With a high percentage of office-based workers, around the world, being forced to work from home due to the COVID-19 pandemic, our cyber-criminal ‘friends’ are making the most of this change in work behaviour. They have not missed the opportunity to profit from this situation, and are creating more attacks and scams targeting stay-at-home workers.
First and foremost, we must thank technology, for giving us the ability to stay in employment, and the economy, for shifting to deliver services which allow us to work remotely. But, with all the advantages that technology brings to our lives, there are always going to be disadvantages.
While we are all trying our best to keep life as normal as physically possible, hackers are hard at work looking for ways to exploit the huge uptick in the number of employees working from home. As the FBI stated in its public service announcement on April 1, the expectation is that, “cyber actors will exploit the increased use of virtual environments by government agencies, the private sector, private organizations, and individuals as a result of the COVID-19 pandemic.”
Here are some examples we’ve seen over the past few weeks, of how these cyber actors are exploiting the situation:
- Vulnerabilities in known apps: The voice conferencing service, Zoom, has been in the headlines recently, after a massive growth in use due to the COVID-19 self-isolation. Talking with family and friends using an app such as Zoom, has allowed us to stay connected with our loved ones and community while we are in isolation. Hackers are using this to their advantage by gaining access through private computer webcams and microphones.
- Phishing: Many cybercriminals take advantage of the increased popularity of applications and programs, such as Zoom and Microsoft Teams, to create phishing websites that lure people into providing their personal information.
- Malware spreading: Using some of the above-mentioned methods and various others, hackers are constantly trying to spread malware onto the computers and mobile phones of victims, with messages asking for a ransom or threatening to sell their information to third parties.
- Fraudulent app creation: Once again, we see exploitation of the increased popularity of some services, by the creation of fraudulent apps and programs. They aim to manipulate victims into thinking these are the legitimate apps and, when they download them, the attackers are gaining access to computers or mobile phones.
So, how can you protect yourself from hackers trying to exploit the forced reality of people working from home? Here are some tips that might help:
- Errors in grammar: Phishing emails often contain spelling or grammar mistakes, or are sent from dodgy-looking addresses that resemble the company being impersonated. Look carefully for any warning signs that might indicate that the email is a fraud.
- Free giveaways and gifts: There’s no such thing as a ‘free gift’! If you have been approached with special offers, free memberships, discounted products etc., it is likely a scam. It is advised to manually enter the website of the company you’re looking to buy from, and not click on links sent to you. Also, never provide information before double, and triple checking the authenticity.
- Use strong passwords: Avoid falling into the ‘obvious password traps’ by using things like your name or date of birth or any other personal information. Ensure you create unique passwords for each different service. You can even use numbers to replace letters, to make the password stronger e.g. MyTe@msL0g1n
- Updates: Make sure, when prompted, you always install app security updates.
We are still only at the start of flattening the curve worldwide, but the COVID-19 pandemic has already changed our lives in countless ways, and we will probably face further changes as we return to our ‘normal’ lives.
Although working remotely is not a new concept, and a lot of companies have been allowing their staff to partake in it for some time, the pandemic has increased its magnitude significantly and we must stay vigilant against those who seek to take advantage of the crisis. In these uncertain times, we must encourage everyone to be more aware of online scams and keep security as a priority.
FraudWatch International is currently actively targeting all COVID-19 Online Scams to protect all Internet users from cyber criminals during this period. If you have been a victim of a cyber-attack, or you have any information about COVID-19 related scams, please visit https://fraudwatchinternational.com/covid19/ or report the details to Covid19@fraudwatchinternational.com.