Are We Facing A COVID Cybercrime Virus?

Cyber criminals are on a relentless pursuit—to be increasingly creative and take advantage of even the slightest drop of our guard as we spend longer periods online than ever during these pandemic days. They are finding their ways to use our fears, distractions, and intense focus on our or our family’s health and hygiene to hit us with their virtual attacks. They are feeding on the vast spread of digital information circulating on online platforms in the wake of social distancing and working from home imposed due to the onslaught of the COVID-19 pandemic.

The FBI says cybercrime reports have quadrupled during the COVID-19 pandemic. Fraudulent internet domains, COVID charities, delivery of masks and other equipment, and grant of easy loans are some of the ways they are using to extort money from you.

Unfortunately, the healthcare sector is at the top of the target list of cybercriminals. More hospitals, research hubs and medical centres are being hit by organised cybercrime units. Some examples of cybercrime creativity include mimicking a real map of the global locations of COVID-19 infections and getting users to download the malware before stealing their personal data. Or creating an app that pretends to give users a way to find nearby COVID-19 patients and track the virus’s spread across the world—installing this app locks the device and users and then asked for a $250 ransom in bitcoin.

Many organisations and countries have raised these concerns. In fact, even the World Health Organization (WHO) highlighted the hacking attempts against its own computer systems and its partners. The Paris AP-HP hospital, too, was the target of a failed cyber-attack. Attacks have been attempted on hospitals and medical centres in Spain and the UK’s Hammersmith Medicines Research (HMR), and many more.

What about the GCC and UAE in particular?

Trend Micro, an international cybersecurity and defence firm, said it had detected 1,541 Covid-19 attacks in the UAE, including 775 malware threats, 621 email spam attacks and 145 URL attacks during March this year. Across the GCC, the figure was 3,067 over the same period.

“While the GCC countries are bringing COVID-19 coronavirus under control from a public health standpoint, cyber-attacks show that organisations need to do more to tighten their cyber security solutions and processes,” said Moataz Bin Ali, vice-president of Trend Micro in the Middle East and North Africa.

The Central Bank of the UAE has cautioned bank customers of potentially fraudulent activities using its name. “Fraudsters always look for opportunities to target consumers and as public is engaged with COVID-19 pandemic news, fraudsters are using different tactics to increase fraudulent activities on banking customers,” the bank warned.

Emirates, too, is facing a spike in cybercrime complaints. With most of its flights either put on hold or cancelled, and travellers struggling to seek refunds, the airline has witnessed an alarming surge in scams related to its services. Emirates alerted its customers not to respond to scams offering refunds for cancelled flights. In a statement on its website, Emirates confirmed that they are aware of phishing attacks that contain the subject headline, “Your flight is cancelled: collect your refund.”

What should be done?

Cyber security measures should continue, but in a stricter and more proactive manner, with enhanced due diligence, especially in the supply chains of the health sector. Also, strong partnerships, whether national or public-private, should be forged to fight these crimes. Some important partnerships have been established across the UAE for this purpose.

#TogetherAgainstFraud is a joint initiative of the UAE Banks Federation (UBF), the Central Bank of the UAE, Abu Dhabi Police and Dubai Police. This is the country’s first national fraud awareness campaign that aims to educate and protect consumers from financial cybercrime and fraud, particularly considering the increased use of digital banking services during the COVID-19 pandemic. UBF also launched a micro-website where customers can report fraudulent activity.

The Central Bank of the UAE, the Dubai Financial Services Authority of Dubai International Financial Centre, the Financial Services Regulatory Authority of Abu Dhabi Global Market, the Securities and Commodities Authority, the Insurance Authority (IA) and the ministries of Justice and of Economy have also jointly issued guidance (in line with FATF guidelines) on the treatment of financial crime risks and obligations in the context of the ongoing COVID-19 crisis. It highlighted the importance of applying a risk-based approach and monitoring business relationships for criminal activities including financial fraud and exploitation scams like illicit fundraising and phishing schemes.

In addition to this, the FBI highlighted some warning signs to be considered globally like the use of urgency and last-minute changes in wire instructions and/or recipient account information, also in established communication platforms or email account addresses. Another warning sign is communication only via emails and refusal to communicate over phone. The same goes for requests for advanced payment of services when not previously required, and requests from employees to change direct deposit information.

The panic and fear of COVID-19 is throwing us into another level of danger. We must keep in mind that having the best cyber security technology is not enough, as these pandemic times are throwing bigger challenges to our online systems. Individuals, public and private organizations, all must collaborate to build an impenetrable digital shield around us.