Be aware! Cyber-crime on the rise during lockdown

The global pandemic of COVID-19 is not only a grave health issue but it also presents new opportunities for cyber criminals. With cyber threats constantly evolving to take advantage of online behaviour and to map consumer trends, consumers are as vulnerable as ever.

During lockdown, many people are spending far more time online than usual with Vodacom seeing a 40% jump in data usage as consumers perform day to day tasks such as online shopping, internet banking, streaming content online and spending more time on social media. And while this is happening, cyber criminals have quickly seized the opportunities to exploit the crisis by adapting their modes of operation and developing new cyber-related attacks and online criminal activities.

“In view of the global pandemic, cyber-attacks are on the rise as we continue to shift to remote working. Cyber criminals are well aware that people are spending more time online and have been targeting them with innovative scams suited to the current environment,” says Jacob Kutumela, Head of Forensic Services at Vodacom.

Whilst most people are already aware of the dangers faced online, many of us would not think twice about certain actions that we perform online, which may lead to malicious malware, ransomware, identity theft and/or fraud. For cyber criminals it is therefore the perfect time to prey on anxious and less tech-savvy consumers desperately looking for the latest COVID-19 news and information.

There are several scams that you should be aware of right now, including:

Phishing

One of the most common, and most effective, cyberattacks remains phishing scams. These are emails designed to look like a professional email from a reputable source, but intended to deceive you into disclosing personal or confidential information and/or allow access to your accounts. Phishing scams can take many forms, including emails designed to look like they are from official sources, government authorities, or financial institutions etc. 

Malicious websites

These websites are set up with the purpose of infecting your device with malware - malicious software that comes in an array of forms including but not limited to computer viruses, worms, trojans spyware, adware and various other types of harmful software. Since January there have been thousands of websites registered to contain the word ʻcoronaʼ and many of those are suspicious and intended to distribute malware. Watch out for sites such as Coronavirus(.)com or Corona -virus-Map(.)com.

Fake charities

A popular way in which cyber criminals can defraud you of your money is through electronic (emails and website) requests that ask for charitable donations. While fake charity approaches occur all year round, there is a significant increase in these during the times of real disasters or emergencies, such as the current Covid-19 pandemic. Cyber criminals may pose as agents of legitimate well-known charities or create their own charities and request donations for medical research or to support victims and their families.

Spam emails

Spam emails are commonly referred to as junk emails and is unsolicited messages sent in bulk by email. These are dangerous because they may contain links that lead to phishing web sites or sites that are hosting malware. Often they try to grab your curiosity by using conspiracy-themed catchphrases, such as “censored”, to try and sell information (paid-for videos) or goods that are now in high demand, such as masks, hand sanitizers or vitamins.

Fake internal HR or IT communication 

This can include coronavirus surveys impersonating your HR or IT department with the objective being to steal your username and password. Typically, to access the document or survey, the recipient has to provide their Office 365 credentials on a fake site – thus compromising their login details/Office 365 account.

There are a multitude of other scams which are being spread through various channels using COVID-19 as a pretence to try and defraud or trick innocent people. These include calls from scammers asking you to change your banking details for debit orders, SMSs asking for you to make a donation, or social media hoaxes around free offerings and other malicious links being shared via WhatsApp. It is important to block these callers, do not click on any links and do not share potential hoaxes.

How to protect yourself against scams like these

1. Never click on links or open attachments from an email that you weren’t expecting or appears suspicious.
2. Verify the authenticity of a website before entering sensitive or personal information. Hover over links and inspect where the URL (address) points to and check for ‘https’ indicating a secure site.
3. If you receive a suspicious email that appears to come from an official organisation such as the WHO or the South African Department of Health, report the email to your security team to double-check.
4. If you want to make a charitable donation, go to the charity website of your choice to submit your payment. Type the charity’s web address in your browser instead of clicking on any links in emails or other messages.
5. Use secure and complex passwords; change them frequently and use unique passwords across different accounts.
6. Resist the urge to autosave your credit card details in your web browser and disable remember me features on websites.
7. Avoid installing software from unknown sources and refrain from clicking on a pop-up advertisements on mobi or webpages
8. Ignore and delete WhatsApp messages with unknown links (especially from unknown senders).
9. Never give personal information, credit card details or online account details to anyone you don’t know, is not a trusted source or where it appears out-of-the ordinary.
10. If you come across scams and hoaxes, report it directly to the implicated source or platform and warn family and friends alike.

“We encourage all users to be particularly vigilant at this time. Suspicious emails, unfamiliar webpages, and spontaneous messages about coronavirus should always be viewed sceptically. Never give away sensitive information, such as passwords or credit card information,” concludes Kutumela.