Cybercrimes in the time of Covid-19: Scamsters taking advantage of pandemic

A variety of phishing campaigns are taking advantage to distribute malware, steal credentials, and scam users

The entire world is currently worried about containing Covid-19. But at the same time, there is an entire ecosystem that is riding piggyback on this pandemic to carry out financial frauds. And these start right from creating a fake PM CARES link for donations, equated monthly instalment (EMI) moratorium frauds, and malware in real-time apps that provide details of Covid-19 patients near you. Tragically, people are falling for these because of the overall fear. For example, a 46-year-old lost more than Rs 1 lakh after downloading a real-time neighbour-hood patient detection app.

Murali Urs, country manager, India of Barracuda Networks, says: “As much of the world grapples with Covid-19, attackers are taking advan-tage of the widespread discussion in emails and across the web.”

Mobile apps: Currently, there are many virus-related apps, which are actually malware asking for various permissions and inadvertently gain access. Raman Singh, co-founder and CRO, CloudConnect Communications, says: “The department of telecommunications recently announced a list of websites around Covid-19 with high malicious content, including fake maps showing infected users. These require the users to download software for generating counterfeit maps, making it a security concern.” In short, beware of what you download, and more importantly, the permission you give.

Tip: Ask why does the app need to read my SMSes, or permission to record/make calls from my mobile to give me a heat-map?

 

 

Email frauds: It is the most typical route for fraudsters to reach out to you, as email database is readily available on the darknet. Himanshu Dubey, director, Quick Heal Security Labs, says: “Some of these emails claim to be from the WHO or some legitimate-sounding names, well-written, and provide information close to the WHO guidelines.” In short, the fraudster lures you into opening an attached file.” Once you open the file, a malicious virus or malware is downloaded on your device, which steals information either by key-logging or pulling browser history. The most significant risk is they can get access to your financial credentials. Urs adds: “Watch out for any communication claiming to be from sources that you normally do not receive emails from.” Phishing emails ask you to open into a very familiar looking website like your bank, but the site is fake and steals your credentials.

Tip: Never save website passwords, as they are easily accessible to info-stealing malware. Always access your financial data by typing your bank’s web address manually in the browser rather than opening links.

Donations, cures, and masks scams:  Urs says: “Scamsters are looking to sell coronavirus cures or face masks, or they are asking for investments in fake companies that claim to be developing vaccines. Our researchers have also seen phishing scams in the form of donation requests for fake charities.”

Tip: Don’t open emails that promise cure, treatment or seek charity. Instead, find credible institutions, type their websites in browsers manually and donate to them directly.

EMI fraud: Here fraudsters contact you and ask for OTP to activate the EMI moratorium. Naveen Kukreja, CEO and co-founder, Paisabazaar.com, says: “Opting in or out of the moratorium does not require OTP sharing.” Your lender will get in touch with the EMI deferment option via links, email-id and numbers of the contact person who will never ask for OTP.

Tip: If your banker asks you for OTP, he is a fraudster.