Attackers are using COVID-19 themed phishing e-mails which claim to deliver official information on the virus, to bait individuals to click malicious links that download Remote Access Trojan (RATs) on their devices. There has also been various reported cases of malicious COVID-19 related Android apps that gives the attackers access to smartphone data or encrypt the devices with a ransomware. The enormous chance that hacker have with this outbreak has nothing to do with technology but with how humans change their behavior and patterns in response to the crisis. This post outline 13 ways you could follow to safeguard yourself from hackers exploiting the Covid-19 pandemic.
How Individuals can Respond
Good Password Practice
Use complex passwords and multi-factor authentication and ensure you change these passwords frequently. The article here shows some password attacks and this article will guide you on how to create a strong password. The following video will guide you on how to create a strong password.
Never Delay System and Software Update
Apply update to your computer and mobile devices as soon as they become available. Likewise all the applications that are installed on the computer and mobile devices.
Secure your Wi-Fi Access Point
Change the default password and settings that your WiFi router comes with. Finding the default password a router comes with is just one Google search away. Always make sure you create a secured Wi-Fi connection with WPA2 or WPA3 not ‘Open’ Wi-Fi connection. The article here illustrates the danger of creating an Open Wi-Fi connection and the video here.
Use Virtual Private Network (VPN)
If you must work from home, make sure you use a VPN to connect to your organization corporate network. VPN creates a trusted connection between your device and the corporate network to provide protection against phishing and malware attacks.
Safeguard Yourself from COVID-19 Scams
Cyber-criminals love to exploit real world tragedies. Be wary of phishing e-mails, malicious domains and fake malicious apps. Do not click on links or open attachments which you were not expecting to receive or come from an unknown sender. There are phishing emails claiming to be from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware. Scammers use subject lines related to Coronavirus, and these emails appear to look legitimate, sometimes spoofing World Health Organization (WHO) or other government organizations dealing with the outbreak.
Tips for Spotting a Phishing E-mail
Authority – Is the sender claiming to be from someone official (e.g., your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
Urgency – Are you told you have a limited time to respond (e.g., in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
Emotion – Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or attempt to tease you into wanting to find out more.
Scarcity – Is the message offering something in short supply (e.g., concert tickets, money, or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
Don’t fall for Vishing or Smishing
Scammers can call or send SMS messages to victims pretending to be hospital officials, claiming that a relative of the victim has fallen sick with the virus and demand payment for medical treatment.
Make sure you have an updated antivirus on both your computer and mobile devices. Also try upgrading to the paid version if you can afford.
Enable Multi-Factor Authentication whenever this option is available. Multi-Factor authentication involves using a combination of any of this five factors to authenticate: what you have, what you know, what you are, where you are and something you do.
Be aware that scammers often employ website addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “ncdc.com” or “ncdc.org” instead of “ncdc.gov.ng”.
If you enjoyed this article, please subscribe to my YouTube Channel for more educational content.