“The best and fastest test for detecting coronavirus at the fantastic price of 19,000 Russian Rubles (just 6,000 Pesos).” This is the bait used by the website vaccinecovid-19\.com to attract internet users, but it’s a fraud. Security solutions provider Check Point has identified that the platform, which also offers news and a map of the spread of the SARS Co-V virus, is connected to malicious activities.
It’s not the only one. Some offer face masks, others provide vaccines, and still others have home tests to detect the virus. These cyber criminals take advantage of the fact that the terms “Covid-19” and “coronavirus” have become very popular in searches to create domains with fraudulent information and commit cyber crimes, which can run from using your credit cards to stealing your information to commit fraud.
The creation of domains to do with coronavirus has taken off during the pandemic. 90,824 new ones were created since the outbreak began until May 11, according to Check Point. Nearly 20,000 new domains related to coronavirus were registered from just April 20 to May 11: 17% of these are malicious or suspicious.
“When you hear the term ‘hacker’, you think of someone hiding in the dark. This image has been sold to us by movies and other media. In reality, there are companies that exist to do these types of attacks on a large scale,” says Víctor Álvarez, pre-sales engineer at Check Point.
The security solutions provider has detected up to 192,000 coronavirus-related attacks per week, an increase of 30% in comparison with previous weeks. These attacks come through websites whose domains include the words coronavirus and Covid-19 or through files related to the subject that are sent to victims’ email addresses.
In the week of March 23, the cyber security firm Forcepoint identified an increase of 358% in malicious emails that contained the addresses of websites connected with Covid-19 and coronavirus. This was in comparison with the previous week.
“60% of attacks reported in Mexico are through remote code execution, i.e. phishing techniques (scams using false information),” explains Álvarez. “When users click on them, cyber criminals take control of their devices and begin to execute different commands to share information.”
As internet traffic increases, so do the chances of falling for a scam that weakens the security of network-connected devices. “Certain behaviors we aren’t paying attention to present risks at the moment for two reasons: because we want to use more services and platforms or because there’s also opportunism on the part of digital criminals,” emphasizes Jesús Romo, director of Telconomia.
Avoid becoming a victim
Cyber security companies and telecommunications specialists have some simple and specialized recommendations for keeping your internet operations secure:
Check the basics. “Make sure your devices have antivirus software and the software you’re using is up-to-date,” suggests Romo.
Don’t open suspicious attachments. “If something looks too good to be true, it’s bound to be a trick to steal your information,” says Álvarez. Check the domain names, the spelling of emails or websites, and the senders of emails from unknown addresses.
Choose unique passwords. Make sure you don’t reuse passwords between different applications and accounts.
Use encryption when working from home. “If your company has security filters, such as a virtual private network, it should provide you with this so that your device connects securely outside the office building,” says Aldo Cano, independent information technology consultant.
What should I do if I’ve already opened a malicious file or link?
It’s time to change all your passwords to prevent cyber criminals continuing to have access to your information.
Remember that an antivirus is not sufficient in the case of business devices. These need integrated protection that allows secure internet browsing through a virtual private network (VPN), programming restrictions for sites that tend to share malicious information, and protection of each device with solutions according to the size of the industry.
Mobile devices such as smartphones and tablets are vulnerable too, so there are also dedicated protection solutions for this type of equipment.
Cyber criminals take advantage of any small breach of cyber security or trending topic to extract confidential information and continue committing crimes, as is the case for Covid-19.