Country-wide lockdowns, homeworking and social distancing have catalysed people to further lean on digital means to bridge the physical divide separating them from friends, family and co-workers. While these changes to our everyday lives have helped protect us physically, they are inadvertently leaving us exposed to threats of a different kind. Cybercriminals have been quick to take advantage of our new habits. In turn, people now need to adapt their behaviour to meet the demands of lockdown, while also staying safe online.
Safe as houses?
Remote working has become a fact of life since the pandemic struck, but this sudden mass shift to homeworking has also widened the attack surface for cybercriminals. Whereas IT departments spent years strengthening and reinforcing their security and privacy policies, in a matter of weeks many have come under huge pressure to relax the rules in order to enable first-time remote workers to get up and running.
DO install the most recent security updates for your browser, mobile devices, and PC.
DON’T reuse passwords across multiple accounts and devices. Instead, start using the ‘strong’ passwords web browsers, like Safari, now create automatically.
Fraudulent phishing scams
With so much news about the pandemic landing every day, phishing attacks that exploit fear and hunger for information are also on the rise. Playing to people’s natural desire for further information on the pandemic, fraudsters have been sending fraudulent emails offering privileged information on Covid-19 from what appear to be legitimate sources. All it takes is for the user to click the link or open the attachment to activate a malicious software download on to their computer. Many of these scams are highly convincing both in the way they look and the context in which they are viewed. Workplace email accounts, for example, are being targeted as employees expect to receive coronavirus-related updates from their employers, and inherently trust communications that look like they’ve been sent by their own company.
DO check the sender’s email address, not just their name, to make sure the address looks right, and report a scam immediately if you see one.
DON’T click on links in any emails you receive before checking them to ensure they look legitimate.
Keep your personal data close
As well as coronavirus emails landing in people’s inboxes, there has been a surge in people looking for coronavirus news online. Fraudsters have capitalized on this in several different ways.
Free pandemic news apps are being offered to people, which then trick them into handing over personal information. While they are not officially sanctioned in mobile marketplaces like the iOS App Store or Google Play, the apps are able to attract downloads by offering exclusive, secret or unofficial news, advice and cures.
One recent malware attack hijacked the DNS settings for home routers to make web browsers display alerts for a fake COVID-19 information app, purportedly from the World Health Organization (WHO). The app was actually little more than a delivery mechanism for the Oski data harvesting virus.
We’ve also seen criminals copycatting government-sanctioned mobile apps that help citizens track the spread of symptoms and infections. By taking advantage of inconsistencies in the apps’ release schedules, fraudsters have been able to convince users to add malicious updates that contain backdoors for malware.
DO check for signs, that the app you are about to download is the official version, and not the one imitating it. If you believe you have given away sensitive information like a username or password by mistake, immediately change them on any site where you have used them.
Looking for entertainment, finding malware
Unable to visit bars, restaurants, cinemas etc, people looking for light entertainment to distract from the news agenda have turned to digital alternatives such as online gaming platforms, new apps, quizzes, puzzles and comedy videos. Smartphone users should take extra care when looking for entertainment. At Upstream we have observed an uptick in ‘leisure’ apps on Google Play Store like Atlas Box, Puzzle Addict, and Video Lounge. These apps offer free entertainment but in reality they’ve been created to trick users into subscribing to premium services.
DO only install applications you are 100% certain come from legitimate sources, and ensure you review the ratings and requested permissions for any application you install.
DON’T trust or respond to alerts that attempt to gather personal of financial information.
