By Kenneth Okereafor & Olajide Adebola
As the world battles to contain the novel coronavirus, which has so far affected 78,994 persons in 33 countries with a death toll of 2,470 as at February 23, 2020, internet fraudsters are also exploiting the desperation for information as a potential for cyber attack using social engineering and many other gimmicks. Due to the nature of the disease code-named COVID-19 by the World Health Organisation, WHO, there is so much anxiety over its spread and mode of infection.
As the world awaits a possible cure, every online information with an appendage of “coronavirus” tends to attract fast attention of internet users. As a result, cybercriminals are taking advantage of the fear and uncertainty surrounding the global health emergency to launch cyberattacks and distribute malicious software with the motive of stealing confidential data, disrupting digital operations and making illicit ransom money. So this piece analyses the impacts of COVID-19 panic on digital systems, the cyberspace and user privacy? They make recommendations for safer internet usage and privacy protection in the face of rising coronavirus-related online scams.
Coronaviruses,CoV, are a large family of viruses that cause illnesses ranging from the common cold to more severe diseases such as Middle East Respiratory Syndrome, MERS-CoV, and Severe Acute Respiratory Syndrome, SARS-CoV. The novel coronavirus (formally nCoV) which was officially renamed COVID-19 by WHO on February 11 is a new strain that has not been previously identified in humans. Coronaviruses are zoonotic in nature. This means that they are transmitted between animals and people through pathogens shared with wild or domestic animals.
Zoonotic diseases are naturally transmitted from animals to humans (or vice versa) either by the consumption of contaminated food and water, exposure to the pathogen during preparation, processing or by direct contact with infected animals or humans. Other examples of zoonotic diseases are Ebola virus disease and salmonellosis. The COVID-19 which was first spotted in Wuhan, China, in December 2019, has currently spread to 33 countries accounting for over 78,994 cases with a rising death toll of 2,470 cases, leaving 14% of the affected in serious/critical conditions. On January 30, 2020, WHO declared the coronavirus outbreak a public health emergency.
WHO’s declaration increased the global perspective of the disease and equally created greater apprehension, making anything that purports to relate to coronavirus a source of attention, as the world awaits the production of a vaccine or the discovery of a curative therapy. While the search is ongoing, cybercriminals are taking advantage of people’s desperation and fear to sell non-existing products, disseminate unsubstantiated claims and fake news and in the process steal valuable confidential data, using various malicious software (malware) to package their arsenal.
This paper examines how digital behaviours are changing as a result of the coronavirus outbreak. The paper reviews the economic importance of COVID-19 to cybercriminals, and discusses the human weaknesses which cybercriminals exploit to attract their victims. Social engineering, a common tactics used by internet fraudsters to attack digital systems and internet resources is also appraised. The paper makes recommendations on how to prevent, detect and respond to threats that tend to take advantage of the coronavirus panic to attack internet users and systems.
Effects of the virus on global digital behaviour
The outbreak of the coronavirus has a huge impact on digital behaviour of computer and internet users not only in the affected localities, but across the globe. On the global stage, authorities such as WHO and China’s National Health Commission, NHC, are using digital systems to send and receive information about the nature, trend and magnitude of infections, and educate the public on how to prevent transmissions. More and more organisations involved in cross-national business are utilising digital communication systems to pass bulk instructs and exchange ideas on what to do if infected.
Also, governments are using high speed telecommunications facilities to securely issue travel advice to their citizens home and abroad. In Wuhan for example, after the lockdown by the Chinese government, videos of nationals of other countries trapped in Wuhan started surfacing on the internet and social media platforms, necessitating governments to plan for evacuation of their citizens in record time.
At some point when face masks to prevent transmission was out of stock in some badly affected localities, authorities had to resort to the use of digital systems to locate countries where masks could be sourced and shipped from. With daily updates disseminated through digital systems and internet resources, people tend to access ready information hoping to know more about the coronavirus including claims by multiple sources that certain anti-malarial medications might have curative tendencies for treating COVID-19.
In addition to the use of drones to advice the public, Chinese authorities have released a mobile App that tracks people and alerts them if they have been in “close contact with someone infected” with the disease. The app uses WeChat, Chinese most popular messaging and social media platform, to allow users to submit their names, phone numbers and government-issued ID numbers to request information about whether they have been in close contact with anyone infected by the virus. They can also report and share up-to-date information on the disease.
Any justification for digital panic?
