#Cyber #Scam in the days of #Coronavirus & #Lockdown:
A) The only place to look for information on Corona-virus is Govt websites:
It has a dashboard, helplines, Tips and guidelines, etc.
If you wish to see global data, this is the best I have come across:
Sorting feature is amazing.
DO NOT: Please do not click on a random link to get more information. Many of these sites are downloading malware to your mobile or laptop. The same can be said about RANDOM APPS which can be downloaded to give you information on COVID19. It locks your screen and asks for bitcoin.
A detailed analysis of COVID Mobile App Ransomware can be found here along with the website names/app names - https://
B) Other types of scam -
1. Phishing emails asking for donations along with PayPal, QR code, etc
2. Distress email asking for money from your relatives staying abroad (they are profiling from social media)
3. WhatsApp videos & images with embedded malware, which you are further forwarding and infecting your friends.
4. Scammers are offering to sell fake cures, vaccines, masks and advice on unproven treatments for COVID-19
5. Scammers are also contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment.
6. Scammers are offering online promotions on various platforms, including social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure #COVID-19, and that the stock of these companies will dramatically increase in value as a result. These promotions are often styled as “research reports,” make predictions of a specific “target price,” and relate to microcap stocks or low-priced stocks issued by the smallest of companies with limited publicly available information.
DO NOT: If you donate, please donate at PM or CM funds or known NGO. Do not do the random donation. You may be walking into a trap which is collecting your Credit Card Details, Name, Expiry Month & year, CVV. With this information they can make any purchase on a foreign eCommerce site without PIN or OTP.
Care fund for PM is pmcares@sbi, while the fake one circulating on the internet is pmcare@sbi (missing "s").
DO not click on every link or video or image. Do not forward them. 2 mins of fun can drain all your savings if you are using the same mobile for mobile banking or PayTM.
C) WORK FROM HOME: Companies have till now invested mostly to strengthen their office with firewall, Backup, Patch Management, etc. Most of the MSME is not ready to face cybersecurity threats for the remote worker. There is no firewall, employees are using their own devices which are unprotected, a backup can only be on the cloud, the network is unprotected without full tunnel VPN, software codes can be downloaded to their machines, etc. In a few cases, the employees have shifted to their native places which are so remote that they may not have uninterrupted electricity or internet during office hours (read BPO).
In such cases, companies should now adopt -
1. Strong BYOD, CYOD (choose your own device) policy, teleworking policy.
2. Remote desktop is a good concept to adopt, where entire work is done on AWS or Azure cloud server, without employee able to download anything into their desktop.
3. Backup should be on cloud
4. The endpoint should have strong AV & latest patch so that key-loggers or Trojans are well detected.
5. Entire communication should be on VPN to avoid interception or sniffing.
6. Use technologies like Office 365, Teams, Gsuite, GotoMeeting for enhanced productivity. All these tools have equivalent open-source tools which can help to reduce cost.
7. Employee monitoring tools available in the market can enhance both security and productivity.
8. Awareness should be given to employees as they are on their own. Now self-awareness can only keep them secured rather than office monitoring.
9. Companies must explore & proactively use multichannel options for communication for both internal staff and external customers (Twitter, Whats-app, Newsletters, etc).
10. Companies must know the vulnerabilities of tools which they are forced to use. For example, Zoom is affected by a critical security bug, which needs to be patched immediately.
11. The company should implement BCMS (Business Continuity Management system) and get certified for ISO 22301. That will do a health check of the companies readiness against outages - IT, Vendor, People, Infrastructure. ISO 22301 is becoming increasingly popular over the last 2 years.
What is the remote working tool that you have chosen? I have listed the security vulnerabilities in popular remote working tools.
Zoom - https://
GotoMeeting - https://
Microsoft Teams - https://cve.mitre.org/
Skype for Business - https://
Cisco Webex - https://
Nasscom has published a good practice guideline, which can be found here - http://chimpzlab.tech/
Some COVID related articles on our AIITA website blog -
Please share with others for a SECURED Digital India !!
#covid19 #covidinindia #coronavirusscam #Hackers #coronavirusinindia #covid19 #aiita #aiitacomputertrainingcentre #aiitakolkata #aiitabehala