With billions of people under lockdown and working from home, criminals are going online to make easy money. Cybercriminals are exploiting the fear among people about the pandemic through email scams, phishing, ransomware attacks, etc.
"Cybercriminals have been exploiting fears around the COVID-19 outbreak to conduct email scams, phishing and ransomware attacks. These emails and messages entice users to open malicious attachments by offering more information related to the COVID-19 situation. These files are masked under the guise of links, pdf, mp4 or docx files," Palo Alto Networks' Regional Vice President for India & SAARC Anil Bhasin said.
It is not just individuals who are being targeted. Companies too are under increasing risk.
"Companies, large and small, will be impacted due to ramifications of work from home, as this will lead to cybersecurity risk concerns. Proprietary corporate data is being accessed from laptops and home PCs that may not have the same level of firewall and security as in-office setups," said Deepak Bhawnani, CEO at Alea Consulting.
Management and IT managers will subsequently need to reassess the risk to their data, and proactively evaluate their data loss prevention processes, as this can impact their reputation going forward, experts said.
On Sunday, the domestic cybersecurity firm K7 Computing said that it will be providing cybersecurity products for free to laptops, desktops and Android smartphones users. The company has also said that it will be extending this offer to every coronavirus affected country worldwide.
"We would contribute for the cyber safety of all consumers as well as small and medium-sized enterprises (SMEs) during this critical time," Kesavardhanan J, Founder of K7 Computing, said in a statement.
Low-security standards of home Wi-Fi systems pose a serious threat for the cybersecurity sector at the moment with data of millions of people at stake.
"A few isolated incidents of cybercrimes have already been reported with unsafe links leading to the theft of sensitive data. For example, people are offering fake maps that show the number of infected users in each state, city or area which requires the person to download software to generate fake maps, in turn making it a security concern," said Trishneet Arora, Founder & CEO of TAC Security.
"The role of cybersecurity companies at this moment is more critical than ever. It is essential at this moment to monitor baseline behaviours and any anomalous cyber activity should be looked into in real-time basis," he added.
On Sunday, the Delhi Police had also issued a warning about online frauds, with a list of dos and don’ts to help protect people's data and system.
According to the Internet Crime Report for 2019, released by USA’s Internet Crime Complaint Centre (IC3) of the Federal Bureau of Investigation, has revealed that India stands third in the world among top 20 countries that are victims of internet crimes.
It was found that, while email is still a common mode of committing internet crime, frauds are also being committed through text messages, a crime called smishing, or even fake websites using a tactic called pharming.
Are other countries safe?
Well, foreign countries are no exception to cybercrime. But it doesn't stop at internet scams alone. From trafficking dodgy surgical masks to peddling counterfeit medicines, criminals are finding ways to swindle money, European police warned.
Police around the world seized 34,000 counterfeit surgical masks in one major operation targeting so-called "corona criminals" earlier this month, Europol said in a report Friday.
"Fraudsters have been very quick to adapt to well-known fraud schemes to capitalise on the anxieties and fears of victims throughout the crisis," the report added.
Drop in break-ins
In many European countries, police have reported a dramatic drop in common criminal behaviour.
Spanish police have said that there has been a 50 per cent drop in criminal offences compared to a year earlier since the country was put on a near-total lockdown on March 14.
Sweden too said it had seen burglaries drop since people were asked to work from home.
Sales of street drugs have also dropped sharply in many countries since the outbreak as authorities shut borders and restrict the movement of people.
However, on the flip side, there is a drastic rise in other forms of crimes.
The World Health Organization, at the forefront of the fight against the pandemic, has warned of a sharp increase in email phishing and scams using its name to try to steal money and sensitive information.
Britain's National Crime Agency said criminals "target people who seek to buy medical supplies on the internet, sending emails offering fake medical support and defrauding people who may be vulnerable or increasingly isolated at home".
In Germany too, "cybercriminals are exploiting people's current concerns about COVID-19 to send phishing emails with malicious content or use this fear with fraudulent intent", police said.
Police have also warned people to be on the lookout for burglars, who come wearing protective masks and claim to be coronavirus testers, to steal from homes, particularly those of the elderly.
Here's what you can do to stay safe:
Change default passwords of your home Wi-Fi router to prevent hackers from accessing your network.
Use strong and unique passwords on every account and device and use two-factor authentication (2FA).
Do not allow anyone else to share your work computers and other devices which you have brought from your office.
Use only software that is used by your company to share files and refrain from using your personal email or 3rd party services.
Ensure that your remote sessions automatically time out after a specified period of inactivity and that they require re-authentication to gain access.
Don't forget to turn off the 'remember password' option when you are logging into company information systems and applications from their personal devices.
CERT-In, the national cybersecurity agency, has suggested that IT teams of every company "consider Mobile Device Management (MDM) and Mobile Application Management (MAM)." It said that these tools can allow organisations to remotely implement a number of security measures, including data encryption, malware scans, and wiping data on stolen devices.
How to report an online fraud incident?
On Monday, Union Ministry of Home Affairs (MHA) had warned all the states about cybercriminals circulating a malware link about a so-called Coronavirus app - Spymax, Coronalive 1.1 - which when opened may cause a security threat.
In case you have become a cyber attack victim, you will have to contact the local police immediately. The national police helpline number is 100 and national women helpline number is 181. Alternatively, you can log into National Cyber Crime Reporting Portal and lodge a complaint.
(With inputs from agencies)