STONEHAVEN residents are warned COVID-19 themed phishing attacks have been on the increase with all sorts of campaigns ranging from government relief to health information supposedly from the World Health Organisation (WHO).
There is much to be wary of, such as website scams where a site impersonates the UK gov.uk domain – look out for give-away spelling and grammar mistakes.
And there are phishing SMS messages tempting the vulnerable with ‘payments’ from the Government.
Cyber criminals are preying on people’s fears by developing apps that appear to provide essential and timely information, such as where to buy N95 face masks or how to track recorded cases in real-time.
Hackers are also creating counterfeit versions (with malicious code) of legitimate COVID-19 apps. For example, Softmining, an Italian software company that created a tracker app for COVID-19, reported that attackers had developed similar apps with the original app’s functionality but with malicious code designed to steal user data.
And scammers have launched websites containing a digital antivirus – Corona antivirus – that promises to protect its users against the actual COVID-19 virus. This malicious software posing as an antivirus, once downloaded, turns the device into a bot. A bot is a zombie computer awaiting commands from a command-and-control server operated by a malicious actor.
What can you do to protect yourselves from any Covid-19 related scams?
Learn about Phishing Scams – be suspicious of emails, phone calls, and web-links
In a phishing scheme attempt, the attacker poses as someone or something the sender is not to trick the recipient into divulging credentials, clicking a malicious link, or opening an attachment that infects the user’s computer system with malware, trojan, or zero-day vulnerability exploit. This often leads to a ransomware attack. In fact, 90% of ransomware attacks originate from phishing attempts. So:
- don’t open attachments or click on links that are contained within an email from people you don’t know;
- know which links are safe and which are not – hover over a link to discover where it directs to;
- be suspicious of the emails sent to you in general – look and see where it came from and make sure you check the full email address;
- remember, malicious links can come from colleagues who have been infected too and don’t just come in emails. Malicious links that lead to stolen data and infected devices also can be found in text messages, mobile app messages, social media and block posts , etc. So, be careful!
Use Strong Passwords
- Don’t use the same password twice;
- Your password should at least be eight characters and contain mix of lowercase letters, uppercase letters, numbers, and special characters, such as &%#@_.!><()^;
- Don’t leave a password hint out in the open or make it publicly available for others to see;
- Where available, always use Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA). Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But, with 2FA or MFA, you would be prompted to enter at least one additional authentication method such as a Personal Identification Code, another password or even fingerprint;
- Change your password if you believe it has been compromised. You can check if a password you are using has been compromised by checking it against previously exposed passwords on Pwned Passwords.
Use Your Mobile Devices Securely
- Mobile devices are not immune to malware;
- Create a difficult mobile passcode – Do not use your birthday or Bank PIN;
- Don’t Jailbreak the mobile device and only install apps from the official App Store;
- Keep the mobile device updated – Hackers use vulnerabilities in unpatched older operating systems
- Avoid sending personal, confidential or otherwise sensitive information over text message or any other messaging apps;
- Make sure you turn on Find my iPhone or the Android Device Manager to prevent loss or theft;
Avoid Using Public Wi-Fi
- Don’t use a public Wi-Fi without using a Virtual Private Network (VPN). By using a VPN, the traffic between the user’s device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to obtain access to data on the device.
- If you don’t have a VPN client installed and only a public WiFi network is available, either wait until you get back home and can use your own WiFi network or use your mobile phone network (often called ‘tethering’) if security is important.