Beware of Cyber fraudsters amidst COVID-19 lockdown

Hyderabad: Cyberabad police on Sunday issued an advisory for general public to inform them how cyber-fraudsters are taking advantage of the lockdown which has forced people to remain indoors.

A sstudy on trending cyber crime shows cyber criminals are taking advantage of the situation as large number of people are using online banking services to be updated with their banking updates.

“Cybercrime has surged amidst the unprecedented coronavirus lockdown. Cyber threats are constantly evolving in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no exception. Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.”

Commissioner of Police, Cyberabad, VC Sajjanar

Online fraud through Malware

Cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. Malware, spyware and Trojans have been found embedded in interactive corona virus maps and websites. Spam emails are also tricking users into clicking on links which download malware to their computers or mobile devices.

Malicious domains

There are a considerable number of registered domains on the Internet that contain the terms: “coronavirus”, “corona-virus”, “covid19” and “covid-19”. While some are legitimate websites, cybercriminals are creating thousands of new sites every day to carry out spam campaigns, phishing or to spread malware.

Ransomware

Hospitals, medical centres and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom. The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or by exploiting a vulnerability in the system.

PM CARES Fund fraud:

A lot of people are making donations to the Prime Minister’s Citizen Assistance and Relief in Emergency Situations or PM CARES Fund. The fund’s UPI (Unified Payments Interface) ID is pmcares@sbi. However, many fraudsters made similar UPI IDs, such as pmcares@pnb, pmcares@hdfcbank, pmcare@yesbank, pmcare@ybl, pmcares@icici, and so on, to defraud people.

Beware of criminals pretending to be WHO
If you are contacted by a person or organization that appears to be World Health Organisation (WHO), verify their authenticity before responding. The World Health Organization will never ask for your username or password to access safety information.

Loan moratorium fraud

Fraudsters call up gullible borrowers and pose as bank representatives. They inform the targets that their lenders are giving a moratorium on the loan and the borrower won’t need to pay two EMIs, as per the Reserve Bank of India’s directives. In the process, they can trick borrowers into sharing their bank details. Once they convince the borrowers, fraudsters ask them to share the OTP (one-time password) by giving them the impression that the OTP is the confirmation code for availing the moratorium, when actually it is for a bank transaction that borrowers may be doing. Once the borrower shares the OTP, he loses money.

Exploiting greed

Many items such as face masks and sanitizers are in short supply because of the lockdown. Cybercriminals have made fake e-commerce websites selling such sought-after items that are in short supply. The website may look like original e-commerce marketplace, where you select items, quantities, provide the delivery address and make payment through different means. However, the items never get delivered, and the site is shut down after a while.

Fake links and Websites

Then there are emails and mobile messages saying the government is releasing funds to help citizens. The message asks the victim to click on a link, which takes him to a fake government website. The site asks the victim to enter sensitive bank account details to avail the fund. Without realizing, the victim gives away his confidential information that would help the hackers transact on behalf of the account holder.

Free Netflix Scam

Fraudsters claiming to provide free services such as Netflix subscription for the entire lockdown period. As soon as the person clicks on the link or attachment, the malware is installed on the computer or the mobile phone.

Fake News or Rumours

Fake news or rumours that are spreading rapidly across the country. Recently misleading information on social media where it was declared that ‘chicken is a carrier of Coronavirus’.

Cyberabad Police Advisory

Cyberthreats are constantly evolving in order to take advantage of online behaviour and trends. The COVID-19 outbreak is no exception. Cyber criminals are using new ways to defraud mobile phone and computer users, using covid-19 as a cover. Cyberabad Police giving the following guidelines and prevention tips:

  • Most of the covid-19-related frauds are easily executed by taking advantage of the lack of awareness of the victim.
  • With an increasing number of countries encouraging citizens to stay, learn or work from home, now is the moment to focus on cybersecurity, whether it’s for yourself or your workplace.
  • Ensure you have the latest anti-virus software installed on your computer and mobile devices;
  • Download mobile applications or any other software from trusted platforms only.
  • Back up all your important files, and store them independently from your system (e.g. in the cloud, on an external drive)
  • Always verify you are on a company’s legitimate website before entering login details or sensitive information.
  • Check your software and systems
  • Perform regular health scans on your computers or mobile devices. Be vigilant.
  • Secure email gateways to thwart threats via spam;
  • Strengthen your home network;
  • Secure system administrations vulnerabilities that attackers could abuse;
  • Disable third-party or outdated components that could be used as entry points.
  • Talk and discuss with your family including children about how to stay safe online
  • Regularly check and update the privacy settings on your social media accounts
  • Update your passwords and ensure they strong (a mix of uppercase, lowercase, numbers and special characters);
  • Do not click on suspiciouslinks or open attachments in emails which you were not expecting to receive, or come from an unknown sender.
  • Many fraudsters are making UPI IDs that look similar to that of PM CARES fund.
  • An individual should never share any details with anyone.
  • There are also other fake donation messages sent out to help the poor during the covid-19 pandemic. Don’t donate to any social or religious organization unless you are sure where the money is going.
  • Fraudsters have hacked Facebook accounts of individuals. Using Facebook messenger, criminals reached out to people in the friends list and asked for monetary help. Avoid sending money to someone unless you have confirmed it’s the same person seeking help.
  • Never share your password or any other confidential details on the phone
  • Never click or download links, attachments or images that come with forwards, even if they are from known sources.
  • Cyber fraudsters were registered in the past three months with keywords including corona, covid, vaccines, virus, and so on. These domains are mostly used by criminals for phishing attacks
  • Beware of Cyber attackers are making phishing calls or sending phishing emails or SMSes to bank customers pretending to be bank officials and asking them for sensitive information such as their account number, credit or debit card number, CVV, OTP etc.
  • Misinformation on What’s App groups, the ‘Group Admin’ shall be held personally liable for such content in his/her group and will be punishable under the relevant laws.
  • Changing passwords frequently, alerting employees of the probability of phishing emails, two-factor authentication and anti-virus or anti-malware software and secure VPNs are all ways that both companies and individuals should use to ward off potential threats.

mohammedhussain.reporter@gmail.com