With employees working from home, cyber criminals using common phishing tactics to steal data, identity and money from individuals is on the rise
Cybercrime has been a national threat much before the Covid-19 pandemic. The all-pervading presence of technology and growing rates of internet connectivity due to the rise of remote working, as well as the continued development of recent technologies that provide anonymity, have made cybercrime a low-risk, high-reward journey to both State and non-State actors.
With employees working from home, cyber criminals use common phishing tactics to steal data, identity and money from individuals and compromise servers from organisations. Since they are in the midst of a global health crisis and cannot afford to be locked out of their systems, criminals believe they will pay.
1) Phishing – Messages sent by email, social media, texting platforms, designed to trick users into divulging sensitive information (passwords, credit / debit card, CVV OTP, MPIN, UPIN and QR Code) and losing money to fraudsters for fake services. Messages often include links and attachments. Scammers impersonate government agencies, ecommerce sites and reputed non-profits.
a) Backdoor preferential slot booking on www.cowin.gov.in
b) Impersonating reputed NGOs claiming to be providing plasma, Remdesivir Injections, Black Fungus related medicines and Oxygen Concentrators.
2) Spear phishing – This refers to spam targeted towards specific individuals, especially elderly people with their children abroad.
a) Providing vaccination for the elderly at home.
b) Providing Covid-19 related checks like RT PCR etc. at homes.
3) Malware malicious apps – Hidden in email connections or apps designed to obtain sensitive personal information and create financial losses.
a) Those people who are unable to buy regular pulse oximeters are downloading the fake application links having Android – APK & Apple – DMZ, files, circulated through email, social media, texting platforms, and falling prey to cyber fraudsters, losing personal information and incurring financial losses
4) e-commerce/trading websites – Scammers offer heavy discounts on products on reputed trading sites.
a) Disguised as suppliers in reputed trading websites and seeking 100% advance amounts to be transferred to their personal accounts and later they neither respond nor ship the goods.
5) Romance extortion/blackmail scams – Cybercriminals fake an identity online and gain trust before stealing or manipulating victim to extort money.
a) “Proposal turns extortion”, “A Pretty woman is a man”, “Making a gay man pay” and ‘I have your sex recording” are few romance scams. “I have your sex recording” is at its highest during the pandemic.
6) Customer support scams – The fake toll-free/fake customer support numbers.
a) They mimic the entire process along with the options, voice, and step-by-step process which the official customer support centers have in practice.
b) Once the victim calls, they do social engineering tactics and take control of your entire details, usually, they will use scare-ware tactics like if the details are not updated immediately it will result in financial or access loss.
7) Work from home scams – Deceitful people create fake job postings to benefit themselves.
a) Data entry & social media (Like/Subscribe/Watch) are the most common ones. You are asked to sign penalty clause agreement and once the work is started, they raise penalties in the pretext of incorrect data and extort money by sending fake court and police notices.
8) Investment frauds through Apps – Scamming people to invest money for heavy returns.
a) Promise of heavy returns. In the beginning, they pay you and later disappear.
How to stay safe?
1) Download applications only from Android (Play Store) & Apple (App Store)
2) Be wary of short URLs and information requested on Google forms from unknown sources
3) Kindly check authenticity of the URL if it’s a Phishing link. https://isitphishing.org & https://www.urlvoid.com
4) Never share personal information and intimate pictures or videos online
5) Always check header of email for authenticity when some asks to transfer money on an email, even if it is from your boss
6) Never search for customer care numbers on Search Engines – Open the respective application for the customer care number details.
7) Scanning QR Code or giving/sharing OTP, UPIN, Bank Card, and CVV numbers, means you are transferring the money from your account and NOT receiving.
8) Use Two Factor Authentication for all applications and emails.
9) Use Complex Passwords (Capital, Special, and Numeric) and reset all your passwords once in three months
10) Never pay any money directly to the seller’s personal/private accounts which are not mentioned on the ecommerce site.
11) Use latest versions of anti-virus and anti-malware software’s
12) Trust Covid related information from official sites only https://mohfw.gov.in, https://covid19.telangana.gov.in and https://who.int.
Stay Tuned to Cyber Talk to know more about internet ethics and digital wellness brought to you by Anil Rachamalla, End Now Foundation, www.endnowfoundation.org
Now you can get handpicked stories from Telangana Today on Telegram everyday. Click the link to subscribe.
Click to follow Telangana Today Facebook page and Twitter .