By Priya Adlakha and Kiratraj Sadana
The spread of the novel Coronavirus (COVID-19) pandemic across the world is creating fear exponentially, but the health risks are not the only bane that comes from this catastrophic event. It has been noticed that this period of social distancing and misinformation also gave an opportunity to the dark elements of the society.
Cyber crime and coronavirus- There has been an influx of fake apps, domain names and websites capitalizing on two facts, first, the fear among the general public and their search for information related to this pandemic and secondly, the companies across the globe are turning to ‘work from home’ via the online medium. We will deal with both the scenarios one by one.
Exploiting the fear among the general public
Everybody who has been trapped inside their house amidst this lockdown is trying to stay on top of any information related to COVID 19 in an attempt to remain safe and away from infected people. The authors of malwares are taking advantage of this situation.
One such app which was available in Google Play Store was “corona live 1.1”, which claimed to be a live tracker of cases of Coronavirus. The people using the app were of the view that they are keeping a track of the pandemic, but the malicious app was actually invading their privacy: getting access to the device’s photos, videos, location and camera.
The information collected can be used in multiple ways, they can be used to compromise your bank accounts or even blackmail the owner of the pictures and videos.
The Android Playstore, to curb the rise of the fake apps, as removed many such apps from the Playstore and also have set rules for these types of applications and have put all such apps in the ‘sensitive events’ category.
Now the apps are available on fake websites, one such being ‘coronavirusapp.site’, where the link to download the app is listed. These instances adequately demonstrate the rise in cyber crime on account of coronavirus.
Exploiting the ‘work from home’ policies
Every organisation, big or small, have been compelled to work remotely due to the lockdown. This will lead to increase in security risk as the proprietary data is being accessed from laptops and home PCs that may or may not have the same level of firewall and security as an in-office setup.
You may have noticed an increase in the number of emails in your Junk Folder, pretending to an advisory relating to the COVID-19. These emails will entice the user to open the attachments, which are malicious in nature and the moment you open them the malware author will be able to access your system.
Once, the malware has attacked one of the systems, there is a potential risk of the security of the systems of your colleagues also being compromised. This can effect the whole grid of systems by which the organization is staying connected and there can be a huge loss of confidential data. Thereby, leading to a spurt of cyber crime cases due to the coronavirus outbreak in India and worldwide.
At such times, the organisations can rely on the ISO/IEC 27000 family. The ISO/IEC 27000 is a global benchmark certificate which is given to the organisations which follow the Information Security Management System (ISMS). In addition to providing improvements in structure and focus of the organisations, the ISMS helps you to safeguard you and your client’s confidential data from cyber attacks.
How to keep yourself safe
You can keep yourself safe from such scams and frauds with a help of Vigilance and Diligence. Here are a few pointers which should be kept in mind while accessing the abovementioned data:
- Check the App details on Playstore before downloading it, this includes, details of the developer, their website (if any), reviews and ratings given by other users.
- Avoid downloading apps from third-party stores and websites, and download the apps only available in App Store for Apple IOs users and Google Playstore for Android users.
- Use reliable mobile and desktop antivirus, these can prevent fake and malicious apps from being installed.
Advisories are also issued by the Delhi Police and WHO due to rise of such frauds. Some of the DO’s and DON’T’s from the said advisories are as follows:
- Do not open email attachments that you have not asked for. In case you so receive an attachments, it is always safer to open the same from WHO’s official website and not the attachment in the mail.
- Always pay attention to the type of personal information you are asked to share. There is always a reason why your personal information is needed. In no circumstances, there would be a need for your passwords.
- Do not believe any emails that come with a sense of panic. Legitimate organizations will never want you to panic and they always take the processes step by step.
- Do not believe that WHO or any other organization conducts lotteries or offer prizes, grants or certificates through emails.
Steps to check authenticity of website
- HTTP = Bad, HTTPS = Good: The ‘S’ in https:// stands for ‘secure’. It indicates that the website uses encryption to transfer data, protecting it from hackers.
- Check for easy markers such as spelling mistakes, typos and broken links. It is highly improbable for a legitimate business to have such mistakes on their website.
- Domain age: The imposters usually register a domain name just for a few months before changing the name of the domain and registering a new one. You can us search engines such as Whois.com to look up the information such as the date of registration of the Domain name.
- Look for reliable contact information: Try to do background check. There is no harm in double checking with the company itself through alternate contact numbers.
- If you are a good Samaritan of the society and want to donate and help the needy then always donate only to the websites/apps whose authenticity is corroborated by the Government.
It is certain that the security standards have deteriorated as many organizations were not ready to work remotely and a rise has been witnesses in cyber crime due to coronavirus. With a little vigilance and due diligence we can protect our data and privacy. It is always better to stay on the side of precaution but if, even after taking all the precautions, we fall into a trap then a quick action can salvage the loss. It is advisable to lodge a complaint with the appropriate authority.