Cyber Crooks Cashing in on Covid Crisis

Cyber Crooks Cashing in on Covid Crisis

ACyber crooks cashing in on Covid crisis:

  • Cyberthreats are constantly evolving taking advantage of online behaviour and trends. They are exploiting the COVID19 outbreak as an opportunity to send phishing mails claiming to have important updates or seeking donations, impersonating trust worthy non-governmental organisations.
  • With most of the employees working from home, the cyber criminals are use common phishing tactics to steal the data, identity, money from individuals and compromise servers from organisations. Since they are midst of the world health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay, few types of attacks they chose are
    • a) Workplace policy emails. Cybercriminals have targeted employees’ workplace email accounts. The phishing email has content i.e. “Because of coronavirus outbreak, we are actively taking safety measures by instituting a Group Health Policy.” If you click on the fake company policy, you’ll download malicious software.
    • b) Health advice emails. Cybercriminals have sent emails that claim to offer medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts near Wuhan, China or Central Board of Health & Nutrition from New Delhi. This little measure can save you. One of the phishing email says, use the link below to download Safety Measures.
    • c) Malicious Website: Many domains over the Internet that contain the terms: "coronavirus", "corona-virus", "covid19" and "covid-19".
    • d) Ransomware: The ransomware can enter their systems through emails comprising infected links or attachments, compromised employee credentials, or by manipulating a vulnerability in the system.
    • e) Malware: Malware, Spyware and Trojans have been found implanted in interactive coronavirus maps and websites. Spam emails are deceiving into clicking on links which download malware to their computers or mobile devices. Some of the activities that malware that can do after its installed on your local pc or laptop
      • Keylogger – This malware can record whatever the user is typing, including the login credentials for a bank or an email account, and send it to the hacker.
      • Remote Access Trojan - This malware will give the hacker full remote access of the infected computer to a hacker.
      • Bots - This malware will be used for controlling remotely and participate in the DDOS attacks.

Advisory for CERT - Computer Emergency Response Team:

  • CERT’s advisory underscores that malicious actors involved have claimed to have access to over 2 million email IDs and intend to send emails with the subject lines making mention of free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad.
  • As per CERT-In, it is likely that the attackers could impersonate Government agencies, departments and also trade bodies involved in deliverance of Government's financial aid using email IDs like ncov2019@gov.in
  • If you find any one has got a fraudulent email, with a domain .. @gov.in, you may immediately mail to incident@cert-in.org

Some Examples of Phishing via Emails:

  • a) PMCARES@SBI is the right UPI Handle, Fraudsters have created similar impersonating handles like PMCARE@SBI, PMCAR@SBI to steal money from public.
  • b) Impersonated Emails : Beware there are many websites who offer Fake Email Spoofs and Fake Spoof SMS free of cost too. Be doubly sure you see the reply to address and read the full header of the sender.
    • 1). Emails from Bank for EMI Moratoriums from Banks
    • 2). Charity Organisation Seeking Donations
    • 3). E-Mail from CEO, asking the accounts department to transfer funds to alternate accounts in a emergency basis. Be sure you talk to CEO over the phone before you transfer, there are many cases reported in Cyber Crime Police Stations on this issue.
    • 4). E-Mail from your boss (with peculiar subjects) asking you to review the project deliverables as per any attached document, beware this could be a malware infected document.
    • 5). E-Mail from your company’s internal IT Help desk, department asking the users to download and install the (fraudulent) software’s to have more effective work from home or even update your existing software’s.

Tips to avoid Phishing Cyber Crimes:

  • a) Do not to click or any unknown emails / attachments / links / maps, mentioning COVID19 - Scammers are using Phishing Tactics in the name of Charity, Help Desks, Maps & Selling Masks, just to steel your identity or money from you.
  • b) Back up all your important files, and store them independently from your system (e.g. in the cloud, on an external drive);
  • c) Always verify you are on a company’s legitimate website before entering login details or sensitive information.
  • d) Allow remote access to the organisations network strictly with multi-factor authentication.
  • e) Office Administrators must be advised to apply strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.
  • f) Ensure you have the latest anti-virus and malware software installed on your computer and mobile devices;
  • g) Office Administrators must consider Mobile Device Management (MDM) and Mobile Application Management (MAM). These tools can allow organisations to remotely implement no of security measures, including data encryption, malware scans and wiping data on stolen devices.
  • h) Check the availability and duration of the remote login user actions. Ensure that remote sessions automatically time out for a particular time period of inactivity and that they require re-authentication to gain access.
  • i) Download mobile applications or any other software from trusted platforms only;
  • j) Perform regular health scans on your computers or mobile devices.
  • k) Regularly check and update the privacy settings on your social media accounts;
  • l) Ensure you enable dual authentication for emails and banking platforms.
  • m) Update your passwords and ensure they strong (a mix of uppercase, lowercase, numbers and special characters).
  • n) Enable dual authentication (OTP) for emails, banking and all other platforms.
  • o) Change the default passwords of routers and internet service providers.

Reach us at: support@endnowfoundation.org