World Health Org (WHO) release guidelines for increased Cyber risk during COVID-19.
This week the WHO published new advice to help raise awareness to a significant increase in illicit activity by cyber criminals posing as the WHO or an affiliated body.
The warning is specific to contact being made via email where the aim of the criminals is to obtain valuable data that can be sold and/or exploited or to directly deceive individuals into providing their banking details and ultimately access to their bank accounts.
Email phishing is the primary method of contact for cyber criminals, COVID-19 themed enticement methods seen so far include asking for donations to the global COVID-19 relief fund, assistance to help people find employment to meet demand in public health services and various offers of inclusion for infection/immunity testing and even access to vaccine programmes.
The WHO themselves were also targeted earlier this month by hackers attempting to mimic the internal email system used by WHO staff, their objective being to obtain account credentials that could be used to access genuine WHO email servers.
Additionally, over 3,600 new internet domains containing the words “COVID” or “CORONA” have been registered within a single week and whilst some may be for genuine use it is fair to say that the majority are not. Cyber criminals will use new domains to deceive email recipients and attempt to bypass out of date email security systems.
Whilst these tactics aren’t entirely new, they are obviously timed to prey on people during increased levels of stress and when our natural attentions are focussed on our own health and well-being of others whilst ultimately coping with the changes in our daily lives brought about by COVID-19.
Therefore it is vital that we maintain our vigilance as best we can to combat the increase in cyber-criminal activity, as individuals it is possible to take some basic steps to vastly reduce our chances of becoming a victim of cyber-crime via email phishing;
- Always consider why someone wants your information and ask yourself if it is appropriate.
- Never download email attachments you didn’t ask for and without checking the source.
- Never provide sensitive financial/banking details on email.
- Think about and independently verify any emailed irregular request, even if from a colleague.
- Avoid completing online forms sent to you via email.
Overall; if you are unsure about an email for any reason you should contact your IT/Security team who can investigate it’s authenticity and ultimately help avoid any potential data breach and the associated consequences.
There appears to be no limit to the lengths cyber criminals will go to in order to take advantage of our vulnerability and they will clearly exploit any situation no matter how desperate to benefit their reprehensible objectives.
Stay vigilant and always carefully consider your response to email, no matter how genuine it’s appearance.
Blog written by Howard Johnson, Cyber Practice Lead https://www.linkedin.com/in/johnsonhoward/
Click here to see the WHO cyber security guidelines.
Click here for more information about how cyber criminals are exploiting COVID-19 from the BBC.