Knowing that such a deadly disease also causes despair and panic among people, the outbreak of COVID-19 has had its impact on the behaviours of digital consumers, particularly internet users. In the short term, users shall continue to rely heavily on digital resources while seeking for information to protect themselves and avoid travelling to places affected with the disease. This is will limit global trade, and affect commodity stocks and economic growth with a negative impact on individuals whose trades are directly affected.
Such people will continue to rely on the use of trustworthy digital systems to look out for the appropriate time when infections are under control, especially with China being an exporting nation of international reckon. Until such a time when a reasonable control of the coronavirus outbreak is achieved, or a vaccine to prevent future infections is discovered, the attitude towards the use of digital systems to better understand the situation will continue to increase.
Cybersecurity impact of the disease
Cybersecurity focuses on preventing unauthorised alteration of data and protecting users from falling prey to computer-based scams that threaten the confidentiality, integrity and availability of digital information on the internet and the entire cyberspace. The word coronavirus is perhaps one of the most searched words on the internet today, and the reason is obvious. A search engine is a software used to find data faster on the internet or a website using specific textual keywords to narrow the search.
Internet search engines are currently overwhelmed with keywords containing the strings corona, virus, coronavirus, COVID-19, China, Wuhan disease, and other related keywords. The desperation to access updated information related to the spread of the coronavirus leads to an increase in internet network traffic, and particularly a rise in the chances of spreading malicious codes in disguise of authentic coronavirus information.
A malicious code is the term used to describe any computer software/programme that is intended to cause undesirable effects, security breaches, privacy infringements, or damage to a system. A malicious code that successfully finds its way into a poorly protected computer system can lead to several detrimental outcomes including stealing confidential information, exposing sensitive and private financial data, spying on the user’s online transactions, or installing a number of other malicious codes that can be activated at a later date or to be triggered by certain specific occurrence such as logic bombs.
How cybercriminals take advantage of human weakness using coronavirus fear
The despair and anxiety exhibited by people in the face of seeking for coronavirus information also exposes inherent vulnerabilities that make humans easy targets of cybercrime. Just as computers and other digital assets exhibit vulnerabilities and weaknesses, human beings have weaknesses too that can be taken advantage of by cybercriminals and internet fraudsters to obtain sensitive information or to gain unauthorised access. The art of cleverly gathering sensitive and confidential information from a person by exploiting human weaknesses is known as social engineering.
It is a psychological exploitation which scammers use to skilfully manipulate humans and carry out emotional attacks on innocent people. Social engineering methods use psychological tricks to create deception, which in turn makes people to perform actions or divulge personal and corporate confidential information innocently. These deceptive methods remain a major global threat as more organisations digitise operations and increase connectivity through the internet and as more people rely on the internet for updated information on the coronavirus outbreak.
The term typically applies to trickery or deception for the purpose of information gathering, fraud, identity theft, or computer system access. Social engineering targets human vulnerabilities, weaknesses and flaws including anxiety, desperation, urgency, fear, loyalty, compassion, confusion, respect, honesty, persuasion, etc.
The social engineering aspect of the COVID-19 pertains to the exploitation of people’s fears of infection to spread dubious health advice, malware and other cyber threats. People are anxious to learn how to avoid contacting the virus as well as desperate for news of a possible containment of the spreading outbreak.
This anxiety leads to an unusual clinging to digital systems to know more about the situation. As a result, any message that carries the connotation of coronavirus receives easy attention including spam emails, fake websites and malicious attachments which internet fraudsters use as avenue to steal information through deception and falsehood.
Coronavirus spam emails and spear phishing
With social engineering, cyber criminals obtain confidential information from vulnerable victims and use such information to launch other attacks. A typical example of social engineering is phishing/spam email where an attacker sends a deceptive email to an unsuspecting target or a group with the intention of obtaining classified information such as login credentials, passwords and security codes.
In the case of the coronavirus, cybercriminals are currently using an advanced form of phishing called spear phishing usually targeted at chief executives of corporate entities or influential personalities. Spear phishing is a customised version of the phishing scam, where accurate profiles and details of the target recipient obtained through prior reconnaissance are smartly presented in the body of the email to make the correspondence appear real, authentic and believable.
A classic spear phishing scam would address the target in his correct official designation (e.g. The Chief Medical Officer), precise salutation (e.g. Dear Dr. Martins), and his exact designation/responsibilities. Coronavirus spam emails would address a victim in a tone that suggests familiarity, while offering a service or product that claims to have latest information on the disease. Often scammers construct spam emails using expressions and keywords that create a sense of urgency and fear, both of which are human vulnerabilities that facilitate social engineering attacks, to which humans are most vulnerable.
