Cyber criminals using covid situation as bait: Dr Muktesh Chander

NEW DELHI/PANAJI: With a large number of population surfing the internet on subjects related to coronavirus, cyber criminals are taking advantage of this unusual situation and setting up Covid-19 as targeted bait for duping net users.

“A large number of domain names, with Corona as a theme, have surfaced. Several of them are malicious and visiting them is likely to infect your computer or device. One such site, coronavirus.app.site, claims to be a real time tracker of the virus and tempts you to down load App which is actually a ransomware named CovidLock,” Special Commissioner of Police (CP) - Operations, Delhi Police and former Director general of Police (DGP) Goa Dr Muktesh Chander said.

Once the phone is locked, CovidLock asks for $100 in Bitcoins to be paid in 48 hours. A number of malicious mobile applications have appeared which, in the name of giving you advice or track Corona virus, are reading all the contents on your phone.

“Fictitious UPI handles have appeared, soliciting donation on the pretext of helping Corona victims.  There is sharp increase in spear phishing e-mail attacks, with Corona as content, and often the sender impersonates as government/health authorities. Opening of any attachment in these e-mails leads to malware infection,” Special CP (Ops) Dr Chander said

SMSes falsely notifying that “someone who came in contact with you tested positive. Click link below for details”, have been received and clicking the link leads to infection of mobile device. Trojan virus Cerberus gets installed through unsuspecting SMS message, with a link to provide Covid-19 updates.

“Once clicked, it installs malware to steal financial information from mobile phone.  KYC verification frauds have also become rampant in which the SMS message or the caller, on the pretext of on-line KYC verification, lures you into revealing details of your credit card/debit card, siphoning off money in your account,” the former Goa DGP said.

Fake messages of income tax rebate/refund in view of Corona have also come to notice. Work from home requires people to use their own devices, networks etc. many of which are unprotected, or infected, weakening the whole chain of cyber security. Interpol, CBI, CERT-In and various other agencies have been issuing specific advisories to guard against cyber crimes in this difficult time.

“A large number of domain names, with Corona as a theme, have surfaced. Several of them are malicious and is likely to infect your computer or device. " - Dr Muktesh Chander, Special CP (Operations), Delhi Police

#WashYourCyberHands measures to follow:

• Use a strong password along with two factor authentication.
• Use different passwords for different accounts and change them periodically.
• Do not allow browsers/mobile devices to remember passwords.
• Do not reveal your password, debit/credit card PIN/CVV details
• Do not download attachments in unsolicited e-mail from suspicious/ unknown sources.
• Do not use free Wi-Fi to carry out e-commerce or e-banking.
• Use VPN for connecting to your organisation network while working from home.
• Do not install remote access software on your computer or mobile.
• Beware of fraudulent people offering on-line sale of face masks, sanitizers, medicine etc.
• Take Covid-19 updates and tips from official sites only.
• Subscribe to @CyberDost Twitter handle for cyber safety awareness.