The UK National Fraud & Cyber Security Centre have reported that Coronavirus-related fraud reports increased by 400% in March and has suggested that this is linked to the increase in home working.
The term “cybercrime” denotes any sort of illegal activity that uses a computer, cell phone or any other electronic device as its primary means of commission.
Moreover it is estimated that banks are more frequently targeted by the hackers than any other business organization. IT based financial solutions of the banks such as ATMs, mobile banking and internet banking are exposed to various forms of frauds including skimming and phishing etc.
During last few years Pakistan faced some serious cyber breaches in the banking sector. In 2018 it lost US $6 million in cyber-attacks as online security measures failed to prevent breach of security in which overseas hackers stole customer’s data. Data from 19,864 debit cards belonging to customers of 22 Pakistani banks has been put on sale on the dark web, according to an analysis conducted in year 2018 by Pakistan’s Computer Emergency Response Team, PakCERT.
Factors that prompt changes in crime and terrorism include:
- High demand for certain goods, protective gear and pharmaceutical products
- Decreased mobility and flow of people across and into the world
- Citizens remain at home and are increasingly teleworking, relying on digital solutions
- Limitations to public life will make some criminal activities less visible and displace them to home or online settings
- Increased anxiety and fear that may create vulnerability to exploitation
- Decreased supply of certain illicit goods
Security experts say a spike in email scams linked to coronavirus is the worst they have seen in years.
Cyber-criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance.
Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.
Here are some examples to make it easy to understand for you;
1- Click Here For a Cure
Researchers at the cyber-security firm Proofpoint first noticed a strange email being sent to customers in February. The message purported to be from a mysterious doctor claiming to have details about a vaccine being covered up by the Chinese and UK governments.
The firm says people who click on the attached document are taken to a spoof webpage designed to harvest login details. It says up to 200,000 of the emails are being sent at a time.
Tip: The best way to see where a link will take you is to hover your mouse cursor over it to reveal the true web address. If it looks dodgy, don’t click.
2- Covid-19 Tax Refund
If a member of the public clicked on “access your funds now”, it would take them to a fake government webpage, encouraging them to input all their financial and tax information.
Tip: “Do not respond to any electronic communication in relation to monies via email,” says Carl Wearn, head of e-crime at Mimecast. “And certainly do not click on any links in any related message. This is not how HMRC would advise you of a potential tax refund.”
3- The Virus is Now Airborne
It is designed to look like it’s from the Centres for Disease Control and Prevention (CDC). It uses one of the organisation’s legitimate email addresses, but has in fact been sent via a spoofing tool.
It says the link directs victims to a fake Microsoft login page, where people are encouraged to enter their email and password. Then victims are redirected to the real CDC advice page, making it seem even more authentic. Of course, the hackers now have control of the email account.
Tip: One way to protect yourself is to enable two-factor authentication, so that you have to enter a code texted or otherwise provided to you, to access your email account.
4- Donate Here to Help The Fight
This example was reported to malware experts Kaspersky. The fake CDC email asks for donations to develop a vaccine, and requests payments be made in the cryptocurrency Bitcoin.
Overall, Kaspersky says it has detected more 513 different files with coronavirus in their title, which contain malware.
“We expect the numbers to grow, of course, as the real virus continues to spread,” says David Emm, principal security researcher at the firm.
5- Fake and Substandard Goods
The sale of fake healthcare and sanitary products as well as personal protective equipment and counterfeit pharmaceutical products has increased manifold since the outbreak of the crisis.
There is a risk that counterfeiters will use shortages in the supply of some goods to increasingly provide counterfeit alternatives both on- and offline.
Example: Between 3-10 March 2020, over 34 000 counterfeit surgical masks were seized by law enforcement authorities worldwide as part of Operation PANGEA supported by Europol.
6- Dark Web Chatter
In the past month, threat-intelligence firm Digital Shadows has seen a massive increase in cybercrime forum chatter about COVID-19. It says that since Feb. 19, dark web search activity for COVID-19 increased more than seven-fold, just as it has on the clear web, with individuals searching for information via Google.
How to Cope With This Matter of Fact?
n the meantime, organizations must still fulfill their regulatory and compliance requirements, including data breach rules in effect across the U.S. and many other countries, as well as the EU’s General Data Protection Regulation rules. That’s why it’s essential that organizations ensure they correctly lock down remote employees’ home workplaces, says attorney Ian Birdsey, a partner at Pinsent Masons who specializes in cyber risk.
“If a business mailbox that is compromised is synchronized and contains personal data, the organization might be required to notify the applicable data protection authority – such as the Information Commissioner’s Office in the U.K. – in line with the data breach notification provisions set out in the General Data Protection Regulation,” he says. “Regulated businesses, such as those in financial services and energy, may also be obliged to notify their sectoral regulator in such cases.”
They have amended existing and issued new guidance to help organisations deal with this threat. The guidance;
• Recommends steps to take if your organisation is introducing (or scaling up the amount of) home working
• Provides some tips on how individuals can spot the typical signs of phishing emails
Pakistan needs to develop its cyber capabilities infrastructure and should invest in the youth to build a cyber security force of young experts. Simultaneously, there is a need to focus on artificial intelligence, block chains and software robots.