A malicious software (malware) is any software that has been deliberately designed to cause data loss, harmful or undesirable outcome, including unauthorised alteration. Cybercriminals are using emails that claim to originate from authorised public health facilities, with the malicious code embedded in an attachment such as a Microsoft Word or PDF document that purportedly contains instructional information and advice on safeguard and defence measures against contracting the coronavirus disease.
Majority of the cybersecurity gimmicks exploiting the coronavirus episode purport to offer updates and health information relevant to the global health emergency. A popular coronavirus-related malware is the Emotet, a banking trojan malware programme which secretly obtains financial information from victims by concealing and injecting a destructive computer code into an infected programme such as a Microsoft Word document, allowing sensitive data to be stolen in the process.
Such an attack could result in disclosure of confidential proprietary information and financial loss as well as disruption to operations and harm to corporate reputation. Undetected malware residing permanently in a system can become a perpetual source for spying and exporting confidential data from the victim’s computer to a remote malicious hacker. Such malware, also called an Advanced Persistent Threat, APT, would find easy distribution channel using coronavirus-related scams and deceitful web portals claiming to disseminate genuine COVID-19 information.
Fake coronavirus information websites and online portals
A fake or cloned website is a replica (or imitation copy) of the authentic website hosted by cybercriminals with the intention of misleading users and gathering confidential information that can later be used to steal data, alter financial information or disrupt digital operations. Fake commercial websites are springing up advertising products and services purportedly related to coronavirus spread, prevention and awareness, and compelling users to either make instant purchases, place orders online or subscribe to free COVID-19 information.
If a web portal portrays payment facilities, it is a good practice to inspect the website properly before initiating payment processes. The inspection of the website for genuineness of its payment features must observe the following recommendations and guidelines. They are essential for preventing, detecting and responding to cyber threats that particularly take advantage of coronavirus anxiety to distribute malware or steal confidential information. These guidelines are useful advice to help individual and corporate internet users to safeguard their online operations and protect digital assets from unauthorised access amid coronavirus scams and several other online threats.
Test commercial websites before making payments
*Look out for names and/or expressions on the website that do not completely reflect the identity or focus of the claimed entity you intend to pay to.
*Watch out and beware of excessive spelling mistakes and grammatical errors on the website. Inconsistent grammatical expressions are indicative of fakeness.
*Watch out for contradictory statements and ambiguous instructions within the website.
*Look out for instructions that imply a sense of urgency, particularly referring to a well-known critical incident such as the coronavirus outbreak.
*Be alert to ambiguous contact details displayed on the website, including unreachable phone numbers, wrong email addresses, untraceable physical addresses, misleading designations and many other details whose portrayals are suspicious.
Any, or a combination of these is enough to suspect the website, at which point the transaction must be aborted. Never supply your bank details to a suspicious website. Verify first by contacting a customer service personnel via phone or email where applicable.
Be vigilant with spam emails
Until this phase is over, every email with a string of coronavirus appendage should be handled with caution, as it could be a potential cybersecurity threat disguised as a genuine resource, more so if the email carries an attachment. Any email with a strange sender’s address, and sent to you as a blind copy (bcc) should be treated as suspicious. If the email carries a strange-looking or unsolicited attachment such a coronavirus information pack, latest COVID-19 statistics, etc, then the suspicion should increase.
All such suspicious emails should either be ignored or deleted. Never open a suspicious email or try to download its attachment except you are sure of the source and have a good antivirus software on your system.
Install effective anti-malware software
Anti-malware programmes, such as antivirus software, are software designed to identify contents that are potentially harmful to the computer, particularly those disguised as coronavirus resources. Having a functional anti-malware tool on all internet-connected devices is a good approach for users desirous of preventing malwares and averting their huge consequences. A good antivirus or anti-malware solution is able to apply an advanced detection mechanism to detect the most common strings of malicious codes and can take actions to protect systems and data.
Prior to choosing and installing an antivirus tool, users should take note of performance features, and support given by the antivirus software providers. It is also important to keep all antivirus software fully updated for maximum efficiency.
Maintain a good social engineering vigilance and cyber awareness
Social engineers usually take advantage of human weaknesses to obtain confidential information from unsuspecting victims. It is important for users to exhibit caution and calmness, and not allow their desperations and anxiety over the spreading coronavirus disease to dictate their online behaviours or to negatively influence their choices. With vigilance, some of the social engineering indicators can be detected from messages that ordinarily would appear innocent and genuine.
