Covid lockdown… a scammers paradise

With covid returning for a visit to the Hunter Region and many now working from home, it is as important as ever to consider your cyber security. Increased screen time, particularly arising out of working from home arrangements or more online browsing can open opportunities for scammers and hackers to infiltrate your computer systems, putting your private information at risk. Further, we are seeing new and inventive ways that hackers are attempting to gain access to private computer networks, some of which appear to be inspired specifically by communication protocols put in place to deal with work from home arrangements. 

So how do we prevent this sort of breach?

Unfortunately, there is no full proof, one-step solution to completely eliminate the risk of hacking. However if you are in the midst of a lockdown and increasing your online activity, there are steps you can take to boost your cyber security. Steps such as implementing antivirus protection, securing virtual private networks (VPN’s) and use of multi-factor authentication provide some baseline protection against lower-level attacks and should certainly be implemented where feasible. However the value in cyber security awareness cannot be underestimated.

When it comes to cyber security awareness, it’s difficult to be on the lookout without knowing what exactly you are on the lookout for. Hackers are getting very sneaky and have methods of infiltrating a victim’s computer systems without being immediately detected. For example, once in, hackers will often sit and watch your emails for an average of between 180 and 280 days to observe your style of language and who you deal with before taking any action so they can more accurately impersonate you and remain undetected for longer. With this in mind, some common red flags to be conscious of include:

  1. 1. Suspicious attachments or links

One of the most common ways of infiltrating a person’s computer system or emails is by having the target open a link or email attachment. Receiving an attachment or link lacking context should be a red flag that the email may be a scam. If uncertain, always try to touch base with the sender’s organisation (using independently obtained contact details) to confirm it was from them and is safe to open.

  1. 2. Requisition of sensitive information unexpectedly

It is rare that an organisation will ever request sensitive information via email and even more so if it is without a prior conversation. As a general rule, never provide credit card information, passwords or other private information via email.

  1. 3. Emails that create a sense of urgency

Scammers take advantage of situations which cause communal panic and will rely on people being rushed and/or panicked and as a result, less vigilant of the warning signs. This is something we saw during the recent lockdown across NSW. Be sure that even when rushing, you are reading the details of each email carefully.

  1. 4. Poorly written emails

Many scam emails are not well-written. Keep a look out not only for simple typos, but also emails that are grammatically incoherent or read as though they could be copy and pasted from a template, with your details inserted where relevant.

  1. 5. The sender’s email address, not just their display name

Scammers often choose their display name to mirror a known party of the hacking victim and may set up a similar but not identical email address. Check actual email addresses, don’t rely on display name only. Also watch out for “.co” instead of “.com” or more hidden differences such as a capital I instead of a lower-case L or two v’s together (“vv”) instead of “w” in an email address.

Keeping the above points in mind when reviewing suspicious emails can make a hacker’s job much harder and significantly reduce your risk of falling victim of a scam. In saying this, ultimately we must ‘proceed with caution’ and be ready to face new, unexpected threats as the risks to our cybersecurity are ever-growing.

To keep up to date with current cyber security threats visit the Australian Cyber Security Centre and take the time to refresh your education and cyber alertness yourself on a regular basis.