Canadians across the country are now in week 2 of practicing social distancing and self isolation. As each citizen looks to do their part in helping the country plank the curve, millions have found themselves at home scouring the internet for the latest information and updates on the COVID-19 pandemic.   

Without sports, travel, social and leisure gatherings and unfortunately for many, without work, the internet has become the primary source for both distractions and updates. Sadly, this also means the pandemic has provided a major opportunity for cyber criminals to take advantage of the flood of internet users. Preying on the public’s fears and need for information, cyber criminal activity involving phishing tactics and false news sites has surged according to the federal government. Citizens are being warned that links and attachments are not what they seem as they may contain malware.

WHAT TO LOOK OUT FOR

Spear-Phishing

• Sad Stories

You may have already seen emails in your inbox with people writing to you about very sad stories, trying to play on your emotional empathy. The writer’s story details a death in the family, their own sickness and a plead for help. Often a link or number to call is provided with a request for financial aide.

• Miracle Cures/Treatments

Some criminals are writing emails posing as a company that needs funding for a cure they are working on or offering treatments for positive patients. Links containing malware or a request for financial contributions and information are typically in the body of the email.

• Free Medical Equipment/COVID-19 Tests/Infected People Lists

Emails have been sent with individuals and businesses selling and giving away free COVID-19 test kits, masks, sanitizers, other related equipment and even neighborhood lists of people that have tested positive for the virus. Typically a link or a request to submit personal and financial data is embedded in the message.

Spoofing

• Updates, Information and Maps

The easiest way of baiting people into opening emails is by criminals posing as legitimate sources such as the World Health Organization (WHO) and Center for Disease Control and Prevention (CDC). These authentic looking emails look like they are directly from the source providing links and attachments promising the latest news, infographics (maps and statistics) and donation links related to the pandemic.

• “Colleagues, Family and Friends” Needing help

With the slightest change in the way the email address is spelled, criminals are targeting people by pretending to be a known associate or family member requesting the recipient to click on a link or to send relief in the form of financial help.

• Public Health and Government Agent Impersonators

The RCMP is warning Canadians about scams including fraudsters impersonating Public Health Agency workers and government agents that have tested positive for COVID-19. They then request help via credit card information for prescriptions.

• Fake Test Result Phone Calls and Text Messages

More complaints have been filed with reports showing text messages from the Red Cross offering free face masks and phone calls requesting aide in the form of credit card information, are being sent out to Canadians.

The Canadian Government is currently fighting the spread of disinformation by shutting down fake websites and looking into the sources of the phishing scams.

Scott Jones, head of the CSE’s Canadian Center for Cyber Security recently told CBC News, "We've taken down some COVID-related fake sites out there. We work with partners to do that type of thing. We're taking action."

The government is urging people to stay vigilante when looking for information online and when opening emails/social media requests.

Gen. Jonathan Vance, the Chief of Defence Staff also warned CBC that both state-sponsored and non-state-sponsored actors may be behind some of the attacks we are seeing. Those in the medical and research field should take extra caution as these actors may be looking to expose Canadian companies with stolen data and ransom requests.

WHAT YOU CAN DO TO PROTECT YOURSELVES

As cyber crime in Canada has increased with criminals taking advantage of an already vulnerable and suffering population, we can only hope that Canadians are taking precautions online.

One of the most effective ways we can fight the spread of disinformation and online scams is by practicing good cyber hygiene and awareness:

• Verify The Sender

Before believing what you are reading or acting on a request, be it from your phone, computer or tablet, verify the source. Take a close look at the email address and make sure it is correct. One character can be the difference between a scam and an authentic message.

• Do NOT Click On Links Or Attachments

Rather than opening links, regardless of who they are from, go directly to the information source’s verified website. If you think something is too good to be true or you want to read about an update, go to the official WHO/CDC/News site. Donations can be made on official sites as well.

• Practice Good Hygiene

Remember to follow the basic tips of good web habits. Make sure your apps, OS and software are up-to-date, apply MFA and strong passwords that are not reused across platforms and stay vigilante.

As we encourage everyone to stay safe online, we would also like to take the time to thank all of the essential businesses, first responders, medical workers, government agencies and people that are in the front lines working hard to keep us all healthy and safe during this pandemic.

Talk to a Cyber Security Expert

Cyberthreats are growing almost exponentially, and cybercriminals are actively targeting small/medium-sized businesses because these organizations do not have the internal awareness, expertise, or tools to protect themselves.

We created EnterProtect with the mission of mitigating the damages to organizations caused by cybercrime. Talk to a cyber security expert today and find out how we can help protect your business.