Page 115 - Cyber Defense eMagazine for July 2020
P. 115

Donation Solicitations - The Most Dangerous COVID-19 Phishing Scam

            Global  pandemics  like  COVID-19  bring  out  the  humanitarian  side  of  people  in  a  substantial  way.
            Generally,  people  donate  generously  towards  their  respective  National  Disaster  Relief  Funds,  and
            research funds set up by their governments. There have been numerous incidents of cybercriminals
            taking advantage of such philanthropic activities. One of the most notorious modus operandi is to design
            fundraising pages that not only mislead users into donating money but also steal sensitive personal
            information. Using such information, like names, email addresses, phone numbers, credit card details,
            and internet banking usernames and passwords, these malicious actors accept money using the names
            of disaster relief funds.




            COVID-19 Vaccine and Cure Scam - The Most Ingenious COVID-19 Phishing Attack

            While  researchers  are  struggling  to  find  an  antidote  for  the  coronavirus,  numerous  fake  websites
            advertising medicines and vaccines have sprung up on the internet. More than 20,000 new COVID-19-
            related domains have been registered in the past few weeks. These websites also claim to sell COVID-
            19  personal  protective  kits  like  face  masks,  sanitizers,  hand  gloves,  medical  combinations  like
            Hydroxychloroquine,  Remdesivir,  and  so  on.  Such  fraudulent  websites  ask  for  the  full  payment  in
            advance and unsuspecting people end up parting with their money only to discover that they have been
            a victim of cybercrime. Amazon itself reported over a million fake products in this category over the past
            couple of months.



            Detective, Preventive and Protective Measures Individuals & Enterprises Can Adopt


            Cybercriminals play on the psychology of the victim by pushing in email messages with COVID-19 related
            information that come along with a malicious attachment or infectious URL. Knowing some of these
            threats could be the best defense in thwarting such attempts:


               •  Reliance on Trusted Sources: Rely on authentic or official websites to get reliable information and
                   updates about the coronavirus. Be scrupulous in clicking on the links provided on articles and
                   blogs that share information on COVID-19.

               •  Refrain from The Temptation To Click/Download: Sometimes, ignoring unsolicited emails is the
                   best phishing prevention method. Downloading or opening malicious attachments or clicking on
                   an infectious URL allows malicious actors to gain access to network systems.

               •  Knowing the Phishing Techniques: The latest tactic deployed by malicious actors is to set up live
                   tracker websites from which people can purportedly get live coronavirus updates. Though the
                   websites appear legitimate, they are scamming attempts that end up with the user compromising
                   their confidential information.

               •  Phishing Protection Solutions: The best way to deal with phishing threats is to install a trusted
                   anti-phishing solution to thwart any attempt made by adversaries.





            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         115
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   110   111   112   113   114   115   116   117   118   119   120