In the first half of 2020, while countries are fighting against the pandemic, online crimes have increased dramatically worldwide. According to the World Health Organization (WHO) “since the start of the COVID-19 pandemic, WHO has seen a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large. The number of cyberattacks is now more than five times the number directed at the Organization in the same period last year.”
In a public service announcement, the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) warned the public that hackers are taking advantage of the pandemic to exploit virtual environments. The IC3 announcement added that “in recent weeks, cyber actors have engaged in phishing campaigns against first responders, launched DDoS attacks against government agencies, deployed ransomware at medical facilities, and created fake COVID-19 websites that quietly download malware to victim devices. Based on recent trends, the FBI assesses these same groups will target businesses and individuals working from home via telework software vulnerabilities, education technology platforms, and new Business Email Compromise schemes.”
In the Philippines, cybersecurity groups and organizations issued warnings that malicious individuals could exploit internet-connected systems while people are working from home. “There are signs that malicious actors are taking advantage of the situation,” said Christian Angel, Manila Bulletin’s cybersecurity consultant. Cyber Security PH-CERT also issued multiple warnings about securing not only servers but also personal identity and safety in the midst of the Covid-19 pandemic. The group warned that clicking links sent to your social media messengers, chat apps, SMS, and emails could put your personal information and bank accounts at risk. They also warned about the need to secure business social media accounts. “The real effect of social media account breach be it Facebook, Twitter or any other platform in businesses could include damage to brand reputation, regulatory fines, and customer distrust”. In a Facebook post, the group said to stop hackers from taking over your accounts, you need to make sure that you’re using proper password management and multi-factor authentication.
One month after the Enhanced Community Quarantine (ECQ) was declared, the Inter-Agency Task Force for the Management of Emerging Infectious Diseases (IATF-EID), “advised individuals who opt to make transactions online during ECQ to be cautious against scammers”. The agency said cybercriminals are taking advantage of the enhanced community quarantine (ECQ) by perpetrating unlawful acts such as phishing and other scams.
Just recently, scammers impersonating Bank of the Philippine Islands in emails have targeted the general public in order to get login credentials to take over accounts. BDO clients were also targeted with phishing attempts where the scammers sent emails with malicious links pointing to fake BDO online banking portal. These recent incidents prompted Smart/PLDT to reiterate its advisory to users to be careful when dealing with emails that contain links. In an advisory addressed to its users, Smart/PLDT said “Phishing emails contain malicious links that when clicked, will direct users to fake log-in pages that ask for account details like email addresses and passwords. These emails work to harvest user credentials and use them for illicit purposes. If you suspect to have received phishing emails, make sure to neither click on links provided, nor share your account credentials. In case you have provided your credentials, please reset your account password immediately.”