The COVID-19 crisis has created a ripe environment for fraudsters to operate, a recent online panel discussion held by security firm Kaspersky has outlined. This is primarily due to increased reliance of individuals on digital services as a result of lockdown restrictions.
In the session, it was revealed that online shopping fraud has risen by 55% compared to 2019 due to the substantial rise in eCommerce and home deliveries during the pandemic.
Additionally, since June, 2500 instances of COVID-19-related fraud have been reported, with losses totalling £7m. Other data highlighted in the discussion included a 35% increase in dating fraud, as more people turn to dating apps, and a 16% rise in courier fraud.
The panellists were David Emm, principal security researcher at Kaspersky, Claire Hatcher, global head of fraud prevention solutions at Kaspersky and detective superintendent Neil Jones of Greater Manchester Police in the UK.
As well as much greater use of the internet, the ongoing nature of the crisis and its health, economic and social implications has provided a unique opportunity for fraudsters to scam and trick people. Emm noted: “Consider Valentine’s Day, Black Friday, the Olympics, the World Cup; they are ‘here today, gone tomorrow’ topics that cyber-criminals can latch onto.
“Frankly, who in the world is not keenly interested in what’s going on with this pandemic? Everybody is, and therefore, fraudsters have a persistent topic that they can milk, week after week. It’s made people even more vulnerable than seasonal events.”
While attacks have primarily revolved around COVID-19 themes, the actual tactics used haven’t been especially novel; just increased and more targeted. Hatcher said: “It’s always a process of, get in through phishing, download some malware, then exploit the human aspect of social engineering to use those credentials. Essentially, the newness is just the context. The attack itself is the same one re-envisaged in the new world we live in, but naturally it has increased a lot, because we are more susceptible now.”
In regard to organizations protecting themselves effectively at this time, doubling down on already established best practices is critical, especially for those without the resources to invest in the most sophisticated cybersecurity software.
Emm added: “Many organizations are going to read about these threats and think, ‘oh my goodness, what can we do?’ Sometimes, it’s the basic things. Protecting all devices, including mobiles – updating them and backing up data. Just trying to give staff some basic information about not replying to unsolicited texts, using unique passwords and using a password manager helps.”