We have all become wary of emails and messages promising prizes, easy money-making opportunities. But scammers can evolve too, and as people start spending more and more time online due to the lockdown, they seem to be doing just that.
McAfee Labs, the threat research division of McAfee, the global computer security company, recently released a report titled “Covid-19: Malware Makes Hay During a Pandemic", which analyzed the pandemic-themed cyberthreats that have been emerging over the past few months. The report stated that these threats typically leverage a phishing email delivery method, with coronavirus themes and messages, which are aimed at luring people into engaging and allowing these threats to access their systems.
“McAfee has detected thousands of covid-19-themed spam emails and websites scamming victims seeking to purchase medical supplies such as testing kits, face masks and other protective gear. Over the first 13 weeks of the pandemic, McAfee saw the number of bogus websites increase from 1,600 a few weeks ago to over 39,000," Steve Grobman, senior vice president and chief technology officer, McAfee, said in the report. The report also revealed that the first threat that was seen taking advantage of the pandemic was Ursnif, a Trojan aimed to steal banking credentials. It collects system activities of the victims, records keystrokes and tracks network traffic and browser activity. Since January, it has been using coronavirus related file names to entice unsuspecting individuals.
In India too, there are multiple covid-related scams that have emerged (read more here: bit.ly/2zyTQ5e). “The pandemic has forced many not so tech-savvy consumers to explore the digital payments ecosystem, as people continue to purchase and stock up on essentials during this period to reduce social contact and curb the spread of covid-19," said Venkat Krishnapur, vice-president of engineering and managing director, McAfee India.
With the marked shift towards online purchases because of stores being closed due to the lockdown, fraudsters are diversifying their modus operandi to exploit touch-points that are not very well protected. “From fake UPI-based payment links or seemingly legitimate bank websites, phishing and other social engineering tactics, cybercriminals are riding on lack of user awareness and uncertainties plaguing the society. McAfee observed a campaign leveraging phishing emails referencing the terms ‘covid-19’ and ‘coronavirus’ to entice users to click on links or attachments that then downloaded the information-stealing Fareit Trojan onto their devices," Krishnapur said.
According to Krishnapur, to avoid being victimised, users should treat their mobile phones and financial applications with the same amount of security as their bank accounts. When downloading online payments and banking apps, do it directly from official websites and avoid clicking on links received via e-mails or messages; always opt for multi-factor authentication; set strong passwords and use fingerprint recognition on your device; avoid opening attachments or links without prior verification; and be vigilant while conducting online money transfers and opt to use your data plan or a secure, private Wi-Fi over public networks. “Aside from this, ensure you also have a mobile security app installed and running," he added. Stay one step ahead of the fraudsters and scammers to keep your financial data safe.