The spread of the novel Coronavirus (COVID-19) pandemic across the world is creating fear exponentially, but the health risks are not the only bane that comes from this catastrophic event. It has been noticed that in this period of social distancing and misinformation also gave an opportunity to the dark elements of the society.
Cyber crime and coronavirus- There has been an influx of fake apps, domain names and websites capitalizing on two facts, first, the fear among the general public and their search for information related to this pandemic and secondly, the companies across the globe are turning to ‘work from home’ via online medium.
Exploiting the fear among the general public
Everybody who has been trapped inside their house amidst this lockdown is trying to stay on top of any information related to COVID 19 in an attempt to remain safe and away from infected people. The authors of malwares are taking advantage of this situation.
One such app which was available in Google Play Store was “corona live 1.1”, which claimed to be a live tracker of cases of Coronavirus. The people using the app were of the view that they are keeping a track of the pandemic, but the malicious app was actually invading their privacy, getting access to the device’s photos, videos, location and camera.
The information collected can be used in multiple ways, they can be used to compromise your bank accounts or even blackmail the owner of the pictures and videos.
Exploiting the ‘work from home’ policies
Every organisation, big or small, have been compelled to work remotely due to the lockdown. This will lead to increase in security risk as the proprietary data is being accessed from laptops and home PCs that may or may not have the same level of firewall and security as an in-office setup.
You may have noticed an increase in the number of emails in your Junk Folder, pretending to be an advisory relating to the COVID-19. These emails will entice the user to open the attachments, which are malicious in nature and the moment you open them the malware author will be able to access your system.
Once, the malware has attacked one of the systems, there is a potential risk of the security of the systems of your colleagues also being compromised. This can effect the whole grid of systems by which the organization is staying connected and there can be a huge loss of
confidential data. Thereby, leading to a spurt of cyber crime cases due to the coronavirus outbreak in India and worldwide.
At such times, the organisations can rely on the ISO/IEC 27000 family. The ISO/IEC 27000 is a global benchmark certificate which is given to the organisations which follow the Information Security Management System (ISMS). In addition to provide improvements in structure and focus of the organisations, the ISMS helps you to safeguard you and your client’s confidential data from cyber attacks.
How to keep yourself safe
You can keep yourself safe from such scams and frauds with a help of Vigilance and Diligence. Here are a few pointers which should be kept in mind while accessing the above mentioned data:
• Check the App details on Playstore before downloading it, this includes, details of the developer, their website (if any), reviews and ratings given by other users.
• Avoid downloading apps from third-party stores and websites, and download the apps only available in App Store for Apple IOs users and Google Playstore for Android users.
• Use reliable mobile and desktop antivirus, these can prevent fake and malicious apps from being installed.
Advisories are also issued by the Delhi Police and WHO due to rise of such frauds. Some of the DO’s and DON’T’s from the said advisories are as follows:
• Do not open email attachments that you have not asked for. In case if you receive an attachment, it is always safer to open the same from WHO’s official website and not the attachment in the email.
• Always pay attention to the type of personal information you are asked to share. There is always a reason why your personal information is needed. In no circumstances, there would be a need of your passwords.
• Do not believe on any emails that may come with a sense of panic. Legitimate organizations will never want you to panic and they always take the process step by step.
• Do not believe that WHO or any other organization conducts lotteries or offer prizes, grants or certificates through emails.
Steps to check authenticity of website
• HTTP = Bad, HTTPS = Good: The ‘S’ in https:// stands for ‘secure’. It indicates that the website uses encryption to transfer data, protecting it from hackers.
• Check for easy markers such as spelling mistakes, typos and broken links. It is highly improbable for a legitimate business to have such mistakes on their website.
• Look for reliable contact information: Try to do background check. There is no harm in double checking with the company itself through alternate contact numbers.
• If you are a good Samaritan of the society and want to donate and help the needy then always donate only to the websites/apps whose authenticity is corroborated by the Government.
It is certain that the security standards have deteriorated and a rise has been witnessed in cyber crime due to coronavirus. With a little vigilance and due diligence we can protect our data and privacy. It is always better to stay on the side of precaution but if, even after taking all the precautions, we fall into a trap then a quick action can salvage the loss. It is advisable to lodge a complaint with the appropriate authority.
Nishtha Agrawal, Assistant Professor, Unitedworld School of Law (UWSL)
Disclaimer: The opinions / views expressed in this article are solely of the author in his / her individual capacity. They do not purport to reflect the opinions and/or views of the College and/or University or its members.