With the country taking on the Coronavirus pandemic head on, cybercriminals have lost no opportunity to exploit fears around it. We need to crack down on this fast-growing menace
For the world, the outbreak of Coronavirus has meant solitary confinement for so long. There’s nothing much to cheer about. In the words of Prime Minister Narendra Modi, “Home is the new office and the internet is the new meeting room.” Even those, who had otherwise been “digitally ignorant,” have now taken to the internet to stay connected, air anxieties, share information and bide the quarantine time. According to data from the department of telecommunications, Indians consumed 308 petabytes (PB) or 308,000 terabytes (TB) of data daily on an average for the week beginning March 22. Such rapid consumption of data has also lured cybercriminals to “harvest free-floating” data to accelerate the spread of malware. But are internet users even aware of the socio-technical challenges that come along? With the spread of the disease, we are (rightfully) bombarded with health advisories almost every day but are we even aware of the importance of preserving user privacy so as to maintain cyber hygiene in these turbulent times?
Some forms of cybercrimes that have assumed importance in COVID-19 times include phishing, malware distribution, ransomware, fake news, cyberbullying, zoombombing and even child pornography. Phishing is a type of social engineering attack, which is done to steal personal data using emails or phone calls. Many more techniques are applied to lure the victim to click at mischievous links or to share the OTP. Only late last month, a Mumbai resident reported to have lost substantial money after he was coaxed to share an OTP on the recently downloaded malicious contact-tracing app. Similarly, social media platforms, emails and apps have also been “weaponised” with malware (also referred to as “spyware”, “payloads”, “trojans” and “rootkits”), which stealthily steals personal data from the device of the unwitting victim. In the wake of the spread of Coronavirus, a threat map website, too, was launched to steal personal information from a panicked public.
To top it all, sextortion email scams are back with vengeance. Such dubious emails falsely claim to possess porn videos of the victim and demand ransom, usually in bitcoins. In certain instances, IT resources of the victim could be “locked”, this is termed as “denial-of-service” (DoS) attack. Another prevalent category doing the rounds amid Corona pandemic is that of misinformation (fake news), which has only further alleviated fears. To cite an example, a fake message claimed that administrators of 52 WhatsApp groups were detained by the Dadar Cyber Crime Police. Another viral message alleged that Prime Minister Modi is offering Rs 15,000 to all Indians and that the Government has launched a video conferencing tool, “Namaste” as an alternative to Zoom.
Several spurious websites advocating safety tips and treatment methodology have mushroomed, too. The latest scam using UPI revolved around the PM Cares Fund with a fake UPI ID being floated. Likewise, several duplicate websites have emerged where the unemployed are expected to deposit some money to have access to potential job givers. Scams offering discounted services from Reliance Jio and Netflix have been there, too. Believe it or not, fraudsters even tried selling the world’s largest statue for $4 billion, claiming the proceeds would be used to help the Gujarat Government fund its fight against the Coronavirus.
Besides, Zoom calls have witnessed undesirable videos and leakage of sensitive office information. What is most unfortunate is that there has been a sharp rise in the demand for child pornography. The digital preoccupation of children has increased because of lockdown-related compulsions of using digital collaboration tools for “study from home” and they have gone more vigorously on online dating and gaming platforms, too. As a result, “children, teens face a bigger risk online” warned a report. Cyberbullying, including unpleasant social media retorts and humiliating posts against individuals or a community, particularly the Chinese and their look-alike communities, have also inflated to almost 900 per cent in the last few weeks.
All such criminal activities on the cyberspace echo the view that a quarantined world has become like living on a block of thin digital ice that calls us to be extra cautious. To avert COVID-related cybercrimes, we must practise basic “digital distancing” and maintain “cyber hygiene” norms. One must particularly be wary of “unsolicited emails” or unknown “friend requests.” One should never open links made available through unknown addresses. It should also be a complete no-no to apps that originate from unreliable locations or expose our personal details on social media.
Increased digital activity from domestic devices insists that we install anti-virus and virtual private network (to camouflage real IP addresses). We should also regularly upgrade our software. Let us develop a habit of creating stronger passwords, consisting of “caps”, “special symbols” and “numbers.” We must also keep changing your passwords regularly; for this one can rely on inbuilt password managers.
Using two-factor authentication is a must; maybe we can purchase hardware keys like Yubikey. Let us keep our webcams closed when not in use. Adopting a very strict “zero-trust” approach, which includes keeping privacy settings of all the devices and apps stringent, is essential. One must make sure that everything and everyone is verified before we grant any information or access to it. After all, where there are vulnerabilities and weakness, there is space for greater harm — both physical and cyber.
If despite all the aforementioned precautions, one unfortunately gets entrapped in any kind of cybercrime, the easiest way out is to seek help by dialling “100” and registering an FIR/complaint. However, in doing so, the victim must provide all supporting documents and details of the crime, including his/her name, date and time of the incident, email, mobile number, hard copy and soft copy of the screenshot of the malicious message. A complaint can also be lodged with the national central portal, cybercrime.gov.in. Simultaneously, it is prudent to report to the respective service provider of the digital platform where this crime has happened (such as Google for Gmail).
Indeed, these times have imposed serious challenges on us. As rightly remarked by Lt Gen Rajesh Pant, National Cybersecurity Coordinator, “Cybersecurity is everybody’s responsibility” and “…the end-point of cyberspace is our mind.” Let us all join hands together and stay extra vigilant on internet spaces and dampen the celebratory din echoing from the corridors of cybercriminals, a la’ Jamtara. After all, digital trends are here to stay in a post-pandemic period, too.
(Writer: Charru Malhotra; Courtesy: The Pioneer)