal personal data is collected, data will be held securely, and is held by an agency or government for a limited time.
Also, Dutch police have taken down 15 booter websites. These types of sites are service-for-hire that help cybercriminals, activists, or people just wanting to cause an annoyance to launch cyberattacks that hit websites until they temporarily collapse. This type of attack might be to achieve a thrill of bringing something down or as a distraction for breaking into a site somewhere else. This is one reason why individuals should apply security patches and have good anti-virus software.
How to Protect Yourself
Below are a few ways you can protect yourself, and your device, from malware.
Against Malicious Emails:
- Check the address or the attachment to make sure it's relevant to the email content
- Ensure you know the sender of the email message
- Look for any typos
- Use anti-virus or anti-malware software
Against Malicious Attachments:
- Ensure that the email address of the sender has a valid username and domain name
- Be more cautious if the tone of the email is urgent
- If you weren't expecting an attachment, double check with the sender
Against Malicious Websites:
- Ensure that URLs are spelled right
- Type the URL directly into the search bar instead of clicking the link
- If you need to click the hyperlink, hover over the link to check if it directs to the right website
Practical Ways to Make Yourself Cyber Safe
- Use unique and complex passwords
- Install updates to mobile devices, computers, and applications
- Store data securely and know backup procedures
- Secure all social media and email accounts
For more information check out the government's publication for Security IT Actions to Protect Your Organization
We have reached the end of this post. We hope that you have been able to take away some key things on how to stay cyber safe during this pandemic. Stay safe!
If you have any comments or questions, use the section below.
Now is the perfect time to look into security awareness. Click below to get your security awareness kit.
Government of Canada. (2020). Cyber Hygiene for COVID-19. Retrieved March 14, 2020 from https://cyber.gc.ca/en/guidance/cyber-hygiene-covid-19
Soloman, Howard. (2020). Cyber Security Today - COVID-19 hiring and sob story scams, Apple and Google partner on contact training, cops make arrests and more. Retrieved March 14, 2020 from https://www.itworldcanada.com/article/cyber-security-today-covid-19-hiring-and-sob-story-scams-apple-and-google-partner-on-contact-tracing-cops-make-arrests-and-more/429514