I’m afraid that the COVID-19 pandemic has divided our society in two. The pressures of the quarantine and the stress of the pandemic brought out the best and the worst in people. We have seen volunteers of all types lauded on TV for their heroic efforts to help their neighbors. On the other hand, we also see people perpetrating terrible acts of violence against their neighbors.
Unfortunately, the cyber-community is in the same boat. There are those who have tirelessly worked to help people transition to the WFH model while others are using the extra time on their hands to produce and disseminate new malware and other types of cyber-threats. I am not going to delve into various social and financial reason of why this is happening. I will leave that discussion to the shrinks and the pundits. I just want to alert my readers that the level of cyber-crime has gone up as much as 500%, according to some sources.
What’s worse, is the fact that the cyber-crime as a Service (CaaS) underground economy has prospered during the pandemic. The cyber-criminals were able to take advantage of unscrupulous and desperate developers and technology specialists who were laid off or furloughed during the pandemic. Some of these developers have now permanently gone over to the Dark Side, so I don’t expect to see a significant drop in cyber-crime when the pandemic is over.
I’m not saying that you should stop using your computer and email, but there are several things that you should do to protect yourself, your identity, your money and your data. I will try to do a quick rundown here and I will include some examples of phishing emails that I personally received.
There are no Nigerian princes, dead Haitian millionaire without wills or any other source of money that some “barrister” or “private attorney” wants to share with you.
I know that it may sound funny, but you would be surprised how many people fall victim to these scams. These scammers try to con you in two ways: harvest email addresses (if you reply to them) and steal your money (if you give them your bank info).
What to do:
Delete the message and don’t give it another thought.
Nobody recorded you doing anything embarrassing on the internet!
Some people become very worried when they receive an email message that uses their password to prove that the scammer “knows everything about them”. The only reason for alarm here is the fact that your password is out in the open and available for purchase on the Dark Web.
What to do:
Change your password (if you are still using it). Check your email address on https://haveibeenpwned.com, so that you know how they [probably] got your info.
You don’t have a past due invoice from some company you never heard of.
Unfortunately, some of these messages look quite legitimate. Even the FROM address looks fine. However, if you click on the link you will end up at a site that will either try to extract your personal (or financial) information or it will try to infect your computer. Some of these sites try to do both.
What to do:
Before clicking on the link, just hover your mouse over it and see where it’s planning to take you. If you can’t do that, then right-click on the link and copy the URL, then paste it into Notepad to see the full link address.
American Express, Visa and Amazon are not sending you thousands of dollars [unfortunately].
What should raise an alarm in your head is the fact that your password is out in the open and available for purchase on the Dark Web.
What to do:
First, always look at the FROM address. If the domain is different than the company that the message is purportedly from, then most likely it’s an impostor. Second, if the whole message is an image with a link, then you can safely delete it and move on. Finally, don’t go by what the link text looks like in the message, but hover your mouse over it and see where it’s planning to take you.