As COVID-19 sweeps across the world, there is a great deal of fear and uncertainty abound. People everywhere are worried about their health, their families, their jobs, and the economy. And as if that is not enough to worry about, it seems cyber-security is now being added to this list. Unfortunately, there has been a recent uptick in the amount of cybercrime. Cyber criminals are capitalizing on this crisis, and the accompanying fear and uncertainty, to peddle misinformation, sell fraudulent products, steal personal data, and scam people out of money. Now more than ever is a time to be extra vigilant.
Check Point Software reports that since January 2020, over 16,000 new coronavirus-related domains have been registered and that these are 50% more likely to be malicious than other domains. Many of these websites thrive on fraudulent activity including purporting to sell facemasks, testing kits and even vaccines. Some of these websites will actually send false goods, while others will simply take users’ payment information and use it to steal money.
Fraudulent emails and text messages have also been on the rise, many coming from sources that are posing as legitimate organizations such as the Red Cross, World Health Organization, or the Government of Canada. Examples include a fraudulent email soliciting Bitcoin donations for the World Health Organization, a $37 video exposing “military secrets” about COVID-19, and a text message offering free face masks from the ‘Red Cross’. Recently, Global News also reported that many Canadians received text messages informing them that they are eligible to receive $1,375 from the Canadian Government. All they need to do is click on a link and provide their personal information. In doing so, victims compromise their personal data and put themselves at risk for future identity theft.
Individuals are not the only ones falling victim to COVID-19 related-scams. For many organizations whose employees are now working remotely, there is an increased risk that company systems will be hacked. Many employees will now be accessing sensitive company information through their home wifi networks. This provides a new entry point for hackers looking to gain access to corporate data. Phishing emails that are sent to work emails can also result in compromised company data through malware being downloaded to work devices. It’s also easier for employees to willfully carry out data breaches in the privacy of their own homes.
Cyber criminals will often work by exploiting fear and attempting to convey a sense of urgency in the hopes that their victims will act quickly and not take time to consider their actions. No matter what means they are using, be it text message, email, website or phone call, they will usually try to get their victims to act as swiftly as possible. The best way to avoid falling victim is to always consider the source of the message you’re receiving. Chances are that if a message looks questionable and you didn’t initiate contact with the organization, then you are being scammed.
The best way for individuals and companies to maintain their cyber security is to ensure all are attuned to the heightened risks and educated on how to spot fraudulent activity. For companies, there should also be a centralized means to document attempted cyber attacks, where users can share their experiences and see examples their colleagues share.
To further protect company information from being accessed via unsecured networks, there are a few options. Many companies already have Virtual Private Networks, or VPNS that are more secure than most users’ personal networks. All employees who have access to sensitive data should be using a VPN. Perhaps this is also the time to consider temporarily limiting access to key databases only to essential personnel.
As COVID-19 continues to be top of mind for everyone, it’s important not to let the resultant fear and confusion exacerbate the problem. The best way to protect yourself and your company from cyber attacks is to verify the source of incoming messages, take time to evaluate your actions and report suspicious activity.
COVID-19 Small Business Resource Centre
Keep your business strong and resilient throughout the COVID-19 crisis.