Carlos Friaças, cybersecurity manager at the FCCN unit of the Foundation for Science and Technology (RCTS CERT), explains the dangers posed by various phishing campaigns during the pandemic.
We are living in exceptional times, but contrary to what some people might think, there are no signs that malicious activity on the internet has diminished during this turbulent period. On the contrary, we have seen people taking advantage of these circumstances to launch new campaigns, exploiting others' fears and the general population's high level of uncertainty about the immediate future.
In recent weeks, news of campaigns has multiplied phishing associated with the COVID-19 issue. The delivery sector is already typically heavily impacted by this type of threat, and in this time of isolation, more people are relying on deliveries to minimize their outings. The increased volume of orders and deliveries provides a more plausible context for attackers if they resort to imitating a service or brand that their targets are expecting to hear from. Therefore, as end consumers, we must take extra care to avoid exposing our personal data or allowing our devices to be compromised.
Taxpayer fraud
Tax filing season also gives rise to campaigns every year that attempt to defraud taxpayers. In other countries, cases of campaigns designed to exploit potential government support (resulting from the pandemic) to infect victims' systems have already been identified. In this case, too, we need to exercise skepticism, ensuring that the information we receive and the actions requested of us are coming from the appropriate authorities.
Universities and Hospitals
In recent days, a campaign targeting North American universities and their students was also reported, aiming to control victims' devices. The attack used malicious code previously used in campaigns several years ago. This appears to demonstrate concerns about malicious code being recycled in this industry. The central objectives of these attacks appear to be, in some cases, the exfiltration of personal data and, in others, the payment of ransoms to regain access to the captured information.
Entertainment and teleworking
The entertainment industry was also targeted with campaigns phishing, exploiting the pandemic context and damaging the reputation of leading brands in the content streaming platform segment. A children's entertainment content platform was one of the targets.
The explosion of teleworking is also offering a new angle to the emergence of fraud, the first vector of which is phishing. Several reported cases of image abuse by recruitment companies to reach more victims have emerged, and even cases of attempted impersonation of HR department employees to deceive employees at some companies. These cases are closer to what is typically considered "spear phishing», which is a phenomenon aimed mainly at previously identified people, and where there is a specific objective already defined.
What to do?
It will certainly not be during this period that significant progress will be made against the phenomenon of phishingThe infrastructures that support this type of fraud and crime continue to operate transnationally, which seriously hinders the fight against them by authorities in various countries.
From the FCCN's point of view, the volume of messages relating to campaigns phishing hasn't changed significantly. Multiple messages continue to be received daily at institutional email addresses, service support inboxes, and even at individual employee addresses. In line with the news mentioned above, we have seen some cases using the COVID-19 theme, although this isn't a significant percentage compared to the total number of campaigns we've seen over the past two months.
Finally, it's important to emphasize that we should all take the time to evaluate the reliability of each message we receive. It's not enough to simply analyze its origin, as the interlocutors we know may also have been compromised. Campaigns vary in sophistication, but it's rare to find a campaign close to perfection, and there's always some detail in the narrative that can help identify a potential fraud.
When in doubt, don't let social distancing compromise your devices or personal data. When in doubt, ask other people you trust for their opinion on the questionable message you received. Ultimately, you can always reach out to your IT security team or department.
If you belong to the RCTS community and require support, please send an email to info@cert.rcts.pt
*The author chooses not to adopt the new spelling agreement
