Dr. Mohan Dewan
The COVID-19 pandemic has brought in its wake an unforeseen issue: The significant increase in cyber-crime. During the government directions for staying at home, lockdown, curfew, social distancing and the like, people are increasingly required to stay at home and have become dependent on the internet for information and even fulfillment of their basic needs such as for groceries and medicines. This has given an opportunity to some misguided souls to infect systems with malware steal confidential information and dupe netizens resulting in this increase in cyber crimes.
The pandemic has also resulted in the need for people to look for information about the spread of the virus, the number of people infected with the virus in different geographies and also its morbidity. For getting this information, the netizens seek information from a variety of sites, some of which are secure but most are insecure and the cyber criminals take advantage of this situation by embedding spyware and malware into these sites.
Whenever users engage with any of such information link, they end up having their systems taken over by spyware. Consequentially their confidential information like e-mails, social media accounts and most importantly bank accounts are stolen. Their mobile phones and accounts are sometimes also cloned and their identity may also be stolen. Many of these messages include fake advisories and an attachment named "Corona Virus Update".
Reasons: If we try and understand the reasons behind this increase in Cyber Crimes, we can shortlist three main reasons -:
1. Increasing Dependency on Digital Infrastructure
People are forced to stay at home and some entities in the organized sector who are able to do so, are asking their employees to carry on work from home using the internet and therefore the internet has become the primary medium of human interaction.
2. Fear and uncertainty are getting exploited
Fear, stress and the need for knowing information about knowing about uncertainty can actually force people to make mistakes or to take actions that they would consider irrational in normal circumstances. An example of this is the malware concealed in a 'Deadly Corona Virus Map' displaying coronavirus statistics. This map is a copy of the original John Hopkins Corona World Map and is specifically designed to steal critical information such as user names, passwords and credit card numbers from users. Whenever a user navigates through the map, spyware identified as Azorult is activated which is essentially an information stealer.
3. More online time can increase the risk of being targeted
During the lockdown period, people are spending more time online than they usually used to spend, which has resulted in expanding surfing habits. One-click on the wrong link for getting free access to an obscure website or a pirated show and such a surfer can easily fall prey to spyware or a malware attack.
Basic Precautions: To protect our confidential information from getting stolen, all of us should undertake at least these elementary precautions: -
1. Strengthen your Digital Protection: Have the latest antivirus, choose a long/ complex password for your Wi-Fi router. Don’t reuse the same password on multiple websites. The use of a reliable Virtual Private Network (VPN) is also advisable.
2. Be careful and vigilant: If you receive a link through an e-mail from an unknown account, don’t click on the same. Also, whenever you need to sign up for a new service, verify the source of every URL that the apps or software that you are installing are authentic versions from the original source. Also, while installing don’t give out personal information.
3. Follow only official updates: Don’t fall prey to fake information and advice that are being circulated by cyber criminals, follow trusted government websites only.
4. Don’t become a carrier: Follow information hygiene, and whenever you receive any information about the pandemic by E-mail/ WhatsApp/ Facebook or Twitter, stop and think before spreading it further, whether the information is true, is it from a trusted source and even if you have slightest of the doubt, don’t share it.
Cyber-Crime incidents that happened recently
Delhi : Spyware disguised as Corona updates and communications are in circulation in Delhi. It could be in a form of communication feigning to be from Government about the closure of schools, colleges and cinema halls or could be in form of a WHO- email offering free test kits. All such emails contain a link “for more information” which when clicked directs people to an external page, which ends up installing encrypted malware in their systems.
Maharashtra: Maharashtra, a state which has a significant presence of netizens has seen a 25 % spike in phishing and other cyber-crimes cases. In one such incident a user in Maharashtra received an e-mail informing that he has received some money in his account, the mail also urged him to download a bank statement and check who has sent money in his account. However, since the user was a bank employee himself, he was aware of phishing activities and did not proceed with downloading the bank statement. If he would have clicked on the same his confidential data including his bank account details would have been stolen. These cyber criminals are taking advantage of the fact that the central government and the state government have made several announcements that they will be directly transferring money into the accounts of certain account holders.
In another incident, Dhule Police recently issued an official statement urging people not to open any corona virus-related links circulated on social messaging apps. They have found Cyber fraudsters are using a spyware ware called corona virus map (similar to that of Delhi Incident). The spyware link which is widely in circulation on messaging apps like WhatsApp provides its users with a link that (supposedly) gives out important information about ways to prevent corona virus infection. However, when a user clicks on the link, spyware capable of stealing bank account details, passwords and other personal data get installed in the user’s system.
Endnote: We as users need to understand that Cyber Criminals will try their best to take advantage of the Corona virus pandemic. The Police are also on their toes. The Delhi Police has even run an awareness campaign on social media to make netizens aware of this rise in cyber criminal activities. Ethical hackers have also confirmed bulk e-mails from fake IDs similar to those of educational institutions, HR, health ministries and hospitals containing harmful malware are being sent. All this indicates that there are likely to be more victims in the coming weeks.
Hence awareness is the only key to protection, each one of us needs to get ourselves aware of how such crimes are operated. The Ministry of Home Affairs runs a National Cyber Crime Reporting Portal which can be accessed here. This portal has various audio transcripts explaining how e-mail scam, phishing, and identity theft is done.
Anyone who is a victim of a cyber-crime can register a complaint, this has eliminated the need for physical filing of a complaint. The Complaints reported on this portal are dealt with by law enforcement agencies/ police based on the information available in the complaints and hence is it is advisable to provide accurate details while registering a complaint.