By Sunil Chandna, Stellar
Since the COVID-19 pandemic weaved its way across the world, scientists and virologists have been working around the clock to develop a vaccine and identify effective therapeutic treatments. Unfortunately, while the world’s population has been distracted by COVID-19 developments, economic worries, and health concerns, hackers have been working just as hard, devising ways to exploit the global distraction and take advantage of the uncertainty brought about by the pandemic.
According to a study by CRI, the rate of fraud, identity theft, and other scams has risen by 33 percent over the course of the pandemic, and experts at the National Cyber Security Centre, or NCSC, have identified numerous methods hackers are using. The most pervasive of these being emails containing what looks like life-saving information about the COVID-19 virus and the pandemics’ spread. Once these emails are opened, and a link is clicked, malicious malware is downloaded to the victims’ computer which is used to steal personal data, or freeze their computer, which can only be unlocked if the victim pays a fee.
A range of software and apps also have emerged that claim to provide workers with free VPN software, virus tracking maps, or ways to ‘get rid of the coronavirus’ which, once downloaded, install malware that can steal personal information, passwords, or banking information.
Some of these hackers are taking an even more daring approach in an attempt to take advantage of businesses that have recently switched to remote working. To exploit new vulnerabilities, these ‘bad actors’ are posing as employees of an organization and claiming to be from a different department to trick staff members into giving them access to sensitive company data.
With these methods in mind, it’s clear that businesses of all sizes are vulnerable to exploitation, fraud, and phishing scams. So how exactly can business owners and leaders ensure they’re well-protected?
Phishing scams and fraud attempts from hackers generally rely on panic responses from their victims who, ideally, will click a link to ‘find out more’ without much further thought. As such, it pays to be mindful when receiving unsolicited emails with information regarding COVID-19. Pay attention to the spelling and grammar used, as often hackers operate outside of their country to avoid prosecution and don’t speak English as their first language. Following this same theme, look out for generalized greetings, like ‘Hi Concerned Citizen’ as typically, when making first contact, scammers and hackers don’t know the name of their victims.
Another important red-flag to be aware of is a call-to-action, which are typically requests for more information, requests to verify identity, or calls to ‘learn more!’ by clicking a link. If an email is received from an unfamiliar sender, has spelling mistakes, and asks you to complete an action, it’s most likely a hacking attempt and should be disregarded and deleted.
For those working on newly remote teams, if a phone call is received from a person claiming to be from another department, ask them to verify their identity by sending a request via their business email. If they refuse to do so or claim to be in a rush, don’t provide them with any additional information, instead, record their phone number, and hang up the phone. While it may be intimidating to do so for fear of rudely hanging up on a more senior member of staff, it’s unlikely to result in any disciplinary action because after all, the companies’ data security should come first.
Another important action in mitigating risk when downloading ‘free’ software is by verifying that the source of the software can be trusted. Doing so is relatively simple, and only takes a quick google search which will typically contain reviews from others who either confirm that the software is legitimate, or that the software is actually malware. URLs should also be verified for legitimacy, as oftentimes, hackers manage to secure domains that are close in spelling, and that feature content identical to the legitimate website.
So what should an employee do if they fall victim to one of these scams? If phishing malware is accidentally downloaded, the first step is to notify all relevant parties within a company so they can go into damage control. Then, change all personal passwords and return the device so any malware can be thoroughly addressed and erased. Once these first three steps are complete, both the employee and IT teams should continue to monitor any accounts or system activity for suspicious activity.
Is Data Held for Ransom Recoverable?
If an employee manages to accidentally download ransomware, a type of malware that locks down a computer and requires a ‘fee’ be paid to the hacker to release it, do not pay. This is the official advice from the FBI, who have stated that by paying, hackers’ intentions are reinforced, and there’s no guarantee that they will even release your files. Instead, take a screenshot, or photo of the message that appears, then begin the process of removing the ransomware and restoring the system. Thankfully, data held for ransom is recoverable, and there are several tools, from virus and malware scanners to data recovery tools like Stellar Data Recovery which is simple enough for both IT professionals or regular employees to use that can help in the recovery of data from ransomware like WannaCry or Petya virus and the restoration of any affected data or lost files.
While the COVID-19 pandemic has flung the world into a new way of operating, the fear tactics used by hackers and scammers remain the same. By being vigilant and applying critical thought, individuals and newly deployed remote working teams can stay one step ahead of the hackers and keep their devices, data, and personal information safe and secure.
Sunil Chandna, CEO Stellar- Sunil Chandna, is CEO & cofounder of Stellar. For 25 years he has led Stellar to be a dominant global player in the data recovery and security space. He is a computer science engineering graduate by qualification and his functional specialization includes business strategy, product management, customer experience, and markets expansion.