Cyber crooks cashing in on Covid crisis

According to CERT-In, malicious actors have access to over two million email IDs and intend to send emails making mention of free Covid-19 testing, thus targeting residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad

By   |  Anil Rachamalla  |  Published: 23rd Jun 2020  12:14 am

Cyber threats are constantly evolving and taking advantage of online behaviour and trends. They are exploiting the Covid-19 outbreak as an opportunity to send phishing mails claiming to have important updates or seeking donations, impersonating trustworthy non-governmental organisations.

With most employees working from home, the cyber criminals use common phishing tactics to steal data, identity, money from individuals and compromise servers from organisations. Since they are in the midst of the world health crisis and cannot afford to be locked out of their systems, the criminals believe people are likely to pay.

Types of attacks

a) Workplace policy emails: Cybercriminals target employees’ workplace email accounts. “Because of coronavirus outbreak, we are actively taking safety measures by instituting a Group Health Policy,” may read a phishing email. If you click on the fake company policy, you’ll download malicious software.

b) Health advice emails: Cybercriminals send emails that claim to offer medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts near Wuhan, China or Central Board of Health & Nutrition from New Delhi. One of the phishing emails says, “Use the link below to download Safety Measures.”

c) Malicious website: Many domains over the Internet that contain the terms: “coronavirus”, “corona-virus”, “covid19” and “covid-19”.

d) Ransomware: It can enter their systems through emails comprising infected links or attachments, compromised employee credentials, or by manipulating a vulnerability in the system.

e) Malware: Malware, Spyware and Trojans have been found implanted in interactive coronavirus maps and websites. Spam emails deceive you into clicking on links which download malware to computers or mobile devices. Some of the activities that malware that can do after its installed on your local pc or laptop

Keylogger – This malware can record whatever the user is typing, including the login credentials for a bank or an email account, and send it to the hacker.

Remote Access Trojan – This malware will give the hacker full remote access of the infected computer to a hacker.

Bots – This malware will be used for controlling remotely and participate in the DDOS attacks.

Advisory from CERT – Computer Emergency Response Team

CERT’s advisory underscores that malicious actors involved have claimed to have access to over two million email IDs and intend to send emails with the subject lines making mention of free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai, and Ahmedabad.

As per CERT-In, it is likely that the attackers could impersonate Government agencies, departments and also trade bodies involved in deliverance of Government’s financial aid using email IDs like [email protected] If you find any one has got a fraudulent email, with a domain .., you may immediately mail to [email protected]

Examples of phishing via emails:

a) [email protected] is the right UPI Handle, Fraudsters have created similar impersonating handles like [email protected], [email protected] to steal money from public.

b) Impersonated emails: Beware there are many websites who offer Fake Email Spoofs and Fake Spoof SMS free of cost too. Be doubly sure you see the reply to address and read the full header of the sender.

1). Emails for EMI moratoriums from banks
2). Charity organisation seeking donations
3). Email from CEO, asking the accounts department to transfer funds to alternate accounts in a emergency basis. Be sure you talk to CEO over the phone before you transfer, there are many cases reported in Cyber Crime Police Stations on this issue.
4). Email from your boss (with peculiar subjects) asking you to review the project deliverables as per any attached document, beware this could be a malware infected document.
5). Email from your company’s internal IT Help desk, department asking the users to download and install the (fraudulent) software to have more effective work from home or even update your existing software.

Tips to avoid getting trapped:

a) Do not click on any unknown emails / attachments / links / maps, mentioning COVID19 – Scammers are using Phishing Tactics in the name of Charity, Help Desks, Maps & Selling Masks, just to steel your identity or money from you.

b) Back up all your important files, and store them independently from your system (e.g. in the cloud, on an external drive);

c) Always verify you are on a company’s legitimate website before entering login details or sensitive information.

d) Allow remote access to the organisation’s network strictly with multi-factor authentication.

e) Office administrators must be advised to apply strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.

f) Ensure you have the latest anti-virus and malware software installed on your computer and mobile devices;

g) Office administrators must consider Mobile Device Management (MDM) and Mobile Application Management (MAM). These tools can allow organisations to remotely implement no of security measures, including data encryption, malware scans and wiping data on stolen devices

h) Check availability and duration of the remote login user actions. Ensure that remote sessions automatically time out for a particular time period of inactivity and that they require re-authentication to gain access

i) Download mobile applications or any other software from trusted platforms only

j) Perform regular health scans on your computers or mobile devices

k) Regularly check and update the privacy settings on your social media accounts

l) Ensure you enable dual authentication for emails and banking platforms

m) Update your passwords and ensure they are strong (a mix of uppercase, lowercase, numbers and special characters)

n) Enable dual authentication (OTP) for emails, banking and all other platforms

o) Change the default passwords of routers and internet service providers

Stay Tuned to Cyber Talk Column on June 30 about “The Impact of Technology on Human Wellbeing” brought to you by Anil Rachamalla, End Now Foundation,

Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.

Click to follow Telangana Today Facebook page and Twitter .