Avoid opening suspicious attachments
All attachments that do not appear normal either due to unrealistic size or clumsy display format should be ignored or deleted. Abnormal attachments include word documents with an .html extension, excessively large documents, and attachments sent to multiple recipients in a chain-like manner. These and other related indicators should be monitored closely and once a pattern is established, an appropriate response action should follow to forestall falling prey to cyberattacks using coronavirus information as bait.
Avoid clicking on questionable web addresses and URLs
A Uniform Resource Locator, URL, is the technical name for the address or identity of a website. To verify the authenticity of a suspicious web address, users are encouraged to carry out the hover test on any URL, or any referenced website address, before clicking to open. Simply place or hover the mouse pointer above the suspicious URL and look out for the display that pops up.
Confirm that the path displayed is similar to the purported web resource being referenced to. Any deviation in information content should be suspected and appropriate action should be taken, including aborting the operation.
Perform data backup as a routine
In the event of a cyber breach involving the successful implantation of a malicious code disguised as legitimate coronavirus information through a deceitful email attachment or fake website, a previous local or remote backup data becomes very handy to minimise the impact of data loss. As a precautionary measure, it is advisable to perform regular data backup of all internet-connected devices to forestall the possibility of huge data loss in case of a breach.
Verify information source
There is currently an overload of digitised information on the COVID-19 outbreak purporting to be genuine and credible, and so the need to obtain authentic information cannot be over-emphasised. A disease that comes with despair requires verification of information sources before an individual takes the wrong steps out of fear. Verifiable up-to-date information is available from health institutions at global, regional and national levels.
WHO maintains a web portal that offers courses on methods for detection, prevention, response and control of emerging respiratory viruses, including COVID-19. Similarly, the WHO website contains standard recommendations for the general public to reduce exposure to and transmission of a range of illnesses, e.g. to protect oneself and others from getting sick, and to stay healthy while travelling. Since not all information out there is factual and correct, consumers of digital services must know who to follow in the cyberspace and where to search for the right information about coronavirus on digital platforms.
Fine-tune digital readiness
It is very imperative to fine-tune surveillance and monitoring systems to ensure speedy contact-tracing in case the COVID-19 arrives. The use of Geographic Information System, GIS, resources in addition to data analytics tools can provide a view of the spread of the disease to help citizens avoid unnecessary visits to such places.
At the national level, a combination of multiple initiatives made up of contemporary messaging apps, cybersecurity technologies, data analytics tools, high-speed telecommunications and an informed digital consumer base makes the cyberspace ever ready to play a facilitating role in disseminating up-to-date authentic information on the spread and containment of the coronavirus disease.
The ability of the coronavirus to infect more people across many countries outside the epicentre of the outbreak makes the nature and magnitude of the virus peculiar in comparison with previous health emergencies of global dimension, such as the 2014 Ebola virus outbreak. With such peculiarities, it is only natural that humans will continue to display desperation for information leading to its control and eradication.
Even as countries struggle to curtail the spread of COVID-19, and drug makers work desperately to develop vaccines and therapies that could combat the new virus that is more contagious than SARS and could cost the global economy four times more than the about $40 billion gulped by the 2003 SARS outbreak, unfortunately cybercriminals are cashing in on human desperation to deceive internet users and distribute harmful software.
This desperation, which is premised on the fact that every available literature on the virus appears attractive to internet users, increases the chances of downloading adware, spyware, ransomware and other malicious software.
The panic and anxiety associated with the coronavirus have increased online vulnerabilities and ignited a wave of cyberattacks using social engineering as a tool, whereby cybercriminals are taking advantage of human fear and apprehension to distribute destructive codes in the guise of authentic coronavirus information and stealing confidential information in the process. Proper awareness is essential to distinguishing genuine information from those with malicious, misleading or false intent.
Notwithstanding the strength of security deployed to detect and prevent cyberattacks masquerading as candid online coronavirus information, it is important for digital users to have a plan for recovery from successful cyber breaches in order to minimise their impacts if they occur. Recovery plans are essentially anticipated through routine data backup strategy on all mobile and remote online systems, as is cyber awareness and adherence to safe digital ethics, particularly on mobile devices and internet applications.
Dr. Kenneth Okereafor, a Cybersecurity & Biometric specialist, and Dr. Olajide Adebola, Chair, National Technical and Mirror Committee on ISO/TC215 Health Informatics, Nigeria, write from Abuja.