All over the world, COVID-19 pandemic has taken over most discussions and it is the most discussed topic at the moment. The pandemic disease has forced a lot of people to be familiar with words like social distancing, alcohol-based hand sanitizers, nose mask, teleworking and crowdsourcing.
Organizations and institutions are restructuring to be able to cope and stay afloat during and after this COVID-19 pandemic period. Various governments establishments are developing and also enforcing new policies to ensure the negative economic effect of COVID-19 are minimal on its citizens.
Nevertheless, while the world is focused on managing the health and economic threats posed by COVID-19, cyber criminals around the world are capitalizing on this crisis to cause havoc.
Dr. ‘Bukola Onashoga is an Associate Professor of Computer Science and Information Security at the Department of Computer Science, Federal University of Agriculture, Abeokuta Ogun State, Nigeria, and equally serving as the SouthWest Coordinator of Nigeria Computer Society.
In this discussion with TechEconomy.ng, she further shared some thoughts on how to stay cyber conscious during this COVID-19 pandemic period. Excerpt:
Q: You made mention that cyber criminals now impersonate legitimate organizations, can you be specific?
Dr. Onashoga: Cyber criminals now impersonate legitimate organizations and business outfit. They impersonate these organizations or business outfit in order to appear genuine, earn your trust before defrauding you. For example, Cyber criminals might impersonate the Nigeria Centre for Disease Control (NCDC – A Nigerian government organization responsible for fighting the COVID-19 virus) by creating domain names similar to the NCDC’s web address to request passwords, money and even bitcoin donations to fund a fake cure or vaccine. In this wise, the organization needs to be guided. They do all these to appear real before carrying out their acts.
Another way is by receiving a call requesting you to verify your bank, bank account and thereafter requests for your Autonomous Teller Machine (ATM) card pin and even a onetime password that you might receive on your mobile phone.
They would claim they want to credit your account. Instead of them crediting your account, they end up debiting your account. During this COVID-19 pandemic time and even after, please do not send your bank account, pin, password to anybody that claims to call from your bank. Please note, no bank would tell you to send your password or username.
Some can even tell you to apply for cash grants, zero interest loans etc. due to this COVID-19 pandemic. Immediately you respond or show interest, they begin to ask for processing fee, delivery fee, courier fee or even your personal information. Don’t give it. Remember, that the surest sign of a scam is anyone who asks you to pay cash, wire money or pay with crypto currency for a service they want to render to you.
Many organizations have received a lot of emails from companies claiming to be from United States, China and Europe promising to sell nose masks, gloves etc. to them at a cheap prices.
As an IT Security Consultant, I did a background check on some of these emails and I noticed some didn’t even have company’s names. The ones that put their names, don’t exist. Another thing I noticed is that they use Gmail account instead of the company’s email account to send their mails.
You don’t need to be told that these are fraudsters looking for companies, NGO’s and individuals to defraud. It is clear, do not buy nose mask, alcohol based hand sanitizers etc. from people or companies you do not know, a company without an active website or a newly registered company (at least for now). There is need to be careful and guided in any online transaction during this season.
Q: Of course, there is a noticeable surge in Fake COVID-19 applications and COVID-19 themed domain names. Why?
Dr. Onashoga: As many people use smartphones to seek information about COVID-19, cyber-criminals take advantage of this to develop malicious applications that tend to give you the information you are looking for. What you do not realize is that these apps allow these cyber criminals spy on you through your devices. Although most of these apps with malicious content when discovered are blocked from online stores but you cannot be too careful when it comes to situations like this.
It is advisable you install applications only from trusted source (like androids google play store and iphones app store) and not from third party sources.
Also, in recent weeks, hundreds of “covid”, “corona” and “virus” themed sites have gotten themselves into our cyberspace. Irrespective of what they claim to offer (either information, testing kit, cure or vaccine), you should still be skeptical about these websites.
The question now is why should you be skeptical? It’s simple, because most of these websites became active only when COVID-19 pandemic became a global news. To be on the safe side, it’s better you use only trusted sources such as legitimate government websites (especially those ending with .gov) for up-to-date fact-based information about COVID-19.
Q: Your advice goes this way: ‘Become the best Cyber Defense available’. Where can one start?
Dr. Onashoga: Most networks are being compromised, especially with phishing and ransomeware attacks, which start with malicious emails by an unknown person or source. These emails usually contain a malicious file or a link. When clicked or opened, it would take you to a page where you would be tricked to enter genuine password(s) and username(s).
When your details have been entered and captured, then the attacker launches the attack which most times is financially fraudulent. This attack affects victims because a lot of money is lost, identity theft and also access to confidential details or documents might occur.
As at today, there has been no anti-virus, anti-malware or firewall software that can single-handedly stop every cyber threat, the best cyber defense is you. There is no magic solution to fend off cyber criminals.
A sustainable workable solution is the three tiered defense approach which is to stay safe, be vigilant and be prepared not to click from unknown sources.