In today’s era, our lives mostly depend upon the internet and electronic devices. And as we all know that currently, the whole world is dealing with the Corona crisis. The COVID-19 Pandemic is affecting the whole world at large scale and especially during this kind of crisis we have to maintain the social distance to protect ourselves without affecting our work at a large scale so relying on the internet is only the option we are left to continue with our daily works. Cybercriminals are taking great advantage of this situation. Since a large population is now under lockdown and working from homes. All the organisations and offices and institutions are being run from home and these are at high risk of being targeted.
The cybersecurity standards of the home as compared to office enterprises are very weak and are not safe from a security
point of view which gives hackers a great chance to hack the crucial data of the companies and other institutions.
India’s first Cyber Security Chief Lt Gen Rajesh Pant (retd) said in an interview that In the past two months almost 4000 fraud portals related to Corona Virus have been created across the globe by cybercriminals and other mafia organisations.”
According to government sources, even the Prime Minister's Citizen Assistance and Relief in Emergency Situations Fund’ (PM CARES Fund)’ set up was not spared by the cyber criminals and within a few hours of its announcement half a dozen similar-sounding malicious websites and fake UPI Ids were created in the name of PM cares fund for financial frauds.
Kinds of Scams during COVID-19
1) Phishing Scams
Phishing is one of the most common attack techniques. Reports of email phishing are increasing day by day.during
Lockdown people are spending more and more time using their electronic devices and internet, Cybercriminals are using creative language to exploit the sentiments during such hard times. For instance, people are more likely to click links related to COVID-19 from emails purportedly originating from their banks, telecom companies, insurer and hospitals and so on.
Health organizations such as the WHO and US Centres for Disease Control and Prevention (CDC) have been prime targets for impersonation due to their perceived authority people are receiving safety documents with URL’s from their names which lead them to fake malicious websites and steal their personal and sensitive data. Some kinds of emails contain malicious attachments which have information about the discovery of a drug/vaccine for Coronavirus and how they can be ordered by them or any link which tells them how to save their lives from Corona in 5 minutes. Moreover, as we are aware of the fact that supplies of hand sanitizer and face masks have been out of stock from the market due to Covid- 19 outbreak, it has been found that many malicious websites are offering mask at a discounted price and after receiving the payment there is no guarantee that the product even exists. As
a result, there is a surge in phishing campaigns that aim to steal money and personal information of the users especially during this corona pandemic.
2) Fake Apps Promoting Coronavirus Cure
People are mostly relying on online channels to seek information about the cure of the pandemic. There are malicious websites which scam people. They are offering products that can prevent or cure coronavirus the website antivirus-covid.com and corona-antivirus.com have been found promoting an app—Corona Antivirus—this website claims that it can protect users from the Coronavirus. These kinds of websites and Apps are completely fake and one should avoid them. Because on the click it installs a spy software which can steal bank account details, passwords and personal data.
3) Extortion and Ransomware
It is essential for some kinds of businesses and services to maintain their continuity. Running business and service from homes has made extra vulnerable to cyber threats. Extortion scams are on the next level cybercriminals hold businesses websites until they are paid off the amount of money they have asked for. There is a ransomware by the name ‘CoronaVirus’— and ‘CovidLock” that steals your personal data and locks your phones. Cybercriminals extort money from victims to decrypt the data or unlock their phones.
4)Cyber-attacks on Digital Apps and Healthcare Web Sites
The Computer Emergency Response Team of India (CERT- which is the national agency to combat cyber threats and attacks which also guard the cyberspace, said that usage of the digital application can be vulnerable to cyber-attacks, which include leakage of sensitive office information to cyber criminals. Many organisations have allowed their staff to work from home to stop the spread of coronavirus disease (COVID-19). Online communication platforms such as Zoom, Microsoft Teams and Teams for Education, Slack, and WebEx etc. are being used for remote meetings and webinars.
"Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations. The CERT agency suggested some measures to increase the security of Zoom meetings which included that the app should be regularly updated and one should use strong and unique passwords for all meetings and webinars.
In August 2019 US-based cybersecurity firm Fire Eye said on that hackers broke into a leading India-based healthcare website, stealing 68 lakh records containing patient and doctor information. These cybercriminals mostly China-based are directly selling data stolen from healthcare organisations and web portals globally including in India in the underground markets.
To be safe from these kinds of cyber-crimes one should follow these guidelines-
1) Do not purchase any medical equipment from unofficial third-party vendors.
2) Beware of emails soliciting charitable donations before donating any money make sure that their link is authentic.
3) Do not directly open any message or link which contains this name “Covid -19” take your time and ensure that the link is authentic because the link might contain any malware.
4)Update your apps regularly and while doing any transaction make sure that you are connected to a secured network.
5) Do not download files or visit unknown websites linked in unsolicited emails.
6) Report and block these kinds of website or you can raise complaints at the Home Ministry’s dedicated portal for any cybercrime (https://cybercrime.gov.in/)
Read another post on Legal Implications in Work from Home by the same author https://www.mylawman.co.in/2020/04/guest-post-covid-19-work-from-home.html
The Author, Tanuj Raje, is a law student at Amity Law School, Noida and he can be reached at t[email protected]