The Covid-19 pandemic is a prime opportunity for hackers and scammers to prey upon people forced to work or study from home, but you’re far less likely to be the next cybervictim if you learn to recognize computer scams.
Cybercrime is the fastest growing segment of criminal behavior in many parts of the world. There are so many potential victims, and the perpetrators are difficult to catch.
Cybercrime in numbers
The F.B.I. has been collecting complaints about cybercrime for 20 years, logging more than 4.5 million incidents since the inception of the Internet Crime Complaint Center, or IC3, which is focused on computer hacking, identity theft, cyber fraud, and child pornography.
IC3 logs more than 1,300 complaints daily, on average, an an annual cost to individuals and businesses of around $3.5 billion. Hacking business email is the most common problem and is responsible for half of all losses.
Online behavior during COVID-19
Whether you’re working from home or just poking around online to keep your kids engaged during an isolation period, you’re likely to be spending more time than usual online. Before you shop or answer unfamiliar emails, find out about the pitfalls of online scams. Many specifically target people by mentioning the deadly virus COVID-19.
Kids who are online should be supervised, as they can unwittingly fall prey to common phishing schemes. Children are more likely to venture onto websites that infect your computer with malware.
Millions of people working from home online multiplies the opportunities for hackers to ply their trade: tricking people into releasing sensitive information, paying for phony products or protection, and spreading computer viruses. All they need is a few unsuspecting victims each day to make a good paycheck. These hackers will then sell any stolen sensitive information to others online, allowing your identity to be stolen and duplicated, accounts hacked, and increasing the time and agony it will take to recover. Most common features of these scams are:
- a sense of urgency, demanding that you have to act immediately;
- requesting payment through nontraditional means (gift cards or bank transfers rather than credit/debit cards that can track the scammer);
- the source appears to be in a position of authority, and
- the situation/problem is difficult to verify.
Here are common cybersecurity concerns when working from hom.
1. Never use an unsecured internet connection.
Never rely on public Wi-Fi for anything more than reading the news. If your company has a VPN connection or safe laptop, use it, but not every job is so well equipped.
Sharing files on the open internet is risky. If you’re asked to handle sensitive company data on your home computer, without the security of a VPN, at least check your internet router security to ensure it’s password protected. Note that experts have found personal computers to be particularly vulnerable to hacking when attempting to connect with sensitive corporate data.
Use a firewall, anti-virus software, and other defense systems, all of which are good investments, particularly if you use it for shopping or financial transactions. This software may protect from attempted incursions by trojan malware and other types of attacks. A good product will scan your computer on a schedule and isolate suspicious files such as malware.
Likewise, strong passwords are important security measures. Use a random password generator, do not reuse passwords, and accept two-factor authentication where it’s available to keep accounts from hackers.
2. Fake COVID-19 testing emails
Fear is a big ingredient in email scams, and the cornoavirus is the perfect opportunity to scare people. Many hackers attempt to get money or personal information from people (a technique called phishing) by sending emails that look official. They are currently using the virus to get this information by offering fake “testing” or even cures through emails.
These emails may appear to be from government agencies like the Centers for Disease Control (CDC), hospital officials, or other health organizations. Oftentimes the email addresses are “spoofed” so they appear to be from an official account but may be one letter off, or have a slight misspelling. Many people will respond quickly to such an email without verifying its authenticity, sending money or information (like social security or bank PIN numbers) or filling out online forms that include personally identifying information that should not be shared this way.
Experts urge people who receive such “official” email requests to contact the source independently to determine if the email is real before responding. Government agencies do not contact individuals via email and virus testing is only available through your doctor’s office.
3. Coronavirus-related phishing emails
Similar to the “phishing” attacks via email, the Better Business Bureau warns of scams related to fundraising for virus victims and malicious links that are related to COVID-19 shutdowns. Before clicking on any links that are labeled “airfare refund” or COVID relief fund charities, consider the source. If you did not have any flights directly impacted by travel restrictions, any refunds offered by airlines are likely to be scams.
The Secret Service has also issued a warning about scammers using virus-safety email to launch ransomware attacks on computers, or to get people to send money for virus protection kits (such as N95 face masks) and never providing the goods that were paid for.
4. Fake financial schemes
Hackers and scammers know how to catch people off-balance and put them in a vulnerable position. Many have been laid off and are online looking for jobs to pay their bills. Beware of fake ads for nonexistent jobs (if it sounds too good to be true it probably is). Their purpose is to capture your email address when you apply, then flood your inbox with fraudulent financial offers or even ransomware through phishing.
Other schemes offer financial help, short-term loans for small businesses, debt consolidation, or student financial aid assistance. The bottom line is to be suspicious of any incoming emails offering such deals. Instead, work through a trusted bank or financial adviser, checking with authorities such as the government’s Department of Insurance, Securities, and Banking (DISB) to verify the credentials of lenders before entering any sort of financial agreement with anyone.
5. “Smishing” schemes
COVID-related text messages may also pop up on your phone. Do not click on links from any unverified sources. That can trigger a cascade of serious issues, including hijacking your phone and other accounts. Hackers can cull information from the Dark Web, including stolen birth date and Social Security numbers, then break into cell phone accounts, taking control of two-factor authentication that relies on PIN numbers sent via text messages. These short-term codes are used by many financial institutions to protect bank and credit card accounts. In the worst cases hackers will move your cell phone number to a new account, cutting off your ability to call for help or report the incident to your cell phone carrier.
The COVID-19 virus is making us all nervous and on edge. Never respond in haste from a position of vulnerability. Never share passwords, personal information, or PIN numbers. Verify the identity and credentials of any organization or fund before contributing or providing your personal information.
The whole world is quarantined but the cyberattacks just don’t stop.