BioCatch has released a lengthy primer that details some of the social engineering attacks that people may encounter during the COVID-19 pandemic. The company notes that fraudsters have already developed several new schemes to prey on people’s fears about the coronavirus, citing research that shows that 71 percent of security professionals have noticed an uptick in cyberattacks since the beginning of the outbreak.
Many of those schemes are explicitly designed to take advantage of the current news cycle. For example, fraudsters have impersonated trusted sources like the World Health Organization and Johns Hopkins University to send emails that claim to contain important public health information about the virus. In truth, the attachments in those emails contain malware that fraudsters can use to harvest personal information once the attachment is opened.
In many cases, that malware is embedded in a file that otherwise seems to be legitimate, such as a map that tracks the spread of COVID-19 in a specific area. The veneer of authenticity makes the scam more difficult to spot. BioCatch warns that more than 1,400 COVID-related domain names have been registered in the past three months, and it is likely that a sizeable percentage of those domains belong to people who plan to use them to support social engineering attacks.
Of course, social engineering attacks can take many forms, ranging from simple phishing schemes to more elaborate remote access attacks, which may be harder to spot due to the increase in remote work during the pandemic. BioCatch argues that behavioral biometrics is an effective tool in either case, since it is able to detect anomalous activity across multiple channels. However, many systems may need to be recalibrated to account for recent changes in behavior. That’s why BioCatch has advised everyone to be wary of any unsolicited requests for funds or personal information, especially if those requests come from unfamiliar sources.
April 13, 2020 – by Eric Weiss