While you’re trying to avoid getting infected with a real virus, hackers are trying to infect your devices with malicious software or grab your personal information. Security experts say that hacking attempts are becoming more frequent in general, and one of the fastest-growing tactics is to use the Coronavirus crisis as a ruse.
Coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus — and they’ve only proliferated since.
Last week, Brno University Hospital in the Czech Republic — a major Covid-19 testing hub — suffered a ransomware attack that disrupted operations and caused surgery postponements. And even sophisticated nation state hackers have been using pandemic-related traps to spread their malware. The conditions are ripe for cyberattacks of all sorts.
A growing category of hacks lure victims with the promise of information or protection from COVID-19, the disease caused by the Novel Coronavirus which has turned into a global pandemic with more than 214,000 cases and 8,700 deaths worldwide.
Two major categories of attacks are using the words “coronavirus” or “COVID-19” to attract targets in high numbers, said Deepen Desai, Vice President of security research at Zscaler. In March, the company has seen nearly 20,000 unique incidents of phishing attacks, which lead you to fraudulent websites and try to trick you into entering sensitive information like passwords or credit card numbers. It’s also found more than 7,000 incidents in which victims were tricked into starting a download of malware, all of which referenced the health crisis.
Hassold, formerly a digital behavior analyst for the Federal Bureau of Investigation, also notes that even extra-cautious employees may be more likely to take phishing emails at face value, since it’s not as easy to call across the room to a colleague and check whether they really initiated that payroll payment reroute. “All of this is a perfect storm,” he says.
Covid-19 scams aren’t just being used by criminals for monetary gain. They’re also showing up in more insidious operations. A malicious Android application has been posing as a Covid-19 tracking map from Johns Hopkins University, but actually contains spyware connected to a surveillance operation against mobile users in Libya.
And then there are the nation state hackers, who know full well that home networks simply aren’t as secure as those in offices. Remote connections in particular make it more difficult, if not impossible, for most threat detection tools to differentiate legitimate work from something suspicious.
Wash your hands and update your software
The National Cyber Security Alliance urges internet users to use caution when visiting websites or downloading apps related to COVID-19.
Normally, when scammers use disasters like hurricanes or fires to trick people, there’s only a small number of potential victims. The Coronavirus crisis is hitting the whole world, and the number of people seeking help and information is huge.
Broadly, avoiding most of these risks means following the same advice as during more normal times. Don’t click on links from unknown people. Only download or install software from trusted sources. And verify that the URL of any website that asks users to enter a password is accurate: Hackers often set up URLs that are similar to real websites to harvest passwords.
Users should also be careful of other websites that require you to link your social media or Google accounts in order to receive these rewards.
If you get an email that is offering any of these sweet deals – ‘little measures that can save you’, ‘click here to donate’, or ‘here is how you can get a tax refund’, you are advised to not click on any of them and report them as spam.
Dr. Bright Mawudor, head of cybersecurity services at Internet Solutions has also warned Kenyans from sharing messages with links that claim to reward you with cryptocurrencies like Bitcoin when the link is shared several times.