Corona Daily 034: Threat of a Scamdemic

UK’s cybersecurity agency took down more scams during the pandemic than in the previous three years combined. Fraudulent online campaigns grew 15 times. Experts found 43 fake NHS covid-19 apps hosted outside the official app stores. In the USA, Federal Bureau of Investigation said complaints rose by 69%, reaching a record 791,790.

*****

Phishing was a term coined in 1996 by hackers using email lures, setting out hooks to “fish” for passwords and financial data from the “sea” of internet users. Twenty five years later, the lexicon is richer.

Spear phishing is custom-made messaging or emails. The scamster will take data from your social media account, and send you a personalized phishing message. Smishing is phishing done through SMS.

David Robson, the author of the intelligence trap: why smart people make dumb mistakes, in a BBC article calls the global wave of scam attacks a “scamdemic”.

*****

Smartphones have made the job of fraudsters easier. On the small screens, details are rarely scrutinized. While emails may sit in our laptops for days, we tend to read and respond quickly to phone messages. The smartphone users are multi-tasking, watching a film, chatting with friends, forwarding Whatsapp pictures, switching between apps. Some people read and respond to messages while driving, endangering their life expectancy.

One research monitored fifty smartphone users, and found they switched apps an average of 101 times a day, though they looked at the screen for 2 hours 30 minutes. With such lack of focus, a smartphone user is prone to become a phishing victim.

We instinctively feel it is easier to dupe elderly people. But their use of technology is limited, and they are more suspicious. The young, on the other hand, have no fear. Without thinking, they can quickly open links, order online, fill forms, and give information they shouldn’t. Smartphones put the millennials and generation Z at a higher risk.

*****

Pandemic filled people with anxiety and stress, making them more vulnerable. In the lockdowns, we became more reliant on online communication and smartphones. Psychologists talk of a Pavlovian behavioral loop. Every sound of a new notification lifts our mood a little. It triggers a desire to read and respond.

Security experts advise us to not respond to any message immediately. Wait. Ask yourself: Is this real? Don’t automatically click on links. (The way we accept “terms and conditions” without reading them). Clicking on links may put your personal data in the hands of a cyberscammer. If you don’t know the sender, or trust the link, it is better to manually type out the address. That way, you can spot anomalies in the URL.

*****

The list of coronavirus scams is long.

On Facebook, some people proudly post their vaccination photos as well as the vaccination card. Scammers can steal your name, birth-date and other information to easily impersonate you. Don’t ever post your vaccination certificate on social media.

There have been covid-19 testing, vaccine, and treatment scams. Since vaccine is a scarce item in many countries, you may be offered early access to it. All you need to do is to fill a form giving your details. Don’t.

Fake charities have mushroomed. Your screen will show crying children, distressed widows, dying patients. The pictures move our hearts, but they are often from crooks. Scamsters are also using real charities to perpetrate their attacks.

If you think human beings can’t be viler, let me tell you about funeral assistance scams. Scammers call family members of people who have just died. (Probably steal the information from the hospital). They claim to be from the government’s funeral assistance programme. In USA, many such “funeral directors” have stolen family members’ social security numbers.

Those working from home have been cyberattacked not for their own money, but to attack the employer. BEC (Business email compromise) attacks involve a hacker gaining control of legitimate email accounts to steal company funds.

*****

During the pandemic, and after it, it is a good practice to assume nobody is immune to phishing attacks. Never give your personal and banking details. Slow down your response speed on smartphones. Don’t open untrusted links.

The coronavirus pandemic will get over, but the scamdemic will continue.

Ravi