To say the COVID-19 pandemic gave the whole world a tough time would be an understatement. Economies collapsed, joblessness rose, people lost their loved ones and livelihoods to the disease. Adding to this situation was the need for social distancing and self-isolation which took a toll on mental health of millions across the world. 10 months into the pandemic or perhaps even before, people started growing tired of it and just when it seemed like humankind will give up collectively, there was a light at the end of the tunnel – vaccines.
While the news of the first vaccine being approved and then administered in December 2020, was a huge victory for humankind and rightly welcomed with claps and cheers, cybercriminals were cheering too. For cybercriminals, this was a great opportunity to exploit the eager, mentally fatigued and vulnerable populace. Emails were sent with phishing links disguised as genuine which urged the recipients to fill a form to access their vaccination schedule and vaccine information. Some emails were made to look like it came from the FDA, United States CDC or the NHS (UK). Some had attachments that required recipients to download them and run “.exe” (executable) files that planted malware into their systems. “E-commerce” sites were created overnight on the dark web and enticed people into ‘placing orders for vaccines’ at $250 each, in the ‘Black market’.
The point is, this is not the first organized cybercrime modus operandi and certainly won’t be the last. So, how do you protect yourself? Here are a couple of tips.
- Do not download or open attachments or click on links from unknown, unverified sources or a source that you don’t trust.
- Sometimes, the email or message may seem to be from someone you trust, but their account may have been compromised and used to send out the malicious link or attachment to you. Or, there may be a slight variation in the email ID (spelling), so while you get the impression it is a genuine email, the reality is different.
- If something doesn’t add up, or if it doesn’t feel like the message was in fact written by the person you know, either ignore or call and verify if they did indeed send it to you.
- Install firewalls that have the capability to identify and block dangerous sites, so you will be alerted of possible security threats and inadvertent clicks won’t take you to dubious clone sites
- Make sure your antivirus software is up-to-date
From a business perspective, discuss a strong cybersecurity plan of action with an MSP. This includes investing in the right anti-malware tools, ensuring all your software programs are updated, and updating security patches released by your software vendors as soon as they are available. Educate your staff on common cybercrime tactics so they don’t accidentally expose your IT network to cybercriminals.