Some still out phishing while the world is in lockdown
The world has changed in an unprecedented way in just a few weeks owing to the evolving situation around the coronavirus pandemic. This crisis has brought out the best of humanity in several ways but as is the case with any crisis, it can also draw out the worst in some.
Cyber-criminals are using people’s fear and need for information to execute phishing attacks to steal sensitive data. They are also using it to spread malware in computer systems for profit. One can only hope that hacker groups won’t be attacking health systems, hospitals and nursing homes, the reality is, that no one can fully control how the malware spreads. We have our hands full adapting to the crises already, a little meticulousness and vigilance can go a long way in protecting us from these attacks.
In tandem with the global public health crisis, Covid-19 is wreaking havoc in the virtual world as well. The paranoia about the disease is being leveraged as clickbait for cyber-crimes. Emails under the guise the World Health Organization, United Nations and Indian Council of Medical Research or even larger corporations – along with messages, apps and websites, are being used to steal personal information from unsuspecting people. These crimes are committed by luring the person with various freebies, huge discounts on products, listing preventive measures against the virus and up-to-date information on coronavirus. Through these attacks, people are further being lured to buy fake vaccines, testing kits and masks which are desperately sought. Scammers are even trying to lure unsuspecting users on social media to raise funds for coronavirus victims.
In case of information theft, the modus operandi seems simple. A malware is injected into the device via links, attachments in the mail and a ransomware being circulated as part of a mobile app. These malwares can access your banking logins, passwords and credit-card information by logging your keystrokes on the keyboard. Once a user’s system is affected/infected by the malware, users could lose money and confidential information as it gives scammers access to both. What seems to be accelerating these attacks is the curiosity and fear and the rise in coronavirus searches online.
- All of us certainly need to be vigilant in these times. There are tell-tale signs of identifying fraudulent mails.
- Check if the sender’s email address looks different from the name shown in the display or if it contains unknown URLs
- Always check if the email contains an attachment and urges you to download the attachments for more details or the promise of an award.
- Another pattern with fraudulent emails is the use of poor language in the copy text. They are often riddled with grammatical errors. Closely scrutinise the details.
Watch out for any communication claiming to be from sources that you normally would not receive emails from Phishing emails are likely to come in the name of a recognized global/national public health body like WHO, ICMR or a similar UN or government body. It may have a similar looking domain names and an identical logo. You should scrutinize the emails before opening, especially which are sent from not so regular or unknown names. For example: WHO is not going to send you emails if you don’t regularly receive emails from them already. Hover your mouse over links; the info dialog box should give you an idea about whether it’s a genuine link or not. Don’t click if it looks suspicious.
Brand impersonation on the rise; verify emails from familiar sources as well
Phishing emails could come from anywhere, it could even be in the name of HR department of your own company. Brand impersonation is quite prevalent in coronavirus-related email attacks, so use caution opening emails with organization from organization you expect to hear from. Never ever respond to any email that asks you for your personal information. Also be wary of any suspicious/phishing emails for policy renewals or premium payments.
Find legitimate charities for donations
A common scam strategy adopted by attackers is seeking donations to help victims of coronavirus. To avoid falling for these scams, do not respond to email requests for donations, instead, do your own research and find charities to directly donate to.
Stay vigilant, stay safe.
Disclaimer: SBI General will never ask you for confidential details over calls, emails or text messages.
Pushan Mahapatra,
MD & CEO, SBI General Insurance