We are in the perfect time to suffer scams through the Internet: hackers take advantage of times of crisis and confusion to scam people. In this way, they are able to generate even more conviction than as a general rule. Yes, while the world as a whole is thinking about how to overcome this epidemic, there are people throughout the world developing better methods to scam online, because it is the right time for them. And because we are more vulnerable, we must be more careful.
According to Barracuda Networks, crimes based on phishing – data theft, making users trust and manipulating them – They have risen 667% from February to March, although since January a higher than normal growth was already noted. That is, the attackers are increasing their working hours and taking advantage of unique opportunities for them. And this coincides, effectively, with the coronavirus.
Interest you | Do you know how to differentiate dangerous emails from reliable ones? Check it out with the new Google game
We are more vulnerable because now many more people work from home
A software from the company that carried out the statistics, which is capable of detecting attacks of this type through email, has detected close to half a million coronavirus-related attacks in March. For our comparison, only 1,188 COVID-19 related attacks were detected in February.
In addition, and because many more people are working from home, we no longer only process personal data on our network, but also a greater amount of professional data. That is if they can circumvent our security, hackers could probably get more than just personal data right now in many cases. Therefore, the network of our homes are much more valuable than ever. This has been stated by Europol, which has already warned of the increase in this type of crime.
If we receive communications by email from sources other than the usual ones – for example, someone claiming to be from the human resources department of the company in which we work, but without using the usual email address – suspect, and don’t hesitate to even pick up the phone to verify the information, even more so if we are being asked to click on a link or to send certain personal data. Such attacks are very common, and even very large tech managers have fallen.
How to avoid falling into fake emails
People are also more concerned about health. For this reason, scams have also risen posing as the World Health Organization, as Sophos has pointed out. Specific, a mass email is being sent posing as WHO. In it, and due to the coronavirus, people are advised to read the precautions to take into account to avoid getting the disease.
Once we enter the link we will end up on a website exactly the same as that of the World Health Organization, but in which we will be asked for the password of our email. Probably, and due to the fear of contagion, many people will provide that sensitive information in order to access the content in official WHO content. If the WHO, our government, or any other institution sends us information about the coronavirus – or about any other issue – they will never ask us for our email password.
Interest you | Gmail is updated with anti-phishing alerts
In another mass mail, this time addressed exclusively to Italy, it was attached an alleged WHO document in an email. If the user downloads and executes it, nothing happens, but once the document edition is enabled, the macros are executed, allowing access to your computer. In this specific case ransomware would be run that would encrypt all the files on our computer, asking us for a ransom payment in order to recover all our information. This is a very common type of attack and is the reason Microsoft has disabled macros by default on all documents.
Search the Internet before clicking on any suspicious link
But it was not the only macro attack. This type of attack, in addition to not activating macros, can be easily avoided by not running editable documents. If any organization sends us a document, it will be in the form of PDF and not in an editable DOC. Macros cannot be run on PDFs, making it more secure. And it is even better not to download the file, but to go to Google and search in the news section of that organization, because it is most likely that by the time we have received the email in the public domain. It is safer if we go directly to their website instead of downloading files of doubtful origin.
Furthermore, all phishing attacks can be avoided by correctly checking from which email address they are contacting us. If the email address corresponds to the organization’s official public web domain, the email that has reached us is probably real. If the email comes to us from an email with rare numbers and letters, let’s be suspicious. If the OMS sends us an email, it will come from an address ending in “@ who.int” and not from another email. We must always apply this logic, and for this we can support ourselves by searching the organization’s website on Google.
Interest you | How ethical hackers make money at the expense of Google and Apple by finding security flaws in their systems
Therefore, admitting that we are more vulnerable than usual is the first advantage that we must acquire to minimize this rebound in attacks due to the coronavirus.
fbq('init', '793978057401062'); fbq('track', "PageView");