How to Avoid Cyberattacks during an extended period of working from home

Hackers will take advantage of any vulnerability they can find. Amidst the pandemic of COVID-19, attackers are taking advantage of the alertness of the world population with phishing emails, social media posts, apps and text messages containing malware. These scams typically involve fraudsters impersonating healthcare officials.

In fact, CERT-In (Computer Emergency Response Team of India) in its latest advisory to internet users said that cyber criminals are exploiting the COVID-19 outbreak as an opportunity to send phishing emails claiming to have important updates or encouraging donations, impersonating trustworthy organizations. The phenomenon has been witnessed as many organizations have asked their staff to work from home to help stop the spread of the coronavirus that has claimed thousands of live worldwide and infected millions.

As these cyberattacks continue to spread, we recommend these six best practices to help protect ourselves.

Check for Common Signs

If a form of communication asks you to click a link, download an attachment or give any personal or financial information, this should be a red flag. Do not exchange information or do financial transactions with entities that you are not familiar with.

Look for common signs of fraudulent sites/ emails including:

1. Poor design
2. Poor grammar or spelling
3. Unreliable contact information
4. No Terms and Conditions listed
5. Deals that seem too good to be true
6. Suspicious forms of payment (like sending money to a random PayPal account)

Treat Emails about COVID-19 with Suspicion

This sample phishing email lures readers in with a "cure" to the virus, but the attachment contains malware. Reading carefully reveals that the fraudster spelled Israel "Isreal," which is a clear red flag.

Pay Attention when Browsing

It's also important to be careful when browsing, whether on websites, social media or apps. You can check the sites you visit for TLS (Transport Layer Security) /SSL (Secure Sockets Layer), the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. Different browsers have unique identifiers to show if a website is secure. You can view our blog on how to identify authorized sites to know how to distinguish authorized from unsecured sites.

Additionally, web users can check the safety of a site by copying and pasting the URL into the Google Safe Browsing Transparency Report. If a suspicious or fraudulent site is found, it can be reported to Google's Safe Browsing or Mozilla's Protect the Fox.

Don't Download Unknown Attachments (Like This Map)

Malware is currently spreading through cybercriminals distributing via email a map similar to the one by Johns Hopkins University. The map often includes links to malicious sites disguised as official communication.

Beware Text Messages Claiming to be from the CDC

Reports of people receiving a text message from the CDC have surfaced, but they are a hoax. In general, do not click on links in text messages from unrecognized numbers. They can link you to sites that distribute malware.

Fight Technology with Technology

To prevent attacks always update your software and browser with the latest versions of Microsoft Edge, Mozilla Firefox and other vendors' browsers that come equipped with anti-phishing filters.

Existing technologies such as PKI (Public Key Infrastructure), which provides encryption and cryptographic identity guarantee in each data flow and verifies all network users, can play a key role in protecting homes, businesses and connected networks. Email attacks are common forms of phishing and social engineering, and companies can also help protect users and other people who trust their email systems by using digital certificates to assure the identity and authentication and encryption of the client.

Overall, rely on legitimate health services and government websites for information. Do not give out personal or financial information and verify that a charity is legitimate before making donations. You may want to review the FTC guidelines for vetting a charity and avoiding scams before making any donations.

During this global pandemic, not only do we need to reexamine our social habits, but also our digital ones. Following these tips can protect against hacker attacks and data leakage, keeping your network and devices safe

About the Author:

About Dean Coclin

Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company. In his role at DigiCert, he's responsible for representing the company in industry consortia and driving the company's strategic alliances with technology partners. He's the past chair of the CA/Browser Forum and the current vice chair of the Forum. He also is chairing the ASC X9 PKI Study Group.