As cybercriminals prey on global fear, business and economic uncertainty caused by the coronavirus outbreak is amplifying scams and attacks, companies and individuals must be extra vigilant to the increasing threats online, a leading cybersecurity expert has warned. With countries worldwide implementing lockdowns, work from home initiatives, social distancing and other precautionary and preventative measures, governments and businesses are disseminating more information than ever before via digital platforms, a situation cybercriminals are exploiting, says Simon Fisher, executive vice president – Gulf, ACE Insurance Brokers. "While very few of these cyberattacks are technically sophisticated, cybercriminals are successful as they are capitalizing on the state of concern across the globe," said Fisher. "The criminals use social engineering techniques, including ‘baiting', whereby the attackers send out a false promise to pique a victim's curiosity, and ‘scareware', which sees users bombarded with false alarms, directing them to an action that leads to a malicious site and infects their computer. Other techniques include ‘pretexting', ‘phishing' and ‘spear phishing'." "As we are all spending more time online, that extra level of vigilance and care to where and what you are researching, sites you are visiting, links you are clicking, will go a long way to keep your data and your devices safe." "We've seen recent examples of these crimes as airlines began to scale back flights to try and stop the spread of COVID-19. Scammers have been sending out phishing emails offering false refunds or rebooking of airfares." ‘Impersonation' attacks are also on the rise, added the ACE Insurance Brokers' cybersecurity expert. With people searching for up-to-date information on the virus, hackers "map" authentic websites claiming to show trackers of the virus spread when they are, in fact, infecting users' devices with malware. "These fake websites execute what we term "drive by" attacks by hiding malicious code and downloads inside the pages that are executed as soon as it's opened," he said. Malicious app developers have begun to take advantage of the situation and are using coronavirus-related keywords in their app names or descriptions to drop malware or commit theft of financial or personal data for a user's smartphone. Working from home is challenging on many fronts and organisations aren't properly prepared, particularly when it comes to security, with their security tools not providing coverage outside their corporate facilities. While many are successfully retrofitting operations to support remote working, the human element must be addressed. Fisher explained: "Employees must be properly trained on the do's and don'ts of what to do while working remotely. One golden rule to follow though, is ‘think before you click'. We place great importance on our customer-centric approach and will be launching work from home awareness training for our clients." Now more than ever, having the right cybercrime insurance protection in place is the prudent action for all businesses as the financial consequences an attack could severely impact the bottom line. — SG
