Around the world, the number of scams associated with the COVID-19 crisis has increased. There are organized crime groups and cyber criminals taking advantage of the pandemic to send infected documents through suspicious links that reach potential victims.
The increase in teleworking, accompanied by a constant flow of information associated with the epidemic, has opened an opportunity for scammers to target companies and their workforce to commit fraud.
There are significant challenges for some sectors, such as financial services, pharmaceuticals, life sciences, and telecommunications.
However, the following risks are shared by various industries, which have been enhanced by problems associated with business continuity and operational changes by the global pandemic.
According to an online study carried out in March, 68% of the employees interviewed had stated that they were working from home.
Unfortunately, only 24% of these were using a company computer.
This data appeared particularly alarming for Capterra analysts, as the replacement of a company computer with a personal one (mostly if done in a moment of crisis and without prior preparation) poses a series of problems in managing the security of corporate data.
Recently, it is not apparent that the employee’s devices have the same degree of protection as a company computer.
To this exceptional and unplanned risk factor, others, however present and more ordinary, can be added, which may relate to bad management of passwords (corporate and personal), a lack of data transit on the company server with VPN use of repositories for unsafe documents.
Five hundred eighty-four people from small and medium-sized companies responded in the survey. It emerged that:
- Just 21% of respondents access the company server from home via a VPN ;
- Only 26% of the interviewees installed an antivirus on their electronic device;
- The 20% of respondents use a password manager, versus 29% who is not being used;
- 34% of respondents claimed to use a single password for all online tools that you use for work.This data is alarming.
Different type of cyber-fraud epidemic:
Imposters aim to reach their victims through emails with malicious attachments, links, or redirects to “updates” on COVID-19. Once opened, these links infect the computer or mobile device from which they were opened with malicious programs (malware) or expose sensitive personal data transmitted to the cyber criminal.
Phishing remains the preferred method of cyber crime. According to the 2019 Phishing and Fraud Report, carried out by the F5 Networks research center, in the United States, phishing represents 21% of attackers’ methods because it is easy and it works.
Attackers don’t have to worry about hacking into a firewall, finding a zero-day exploit, cracking encryption; the most challenging part is slipping a good trick into the email to get people to click and create a fake site to land on.
Sites web fraud related to COVID-19
Multiple Internet domains that have been registered with the name “COVID” appear to be authentic and created by recognized organizations; however, they contain malware designed to infect computers or other mobile devices.
Risks related to business email
Using emails disguised as COVID-19 updates, scammers try to trick company employees into giving up their credentials, and then request that they log into a fake portal “COVID-19” the organization.
Once the person logs in with their credentials, the fraudster gains unlimited access to business accounts and the company network.
In this attack, the first thing scammers do is compromise the security of critical servers and connected terminals and then encrypt them.
The attack locks the operating system and end-user files, making them inaccessible until a ransom is paid to the attacker, who often demands payment in bitcoins.
As remote access to computers becomes the norm for “working at home” due to confinement measures, an increase in these attacks is expected to paralyze organizations’ Information Technology (IT) infrastructure until the criminals manage to collect the corresponding ransoms.
Other Mobile App Scams:
Fraudsters are developing or manipulating mobile phone apps that appear to track the spread of COVID-19. However, once installed, the application infects the user’s device with malware that can be used to obtain personal information, confidential data, or bank card or account details.
Some other scam mechanisms used by organized crime include:
a.To request for donations for non-existent entities that appear to be helping individuals or communities affected by the virus, or contributing to the development of vaccines.
b. The request for investments in companies that would be developing services or products to prevent, detect, or cure the virus.
There are many ways that companies can reduce the chance that their workforce will fall victim to COVID-19 scammers.
The most crucial point that should be applied to reduce the level of vulnerability will be to raise awareness about how criminals try to take advantage of this global health crisis, providing them with valuable information that allows them to make the best decisions when facing a threat and thus be the first barrier that protects the security of the organization.
How to avoid being misled by fraud while working from home or merely being distracted by current events
Cyber criminals are taking advantage of the pandemic to rob corporates, governments and people, especially during fast-paced and uncertain events such as the pandemic, criminals count on distractions.
They are taking advantage of it to sneak into a scam, whether it’s leveraging the increased volume of online shopping, the increased use of online education and ‘meeting’ software, or the increased need for pandemic information and critical infrastructure, attackers may be seeing results.
In this regard, F5 shared information about the largest number of organized online fraud schemes as a result of COVID-19, and the security measures that an organization can take to avoid falling into the clutches of phishing so quickly:
- Check the sender’s email address, click on the return address and verify that it is from a reliable source.
- Think twice before clicking on the links or downloading attachments.
- Be careful opening email attachments and clicking on email links or links in text messages from unknown sources.
- Be sure to check the domains linked to make sure they are trustworthy and familiar domains.
- Make sure to avoid using or clicking on shortened URLs, such as those from services like Bit.ly, as these hide the real target website.
- If you clicked the link or downloaded an attachment, please do not provide any information on the website and the opening.