Cybercriminals love COVID-19: Here’s how to stay cyber-secure

Uncertain times unfortunately provide criminals golden opportunities. By following these cyber-security tips, you can enjoy a safer digital presence for yourself and your loved ones.

Written: Mar 2020

Reading Time: 3 minutes

The ongoing COVID-19 situation is causing wide-spread disruption of society, from industry and commerce to our daily lives. Unfortunately, scammers are already trying to take advantage of us on digital platforms, which are crucial to keeping us all connected in times like these.

“Criminal activity by hackers and fraudsters exploiting people’s uncertainty and fears have already begun. We have seen cases where people have impersonated the World Health Organisation (WHO) and critical national authorities to conduct fraud, spread fake information, and carry out so-called phishing attacks to obtain sensitive information through e-mail and telephone. We expect to see an increase in cybercrime as businesses, organisations and authorities rapidly implement new measures to address the challenges related to COVID-19,” says André Årnes, SVP and Chief Security Officer at Telenor Group.

André Årnes, SVP and Chief Security Officer at Telenor Group.

The EU’s law enforcement agency, Europol, has recently warned against such activity in an advisory available here.

7 ways to help us all stay cyber-safe

Luckily, there are many actions you can take in your own way of work and daily business to stay cyber-secure. Here are seven tips Årnes and his Global Business Security team at Telenor recommends familiarising yourself with:

  1. Be aware of fake information. Only trust information from verified official sources.  A crucial step in a hacking attempt is often for the hacker to mask their identity as someone you would usually trust, what we call impersonation. The WHO and critical national authorities, such as the U.S Centers for Disease Control and Prevention (CDC), are typical victims of such impersonation. The WHO has found it necessary to inform about how they will communicate on their websites to help people not fall victim to hackers. Only trust information about COVID-19 from official sources. If in doubt, visit the official source on their website directly to see what information is available there.
  2. Verify that the sender is who they claim to be. This can be done by checking if the e-mail address is the correct address of the alleged individual or organisation, or by contacting the sender through alternative communication by calling or sending SMS to verify if they have sent you the e-mail or not.
  3. Verify links in e-mails before you click on them. This can be done by hovering the mouse over the link to see if the link actually leads you to where it says it will. On your phone or tablet you can click and hold your finger or stylus pen on the link until a window pops up displaying where the link will take you. Make sure to verify that the domain is legitimate. For instance, if you receive a link to visit Telenor’s website the domain should be www.telenor.com and not something almost similar, such as www.tellenor.com (with two L’s)
  4. Be wary of unknown messages urging you to open attachments. Verify that the attachment actually comes from who it claims to be. Is the e-mail expected? Typical warning signs are language that plays on fear and urgency to open the attachment NOW or else something bad will happen.
  5. Be sceptical of requests to provide sensitive information such as username, passwords or credit card details. Official organisations will never ask for such information openly on e-mail, and they will never ask for your password.
  6. Report suspicious activities. Contact the security department in your company or check if national authorities have a reporting mechanism for citizens to report cyber-crime.
  7. Take security training and stay updated. Cyber threats are constantly changing with increasing digitalization and new technology. We recommend you to learn the basics about how to secure your digital presence. There are many free courses online, such as these from SANS. To stay updated on cyber security events you can subscribe to one of many free newsletter available from different organizations or national cyber security centres in your home country.