The coronavirus crisis has created the perfect storm for cyber criminals with more people online and working from home and creating a larger target for scams. Here’s how you can protect yourself.
And with so many people now working remotely outside the protection of their company’s secure IT environment this makes them even more vulnerable.
“While the world is grinding to a halt, cyber-attacks are on the rise, preying on public fear and anxiety,” says Yenni Tim, researcher of Cybersecurity at the UNSW Business School.
The number of scams and phishing email attacks has risen just as quickly as the number of people infected with the coronavirus.
The Australian Cyber Security Centre (ACSC) has received more than 45 cybercrime and cyber security incident reports and all were linked to COVID-19 scams.
Cyber criminals are taking advantage of fear and anxiety about the coronavirus crisis, says Dr Tim.
“Being able to quickly identify common patterns in phishing emails is very important because the health crisis has triggered anxiety and fear in our nation – emotions that malicious actors are always taking advantage of,” she says.
“Being isolated from the workplace community has increased the risks of phishing attacks as people can no longer easily turn to a colleague to confirm the legitimacy of an email.”
“Due to an increase in the volume of communication relating to COVID-19 – such as official company updates, check-ins from insurance and healthcare providers and the government – people have become overloaded with information.
“This sets the perfect scene for malicious actors looking to throw a phishing email in the mix.
“As more people start using online communication platforms, such as Zoom or Teams, opportunistic and malicious actors will be very quick in setting up phishing attacks.
“They send Zoom look-alike emails embedded with malware or bring people to malicious websites with the word ‘Zoom’ in them to trick them into providing data or download malicious files.”
WHAT TO LOOK OUT FOR
Phishing emails and SMS phishing mainly follow three patterns:
– An urgent call to action asking for an immediate response. One example that’s been seen is an email saying one of our team members has tested positive to coronavirus and a call to study attached documents to see what next steps need to be taken.
– Too good to be true. An example is someone offering to transfer support funds and asking to confirm your details are correct.
– Impersonation of well-known organisations. These can range from emails that look like they come from the World Health Organisation (WHO) or from your HR department as well as telcos and banks. And they ask users to click links to view the latest safety information, to process a refund or learn if you are eligible for a payment.
HOW TO PROTECT YOURSELF
UNSW’s Dr Tim has four recommendations to avoid becoming a victim of cybercrime.
- Be careful of any email or SMS that asks you to:
– Open or download an attachment
– Click on a link
– Provide your data (by going to a fake site – or replying to an email.
- Avoid acting on emails on mobile devices.
People are more susceptible to phishing attacks when reading emails on a mobile device.
It is harder to verify the legitimacy of an email when viewed on a smartphone. People are also more distracted when reading email on mobile and they might not apply the required amount of scrutiny.
- Verify the sender and look for official announcements.
Hover your mouse over the sender’s name to reveal their real address. It is common for these email addresses to have replacement or similar letters that try and resemble a legitimate domain name.
If there is doubt, search for official announcements to confirm what the email is claiming.
- Be wary of emails that ask for personal information.
Organisations like WHO and government departments will never ask for a username and password to unlock an email attachment or to access health and safety information.
And they will also never ask for bank account information through an email or text message.