After Governments across the world enforced lock-down measures to check the spread of the COVID-19 pandemic and organisations adopted “work from home”, digital mode of communication has become a norm for business interactions. At the same time, with increased use of internet for social purposes, cyber-attacks are on the rise and India is no exception.
Resorting to every trick to cash in on the COVID-19 crisis since February, cyber crooks have lost no time in resorting to phishing attacks using names of trusted organisations.
A 24-year-old private sector employee in Mumbai who was on the lookout for a suitable “work from home” job found one on Instagram that assured her of an assured income of nearly Rs 3000/- per hour. On responding, she was asked to transfer Rs 2000/- towards registration. That done, next she was advised to transfer another Rs 6000/- for verification. Once she made the two online transfers amounting to Rs 8000/- she was asked to transfer another Rs 10,000/- for final verification. After the third transaction was completed, the fraudster blocked her on Instagram.
In Bengaluru, a 25-year-old woman who found a stray dog bleeding from its mouth while searching for a vet ambulance over the internet, found a mobile number. The man on the other side asked her to pay just Rs 5/- by clicking on the link sent by him. No sooner than she opened the link, Rs 18,389 got deducted from her bank account.
In Hyderabad, cyber crooks duped two people of Re 1 Lakh by promising home delivery of liquor during lock-down. An IT professional in Pune was cheated of Rs 92,466/- for a bottle of nail polish otherwise costing Rs 388/- only
Nonetheless, a vigilant 38-year-old Chennai resident who received a message promising Rs 1 crore term insurance at a cheap rate of just Rs 28/- per day during lock-down refrained from clicking the link.
Media reports indicate that there has been a 20 fold rise in cyber-attacks with over 42,000 domain names registered with the name COVID or corona during the past few weeks and out of the over 1,700 such malicious domain names using COVID or corona, as many as 1200 domain names are said to be still active. The Indian cyber security watchdog Indian Computer Emergency Response Team (CERT-In) has warned that different hacking groups have been trying to promote their goods (malicious malware or exploit tools) for financial gain using promotional code Coronavirus Maps "COVID19" as discount codes.
Mobile applications luring victims of offering coronavirus safety mask should never be installed because it has been found to deliver Trojan which can take away access of the phone’s microphone and camera after installation.
The Reserve Bank of India has recently provided a three month moratorium on term loans. This has been exploited by cyber criminals. Posing as bank officials, as news reports indicate, the cheats would call people to know if they wanted to defer their EMIs. When consented, they would ask for sharing the OTP generated on their phone and within seconds money would vanish from such individual’s bank accounts.
Cyber crooks created a number of fake UPI IDs to breech the "Prime Minister's Citizen Assistance and Relief in Emergency Situations Fund" (PM CARES) within 2 days of its announcement.
Just for a moment visualise the confusion that occurred when cyber hackers broke into a web seminar organised on Zoom by the Indian television rating agency Broadcast Audience Research Council with over 600 participants logged in. The cyber crooks posted abusive messages on the participants' chat window and defaced all the discussion material as well.
At a time when hospitals, medical centres and public institutions worldwide are overwhelmed with the COVID-19 crisis, cyber-criminals seem to trigger ransomware attacks on such institutions. Healthcare data is valuable to cyber thieves as medical records can be used to commit various types of fraudulent activities including identity theft. Since such organisations cannot afford to be locked out of their systems, hackers, after gaining entry into an organisation’s systems encrypt all files and then demand a huge ransom to recover files.
In Texas, this February, cyber criminals attacked the digital systems of a walk-in care clinic that offered expert medical care for most illnesses with on-site X-ray and lab testing facilities. When ransom demands were not met, the hackers made public all protected information pertaining its patients on an internet site.
A majority of COVID-19 related frauds which is said to have jumped by 400 per cent over the past eight weeks in the United Kingdom are related to online shopping scams. Unscrupulous sellers sought to offer huge discounts to those trying to procure protective face masks, hand sanitisers etc., which were unavailable in in medical stores. Many of those who placed prepaid orders online never received the items.
Cyber thieves also used bogus emails purported to have been sent by the World Health Organisation, offering paid-in access to real time map of nearby COVID-19 cases. Anyone who clicked the links which claimed to have important updates on COVID-19 opened to a credential-stealing webpage that stole personal as well as bank details of unsuspecting individuals.
Cyber criminals sent text messages to Canadian citizens at random claiming to be from Red Cross offering a “free mask” to protect them from COVID-19. Once the link was clicked their devices got compromised. Fraudsters also made several unsolicited anonymous calls claiming to be a government officer informing the individual had been tested positive for the coronavirus.
In India with the number of cyber security incidents steadily increasing from 49455 in 2015 to 313649 in 2019 (till October), it is important that everyone stays alert. A total of 5,917 bank frauds were reported in 2017-18 and nearly one-third of these were cyber frauds. One study suggests that there is a cyber-attack every 10 minutes. It is rather mind boggling to know that Rs 1.24 trillion was lost in India last year due to cyber-crimes.
The only way out is to be careful while using mobile phones which have become a part and parcel of our lives. For the cyber crooks, mobile phones are the more preferred way of launching cyber-attacks as they also allow quick escape routes to them.
With a little over 80 rouge mobile applications identified every day, it needs to be appreciated that even a little carelessness can prove costly for the unsuspecting citizen.
While all operating systems and applications should be kept updated on a regular basis, craving for information on COVID-19 over the internet ought to be avoided.
As the perpetrators are faceless and often located beyond the boundaries of a nation’s jurisdiction, it is imperative to be vigilant.
As part of public awareness campaign, the Twitter handle - @CyberDost, launched by the Ministry of Home Affairs nearly two years ago advises people how to keep one’s personal and financial details safe while using them online.
Remember, it is always better to be safe rather than feel sorry later.
(Published on 04th May 2020, Volume XXXII, Issue 19)