COVID-19 has provided the perfect environment for cybercriminals to flourish, but why?
Cybercriminals catch us off guard and prey on stress, anxiety and fear
Cybercriminals thrive on panic and fear – in fact these are the two biggest weapons in their arsenal – and they are continuously on the lookout to take advantage of wider behaviours and trends.
Many of us have experienced a higher-than-usual degree of fear, stress and uncertainty over the last 18 months, due to sudden changes in our personal and working lives caused by the pandemic.
Amidst all this change, hackers have taken the opportunity to prey on individuals and businesses thrown out of their usual routines and away from reliable and familiar systems (1).
Cybercriminals use COVID as bait to commit fraud
Cybercriminals’ methods of attack are fairly consistent, often taking the form of phishing or malware, however, as we have seen above, the ‘bait’ used to entice victims is always topical.
Using the term ‘COVID’ in emails offering financial support, medical services (such as the vaccine) or soliciting funds for a cure or charitable cause plays on people’s vulnerabilities and fears.
This psychological hook gives cybercriminals a greater chance of people clicking on links, opening attachments or providing personal information.
Cybercriminals can use your personal information posted online to commit fraud against you
Over the last 18 months, as we have developed an increased reliance on technology to communicate, our habits around sharing information have changed and we are more likely to share personal information online, via email or over the phone to stay connected with friends and family.
Always be aware that cybercriminals will work hard to obtain information published online – including on social media sites, such as Facebook, LinkedIn and Twitter. They will then use this to establish a relationship with the person they are looking to defraud.
It is important to remember that your personal information is highly valuable, just like your house, car or other prized personal possessions – and you should take steps to protect it.
According to the World Economic Forum, “as social identities become more defined by online identities, users will be increasingly at risk of exposure to targeted political manipulation, invasion of privacy, cybercrime, financial loss, and psychological or physical harm (2).”
Be careful if you are using social media for personal and professional purposes. If your social media privacy settings are set to ‘open’ this means that any information you publish – such as your employment details, your current location, pictures of your family or friends or other personal information will be available to everyone. Cybercriminals can obtain this information and use it to target you.
Protecting yourself from cybercriminals
Below are some steps you can take to protect yourself from a cyberattack:
- Always be extra vigilant of any unsolicited emails, phone calls or texts you receive, particularly those that ask you to disclose personal information, use language which stress a sense of urgency, anxiety or panic. If you don’t recognise it or were not expecting it, it’s likely to be a scam. Don’t click on links or attachments.
- Be suspicious of emails or calls that ask you for your bank account details, credit card details, passwords or PIN or ask you to transfer money.
- Be suspicious of unsolicited emails or texts about generic deliveries for online purchases that ask you to click on links or attachments. Genuine delivery messages quote the specific retailer and/or product you have purchased online.
- Use secure websites if you are shopping online – secure sites typically carry the green padlock symbol in the address bar. Make sure the address for the website is the one you would expect.
- Don’t reuse username/password combinations across multiple accounts - use approved password managers e.g. Apple’s iCloud Keychain or LastPass and use different passwords for different sites. When choosing a password, avoid obvious choices such as mother’s maiden name, child’s name, pet’s name, or other references that someone may be able to find out through information you have posted elsewhere. Try to use random mixtures of numbers and letters.
- Update your mobile, laptops and other devices with security updates, where possible permitting devices to update automatically.
- Manage your security and privacy settings on social media and don’t share personal information publicly, such as details of holidays or links to Zoom meetings, for example.
- Be wary of accepting unsolicited, unknown or suspicious looking “friend” or “professional connection” requests on social media – they may just be trying to access information on your personal profile.
- Shred personal information to prevent bin diving.
- Always change the ‘factory default’ password on your devices, especially on your home WiFi.
- Always opt for “two-factor authentication” methods where this is offered in online services you use. Typically, this involves using a smart card token or something similar to receive a text or code when you log in to online services (such as online banking), to verify you are who you say you are.
- Back up important information, photographs and key contacts. By backing up your data, whether it's business or personal information, you needn’t be thrown off in the event of an attack and cyber criminals can’t hold your personal information to ransom.
- Regularly check the following websites to keep up to date with scams and trends. You can share these with friends and family:
https://www.getsafeonline.org/ Opens in a new window
https://www.fca.org.uk/scamsmart/warning-list Opens in a new window
https://takefive-stopfraud.org.uk/ Opens in a new window
https://www.actionfraud.police.uk/ Opens in a new window
Finally, remember - when receiving unsolicited emails, calls and texts always pause and consider before sharing information.
(1) https://securityboulevard.com/2020/12/staggering-phishing-statistics-in-2020/
Opens in a new window
(2) http://reports.weforum.org/global-risks-report-2021/error-404-barriers-to-digital-inclusivity/
Opens in a new window
Wendy McMahon, Information Security Officer at Handelsbanken
To find out more about security and fraud prevention please visit handelsbanken.co.uk/security.
This article was first published as part of our 'Viewpoint' newsletter in December 2021.