COVID-19: Cyber Threats Like Phishing, Fake Applications, Malicious Websites and Refund Scam Increasing
The outbreak of coronavirus (COVID-19) has also increased number of threats like phishing emails, fake applications and fake websites. Over the past two months, thousands new portals and applications have emerged that claim to provide one of the other things about COVID-19. However, many of these are aimed at cheating or defrauding the user.
According to Ryan Olson from Unit 42, the threat intelligence team of Palo Alto Networks, with the onset of the COVID-19 pandemic spreading around the world, many of us have had to adapt our lives to accommodate the new reality and bad guys are no different. "They have also adapted and are taking advantage of this pandemic to launch cyber-attacks. The biggest opportunity for cyber attackers with this outbreak has nothing to do with technology, but with how humans change their behavior and patterns in response to the crisis."
Two biggest examples of emerging frauds during the COVID-19 are booking refund fraud and fake unified payments interface (UPI) handles for the Indian prime minister's special fund, prime minister's citizen assistance and relief in emergency situations (PM-CARES) fund.
However, the authentic UPI handle for the PM-CARES is [email protected]
Incidentally, even in State Bank of India (SBI) there was on UPI handle [email protected]
, which is now disabled.
Due to the lock-down, everyone was forced to stay at home. Under this situation, many, who had booked tickets and hotels, have to cancel their bookings and wait for the refunds. However, taking advantage of this situation, several fraudsters are sending our messages for giving out refunds. This off-course is not true.
In a communication to its customers, MakeMyTrip says, "There are attempts being made by some fraudsters to misguide people who are seeking refunds for their booking cancellations, by asking for your bank account details and other personal information. We advise you to remain vigilant and refrain from providing such information. We wish to clarify that no MakeMyTrip representative will ever reach out to you seeking confidential banking or payment related information, including one-time passcode (OTP), UPI pin or wallet details.”
Goibibo also sent similar message to all of its customers.
Unit 42 from the Palo Alto Networks had done some analysis of the increase in cybercrimes using COVID-19. It says, there are several instances where distribution of phishing and malware taking place using COVID-19 themes. "Attackers are taking advantage of the high amount of attention paid to COVID-19 to lure victims into opening attachments on malicious emails and click on phishing links. This is not a single attack or event campaign, but widespread use of virus-related themes. We have identified malicious emails using subjects containing COVID-19 and related keywords carrying remote administration tools (RATs) like NetWire, NanoCore, and LokiBot, as well as other malware," it says.
Common people are always on a lookout for more information. During a pandemic, this information seeking jumps by many folds. People are seeking information about COVID-19 such as how it is impacting them, and how they can stay safe, many are looking to their smartphone for help. However, there have already been multiple cases reported of malicious Android applications that claim to offer information about the virus. These allow the attacker to spy through the handheld devices, or encrypt the device and hold it for ransom.
As always, Android users should not install applications from untrusted sources and should stick with the Google Play store. Similarly, iPhone users should not jailbreak their phones and install apps from third-party sources instead of from the Apple App Store.
Other things that we all should be careful about is launch of new websites using corona, coronavirus or COVID. During the past few weeks, more than one lakh domain names have been registered that contain names like covid, virus and corona.
"Not all of these will be malicious, but all of them should be treated as suspect. Whether they claim to have information, a testing kit, or a cure, the fact that the website did not exist until the pandemic became news should make you very skeptical of their validity," Unit 42 says.
So How Can Protect Yourself from This?
1. Be sceptical about every piece of information that you receive on COVID-19.
2. Check the source. If this is not reliable, then kindly visit the government's authentic portal for details.
3. Never respond to emails seeking your personal information, especially for refunds (as the service provider may already have all these details captured when you made the booking)
4. Stay at home, and stay safe.