A recent extensive report by the European Police Office (Europol) on cybercrime confirms that the global Covid-19 pandemic is being heavily abused by cybercriminals. It is therefore important to be familiar with the tools that hackers have recently used and to know what to protect themselves from.
Cybercriminals continue the proven tricks, such as ransomware, during the global Covid-19 pandemic, but at the same time adapt their tactics to new opportunities. Thus, it not only spreads extortion viruses, but also grows, for example, the cloning of SIM cards and other attacks on mobile phones.
Mobile security threats
SMS + phishing = SMishing
From e-mails, the interest of attackers is shifting to mobile phones, so the number of attacks through fraudulent SMS messages is growing. Today, people are commonly used to using confirmation SMS to log in to sensitive systems (internet banking, corporate mail or applications), the problem is that they are less cautious on smartphones during these operations.
Combined with the fact that mobile devices are often outside the management of corporate IT and without any protection or surveillance tools, they represent a very attractive target for fraudsters. Through SMS, iMessage or other messages, they will send you, for example, information about the delivery of the shipment, with a link that will ask you to fill in the data. There are also known cases where SMS called for verification, update or "reactivation" of accounts by redirecting to a fraudulent site or even by calling a fake contact center, "he adds.
Vishing - social engineering in telephone fraud
Telephone fraud (voice + phising) with elements of social engineering, which the US FBI warned against in the summer of 2020, is also becoming more frequent. Attackers take advantage of the fact that there is no personal contact when working from home, so it is possible that even callers from an unknown number can more easily gain your trust. The chances are even higher if the attacker knows the names of your superiors, colleagues or the names of the department where they work. Add to that a fictional story, in which, for example, you will be asked to generate a one-time password for logging in to the VPN. This opens the way for the company's internal data.