Not even COVID-19 can keep the scammers away. Seemingly overnight most areas are on lock down and offices dark; yet just as quickly, hackers began taking advantage of the difficult situation we find ourselves in. From impersonating healthcare workers to creating bogus apps claiming to have the cure for COVID-19, bad online actors are actively looking for opportunities to benefit from the sudden rise of online activity and our heightened state of emotion.
We can’t ignore the warnings from industry experts, researchers and law enforcement that advise us to be very cautious about opening any form of communication related to COVID-19. For example, Kaspersky Lab recently reported about cybercriminals capitalizing on COVID-19 fears to steal credit card data. Using a simple interface, the scammers show a number of people infected with the coronavirus near a location and urge the consumer to pay a small sum to see the exact location of those people. Of course, this is all fake data, playing on paranoia to get individuals to give up their credit card information.
Don’t know how to safeguard against cyberattacks? We’ve got you covered. Here are five things you can do:
- Pay attention to websites. Common signs of fraudulent sites include misspellings, poor grammar, questionable links to forms of payment and far-reaching claims. Always check the URL bar in your browser to see if the site you are visiting has Transport Layer Security (TLS) (sometimes still referred to as Secure Sockets Layer (SSL) certificates). The “https” before the web URL, or the presence of a padlock, means that any data entered on the website will be encrypted between your computer and the web server of the company operating the site. You may choose, also, to click on the padlock and “Certificate Information” to verify that the company operating the website is the one you thought it was. For added protection, ensure that you are using the latest software and browser, including up-to-date versions of Google Chrome, Microsoft Edge or other major browsers. Even better, many of these browsers come with anti-phishing filters built in that will help alert you when something is risky.
- Beware of any COVID-19 related outreach. Any form of contact, whether phone, email or text claiming to be from an organization such as the CDC or World Health Organization is a red flag for fraud. Do not click on links in text messages from unrecognized numbers or provide personal information over the phone. Google recently reported a 350 percent increase in phishing websites since the beginning of the year; no doubt fake COVID-19 websites play a major part in the sudden increase of these scams.
- Say NO to downloads from unknown sources via text, email or on the web. Hackers are using our hyper awareness of all things COVID-19 to plant malicious hardware on computers. When you trust the site and must download an application, look for signs that the file has been signed by a trusted publisher. Verified companies like Microsoft or Adobe will sign files with what’s known as a code signing digital certificate (see image). The well-known Coronavirus Map out of Johns Hopkins is fast making its way around the globe as an important resource, but it is now being used by hackers who are creating fake maps to lure us in and infect users with malware.
- Don’t mix business with pleasure. Keep your personal information separate from work and vice versa. This means not logging into personal email or social media accounts on a work device to ensure company information stays protected. Otherwise, a virus from personal e-mail could infect work e-mail or even the company’s network. With the high volume of people now working from home, this is especially important as bad online actors would love nothing more than to have access to your work device, and using personal applications may provide them that opportunity.
- Use technology to your advantage. Cybercriminals are smart, but today’s advanced security and authentication technology is smarter, if it is used right and people take advantage of the available tools. Digital certificates are a key part of the equation, verifying the identity of all network users through encryption and cryptography. You can take advantage of these technologies by ensuring that the sites you visit start with “https” in the URL or features a padlock icon. Additionally, ensure that when you are working remotely you are connecting to your company’s applications through secure VPN and ask if your employer encrypts your work email with digital certificates. When you are using personal email and wanting extra protection, take advantage of a webmail service that provides encrypted email. While this all may sound technical, these are simple steps you can take to protect your data and devices from being compromised.
Remember, you can always check the safety of a site by copying and pasting the URL into the Google Safe Browsing Transparency Report. If you do find a suspicious or fraudulent site, make sure to report it to Google’s Safe Browsing, Microsoft Edge’s Smartscreen or Mozilla’s Protect the Fox.
Understandably, emotions are running high right now, and while we are all focused on social distancing, we ought to also consider our digital habits. Just as you are taking steps to keep yourself healthy and safe, these tips can help protect against the threats to your network and devices posed by hacker attacks.
About Dean Coclin
Dean Coclin is the Senior Director of Business Development at DigiCert, the world’s leading provider of TLS/SSL, IoT and PKI solutions. Dean brings more than 30 years of business development and product management experience in software, security and telecommunications to the company. He’s the past chair of the CA/Browser Forum and the current vice chair of the Forum. You can follow Dean on LinkedIn.