5 things to do this week
April 22, 2020
Omantel’s eFloos enables easy money transfers
April 23, 2020

Beware of cyber crime during COVID-19

By Hubert Vaz

There has been a rise of electronic fraud and cyber phishing in the name of COVID-19, says Haitham Hilal al Hajri, Cyber Security researcher and expert in Oman who is keeping a close watch on cyber crime during the current pandemic. “Beware, don’t get deceived or deprived of privacy,” he warns people in Oman.

Hajri cautions, that during the COVID-19 pandemic, society is encouraged to stay up-to-date on developments and official government  announcements in relation to the latest action plans to contain and control the spread of the pandemic. However, cyber criminals have spared no time to leverage such a situation for their own benefit and one must beware of this.

“Cyber criminals are exploiting the COVID-19 pandemic through the deployment of specially crafted electronic and digital phishing campaigns to attack those who are not familiar with technology. Phishing refers to a technique used by cyber criminals to exploit an individual’s incompetency of technology to exploit the victim,” he cautions. 

Explaining further, Hajri told TheWeek, that cyber criminals design emails, texts, social media posts, etc aimed at tricking victims into taking some destructive set of actions. They might offer official discounts or subsidies from government or private establishments such as banks/telecom operators in a bid to deceive people into sharing personal information or getting cheated.

“Methods used can vary, depending on the target nature. Phishing campaigns  pose as legitimate public announcements by medical or health organisations, news feeds, official applications or false advertisements and fake promotional offers, all aimed at stealing a victim’s personal information and violating his/her privacy, “

Hajri explained.

For example, via electronic means, people can be urged to click on a malicious hyperactive link that will result in downloading rigged applications or violating a victim’s privacy by obtaining and sharing sensitive and private information. Organisational employee’s phishing campaigns may vary from consumer phishing attempts, although they share similar attributes, and customisation is doneto make it a more credible and attractive bait, he asserts.

Hajri further points out, that in order to facilitate ease of work from home (remotely) the Telecommunication Regularity Authority (TRA) has lifted the ban on a number of VoIP applications such as (Skype for Business applications, the Google Meet app, the Zoom application, and video communications WebEx). However, cyber criminals have wasted no time to target those popular on high demand applications.

The most poplar methods employed is through the spread of malicious software or script intentionally designed to cause damage in many forms such as viruses, Trojan horses, ransomware, spyware, adware, and scareware. 

During the pandemic, many schools have started ‘online education’ classes. However, that has opened a new threat and risk opportunities for cyber criminals to take advantage of.   Threats such as Cyber Phishing Voice Tapping, Impersonation, Interception and Call Hijacking are just a few to mention. 

Recently, a new cyber-attack known as ‘Zoom-Bombing’, has surfaced. It is a terminology associated with the conferencing application Zoom, which is being widely used by adults and students because of its easy-to-use interface and functionality.  Allowing teachers and co-workers to host up to 100 participants per session (even more, if you purchase a license), Zoom Bombing can be illustrated by the ability of a malicious actor to intrude on an ongoing meeting without pre-invitation, consequently causing disruption and violation of privacy. 

Hence, users of various online application should be vigilant and informed of the potential security threats and risks targeting computers and smartphones and communication devices, Hajri cautions.

How to stay safe 

One of the most common methods used by cyber criminals is to attach a malicious document or hyperlinks, within emails or web posts across social media networks. There are best practices to follow in order to ensure a safe experience online, as follows:

  • Do not (Activate/Open) any attachments or links you are not expecting.
  • Do not share personal information over direct text links.
  • Contact the (sender/entity) via official and verified means.
  • Invest on using a reputable malware protection application.
  • Do not recirculate offers/links to your contacts  

How to report spam 

  • Individuals can report spam via numerous channels, depends on the type of spam. For example, if one gets a spam text from someone pretending to be a financial institute, that financial institute should be informed and the number of the spammer should be reported to the telecom authority. 
  • If the spam text is pretending to be an international (outlet or services provider) such an e-commerce website, the outlet should be alerted to such attempt, in order to take proper measures.