Beware of cyber fraud when working from home

There has been a sharp spike in the number of phishing and smishing attacks since the outbreak of the coronavirus, with many of us working from home exercising less vigilance and without the normal firewalls and cybersecurity measures found in the workplace.

Internet fraudsters are creating new phishing and smishing scams every day to make a quick buck from the fear and uncertainty surrounding the Covid-19 pandemic, according to a media release issued by CM.com. 

“With so many people working, shopping, and communicating online, fraudsters are seeking to benefit from any possible lack in online security. 

“One trick is to impersonate the World Health Organisation to solicit fraudulent donations or distribute malware. Another is to capitalise on government stimulus packages and imitate government institutions to scam small businesses.”

The release says that Gmail blocks more than 100 million phishing emails every day and that in the first week of April 2020, Google reported 18 million daily malware and phishing emails related to Covid-19. This was in addition to more than 240 million Covid-related daily spam messages.

“With many consumers now being forced to shop online, cybercriminals are taking advantage of this by sending fraudulent shipping alert text messages. These SMS messages, which appear to be from major carriers such as UPS, Amazon, etc., contain a fake tracking number and link that directs the target to update delivery preferences, while also requesting credit card information.”

According to a podcast produced by law firm Webber Wentzel, cybercrime surged by 33% in the first 100 days of the coronavirus pandemic and in February and March there was a 46% increase in spam and 385% growth in malware in sub-Saharan Africa.

The heightened threat calls for a heightened sense of vigilance when dealing with emails and SMSes, especially from unknown contacts or sources. 

James Bayhack, the director of sub-Saharan Africa at mobile mobile messaging and payment company CM.com, says phishing is still one of the most effective methods that attackers use to compromise accounts.

Phishing emails often encourage you to log on to what seems to be your online banking portal or credit facility. You enter your login details on the fake portal and afterwards the scammers use your credentials to raid your bank account. 

Smishing is phishing via SMS, Bayhack says. The SMS is made to look like it’s from your bank or another recognised institution, but in fact it comes from a person. A link to a fraudulent portal in the SMS does the same as the link in a phishing message, only via your phone. 

“Smishing works when scammers send a phone number in a text message or SMS. If the victim calls the number and gives away private information, this can also cost [you] a lot of money,” he says.

Bayhack says some of the obvious tell-tale signs of a fraudulent message include:

• A message from an 11-digit number. A normal phone number consists of 10 digits. If the SMS comes from an 11-digit number, it’s likely to be a scam;
• If an SMS asks you to send money to any specific account; 
• If it seems too good to be true, it probably is. SMS scams often involve news that you’ve won some type of prize or sum of cash. You may even be asked to click on a link to claim the prize. Don’t do it; and
• Requests for donations through government departments. If you receive an SMS like this, don’t respond. 

He says that another way to limit the risk of getting caught by a fraudster is by adding two-factor authentication to online transactions. 

“This means adding a level of authentication whenever granting access to secured online environments. 

“By adding a second level of authentication on top of just a username and password, the chances of sensitive information falling into the wrong hands are limited.” 

This means you will also need to add, for example, a one-time password (OTP) to validate your identity. A OTP​ is a string of characters or numbers automatically generated to be used for one single login attempt. OTPs can be sent to your phone via SMS or voice, he says.

In addition, always keep these general cybersecurity tips in mind to prevent smishing and other cyberthreats:

• Be careful with links and phone numbers in text messages;
• Make sure you report to your bank any unusual transactions; and
• Remember that banks will never send you a text message with a link to log in for online and mobile banking or ask you to reply with sensitive information. When in doubt, always contact your bank directly.