Cyber Criminals Using COVID-19 Fears to Increase Malicious Online Activity: What You Should Know
March 13, 2020
By Sarah S. Anand and Aloke S. Chakravarty
In the wake of COVID-19’s spread across the world, a new and additional threat has emerged: cyber criminals taking advantage of the spread of the virus. Multiple incidents have been reported of cyber criminals disseminating COVID-19-related information in malware-laced computer messages, often through social engineering attacks, such as phishing emails. Typically, these groups will send emails that appear to come from trustworthy institutions, such as local, national or even international organizations like the World Health Organization (WHO). These emails may ask victims to: 1) give sensitive information, such as usernames or passwords; 2) click a malicious link; or 3) open a malicious attachment. Using these methods, cyber criminals can install malware on the victim’s computer, which allows them to gain access to their network or steal sensitive information.
The WHO has issued a warning about these phishing attempts and how to spot them:
Verify the sender by checking their email address: cyber criminals oftentimes make a change to an email address, such as a misplaced or different letter.
Check the link before you click: this is particularly important when viewing emails on a mobile device.
Be careful when providing personal information: always consider why someone wants your information and if it is an appropriate request.
Do not rush or feel under pressure: cyber criminals use emergencies to get people to make decisions quickly and under pressure.
At an organizational level, companies should consider reassessing their cyber health and safety. For example, distributing information to their employees about these types of cyber threats and how to avoid them (when in doubt, do not open attachments or click on any links), and providing employees with information from established resources, such as the Center for Disease Control or the WHO. Additionally, implementing data backup and loss prevention measures can add an additional layer of protection if malware is deployed to your computer network. As in the physical world, sound cybersecurity hygiene and awareness can slow or stop the spread of a dangerous infection.