With governments increasingly looking to use contact tracing apps to help contain COVID-19, such initiatives are likely to spark a surge in new cyber scams.
When contact tracing apps were first introduced last April, Bluetooth attacks occurred on Android phones. Using unpatched vulnerabilities, hackers were able to breach devices within the vicinity and access the user’s personal data. While this particular vulnerability has since been fixed, there is no guarantee that Bluetooth and its implementations are free from future vulnerabilities.
More recently, new scams have arose in the UK with SMS phishing. An SMS phishing campaign is telling people they’ve come into contact with someone who’s contracted COVID-19. The message will read something along the lines of “Someone who came in contact with you tested positive or has shown symptoms for Covid-19 & recommends you self-isolate/get tested”. The text message contains a link to a website with an intent to scare recipients into handing over their personal information. The scammers will use “credential stuffing” to attempt of identity theft or accessing financial information.
You may ask, “If I click on a scam link in a text message by accident or on purpose, what do I do?” Most times, simply clicking on the link will not put you at risk. The danger occurs when you enter your personal information or download a malicious app. Always remember to:
- Be vigilant where you enter credentials online.
- Utilize unique passwords across all websites and apps to ensure that if one password is compromised, all other accounts will remain safe.
- Do your research when downloading apps to your phone. Make sure they are from a credible third party.
As technology and science continue to evolve amidst the pandemic, more scams are likely to arise. People are more likely to pay attention to these scams since they take advantage of plausible scenarios that could happen to anyone. The scams are even more compelling because people are concerned about their health and the safety of their loved ones. It is important to regularly engage your employees in security awareness training to educate them on any new scams that could likely target them.
Are your employees likely to fall victim to a scam like this and accidentally put your company data at risk? Test your employees with our mock phishing test and get the measurable results you need. https://kybersecure.com/phishing-test/