The increase and global spread of cybercrime is partly linked to the amount of people being online, the increase of devices being used by each one of us and to the amount of time we spend online.
All the above elements are currently exacerbated by our transition into a quarantine environment on a global scale, where the majority are constantly online, either for work, communicating with friends and family, shopping or entertainment.
A percentage of the people going online have been thrust into a new online universe much more abruptly than they were prepared for by the lockdowns. Coping with the technical challenges and the cyberthreats linked with this novel way of operating will be difficult, particularly if there is little prior knowledge and experience of using online systems and platforms.
There will, therefore, be a greater abundance of possible victims online and a larger number of vectors of attack that suddenly become available, potentially without adequate safeguards being implemented due to the rush with which people have had to transition to the new online reality. As Action Fraud highlights: “Since February 2020, the National Fraud Intelligence Bureau has identified 21 reports of fraud where Coronavirus was mentioned, with victim losses totalling over £800k”.
It is not surprising that the spread of concern and panic for new information on the pandemic is presenting criminals with new opportunities for information theft and fraudulent schemes, taking advantage of the public’s genuine concerns.
In fact, there already are plenty of examples: From emails purporting to be sharing COVID-19 cure-related advice, in order to harvest personal data, to possible tax refunds and fake donation sites, cybercriminals are, as usual, coming up with innovative ways of exploiting an issue that has received widespread public attention for their benefit. Researchers have found that malware integrated in coronavirus-related content is being sold on Dark Web forums.
Some even argue that state-sponsored cyberattacks have taken advantage of the COVID-19 situation in order to infect their targets with malware and steal information in cyberespionage attempts.
Acknowledging the increasing risk, government agencies, from the US Department of Homeland Security, to our very own National Cyber Security Centre have issued advice and guidance for increasing the cybersecurity of users and businesses during the COVID-19 pandemic. The advice is not necessarily new, but is written within the context of COVID-19 scams and phishing emails and in order to minimise risk in home-working conditions, as it has been urgently imposed on employees due to the recent lockdowns.
As we spend an increasing amount of time online in the coming weeks, it is important to be vigilant and follow the simple advice of the national “Take Five” campaign, which asks of us to take five minutes to think about clicking on a link we are unsure about or responding to an unsolicited email asking for our personal information.
Our inevitable information and screen fatigue and an overwhelming concern for our well-being, could lead us to become careless and click on unsafe links that purport to have the latest coronavirus information, share content from unverified sources and even pay large sums to shady vendors online in order to buy miraculous cures.
We have to resist the temptation to do the above and remember that it is important to follow advice and links only from reputable sources and to second-guess any offer that seems too good to be true. In a time of uncertainty and insecurity, we should at least make sure that we do not also fall victim to information breaches or lose money to fraudsters.
In the end, we are all links in the cybersecurity chain and maintaining our cybersecurity requires a similar process to maintaining that, we, and those around us, are protected from the coronavirus. In the same way that careless offline interactions can lead to our infection and the wider spread of COVID-19, our inconsiderate online decisions and interactions can entail “cyber – infections” that we can subsequently carry and transmit to other users and their devices.
Following the advice and guidance issued by legitimate government sources regarding cybersecurity is, thus, a critical step towards ensuring that we are safer from those online harms. And, if you want to actively help find a solution to the coronavirus problem, you can always lend some of your home computing power to a group of researchers trying to put together a supercomputer network to analyse the virus’ functions and come up with a cure.
By Vasileios Karagiannopoulos, PhD, LLM, LLB, CFIP, Director of the CybercrimeAwareness Clinic
Vasileios has graduated from Athens Law School and has completed an LLM in Information Technology Law and a PhD in Law at the University of Strathclyde Law School with distinction.
Since 2014 he has been working at the Institute of Criminal Justice Studies where he is now a Reader in Cybercrime and Cybersecurity. Vasileios has led the launch of a BSc in Criminology and Cybercrime in 2018 and he is the Director of the Cybercrime Awareness Clinic, an innovation project that has secured funding from Hampshire Constabulary, The National Cyber Security Centre, Centre for Research and Evidence on Security Threats and EU Interreg 2 Seas to work on various cybercrime awareness projects with vulnerable groups and organisations.
Vasileios has also acted as Chair of the departmental ethics committee and Vice Chair of the Faculty of Humanities and Social Sciences ethics committee and he is also a member of the Institute for Ethical AI and Machine Learning. He has published extensively in national and international journals in relation to cybercrime and information technology law and politics as well as Internet regulation and research ethics.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/