Cyber attacks have forced multiple banks and financial institutions to warn their customers to protect their banking information against the EMI Moratorium Frauds.
To provide relief to borrowers facing financial crisis due to loss of income after economic activities came almost to a standstill following imposition of the nationwide lockdown to contain the spread of highly contagious Novel Coronavirus Covid-19, the Reserve Bank of India (RBI) has declared an EMI moratorium, which allows a borrower to postpone loan repayments for 3 months.
However, cyber attackers are now cashing in on the opportunity to defraud borrowers willing to take advantage of the moratorium. This has forced multiple banks and financial institutions to warn their customers to protect their banking information against the EMI Moratorium Frauds.
“A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money. The attacks use common phishing tactics that are seen regularly, however, a growing number of campaigns are using the Coronavirus as a lure to try to trick distracted users capitalise on the fear and uncertainty of their intended victims,” said Murali Urs, Country Manager, India of Barracuda Networks.
“Barracuda researchers have seen three main types of phishing attacks using Coronavirus COVID-19 themes — scamming, brand impersonation, and business email compromise. Of the Coronavirus-related attacks detected by Barracuda Sentinel through March 23, 54 per cent were scams, 34 per cent were brand impersonation attacks, 11 per cent were blackmail, and 1 per cent are business email compromise,” he added.
While phishing emails leveraging Coronavirus are new, Urs suggested that the below should be followed:
Be wary of any emails attempting to get users to open attachments or click links: Anti-malware and anti-phishing solutions can be especially helpful to prevent malicious emails and payloads from reaching intended recipients, but even with such protections in place caution should always be used since no solution catches everything.
Watch out for any communications claiming to be from sources that you normally would not receive emails from: These are likely phishing attempts. While receiving Coronavirus-related emails from legitimate distribution lists to which you belong is becoming common, emails from organisations that you do not regularly receive messages from should be scrutinised closely. For example, the CDC is not going to be sending out emails to anyone who doesn’t regularly receive emails from them already.
Use caution with emails from organisations you regularly communicate with: Brand impersonation is quite prevalent in coronavirus-related email attacks, so use caution opening emails with organisation from organisation you expect to hear from. This is especially true for those in the healthcare industry since it is being targeted by cyberattacks trying to capitalise on the pressure resulting from handling an influx coronavirus cases.
Find credible charities and donate directly: A common tactic for coronavirus-related scams is asking for donations to help those affected by the pandemic. To avoid falling victim to one of these attacks, don’t respond to email requests for donations. Instead, find credible charities helping with coronavirus efforts and donate directly through them to help ensure that funds end up where they can do good rather than in the hands of scammers. It’s also highly unlikely that any legitimate charities are taking donations through Bitcoin wallets, so seeing that in an email should be a red flag.
On the other hand, Rajesh Kumar, Director, Cybersecurity, Netrika Consulting India Pvt, Ltd suggested that following measures should be taken for online secure transaction:
The payment system is the most critical part of any online secure transaction. It’s the place where the money of both the entities is at stake – a buyer or a merchant.
Taking advantage of the global health crisis caused by the outbreak of novel Coronavirus, cybercriminals can use phishing and exploit users with their data and login credentials as well as distribute malware, trojans, backdoors for larger attacks.
The best and simplest way to protect from such cybercriminals is stay alert and vigilant of phishing emails, SMSs, messages from not an authentic source i.e., do not click/download everything you see and observe and/or use the already saved/used URLs to initiate any transaction.