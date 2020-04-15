When we were heading into the throes of the pandemic, hearing about stay-at-home orders before being subject to them, and just trying to make sense of how quickly and severely coronavirus was spanning the globe, I compounded your fears. My business, as it were, is to link principles of information security, cybersecurity, privacy, and such to your everyday world. To that end early on in this I began learning and sharing about how, as per usual, the bad guys were exploiting society's vulnerabilities. I wrote about the nearly instantaneous scams that popped up. We were (are still) getting emails from nefarious actors purporting to put us on a COVID-19 testing register. Or the ones that included links that looked to be taking you to helpful CDC information. Or others that appeared to come from the World Health Organization. All of those turned out to be half phoney and half baloney, and those of you who followed the links or otherwise took the bait suffered.
It wasn't lost on me, and is even more evident now, that not only were we operating amidst the confusion of a pandemic--insert your favorite media phrase, here, such as "unprecedented times" or "uncharted waters"--but also soaked up added issues along these lines. If your laptop or other device was debilitated due to hackers, and you're like me, that might have been your only connection to the world once the stay put orders came into action. By now, we're all enveloped in this and maybe you, again like me, must rely on that connection. It's more than just work, as I'm lucky enough to still be working, that's at risk if my computer or phone gets bricked because of a cyberattack. One example of the importance of the being able to connect outside of work came to this household just a couple days ago when, for the first time that I can remember, the Zuger Clan celebrated Easter "together" via Google Meets. Maybe you've done this at-home video conferencing too, whether it was Google, Zoom, or other semi-glitchy channels. Losing your device in the face of stay-at-home, and atop the already unprecedented way we're living, may be the last straw.
Earlier I also wrote about the bad guys taking advantage of the fact that so many have traded in their well-funded, well-researched and -tested employers' IT solutions for the stay-at-home version. More risk. The network, en masse, and surely our home network solutions plucked off the shelves and tossed into a cart with deodorant, Pringles, and milk (not toilet paper, of course) weren't made for this. No, it's the cache of workplaces that have the best internet connections wired to them. It's the server room with dedicated firewall hardware that protects the sensitive work data you process.
There were and are many other angles that crafty cyber-criminals have taken, including some of the most heinous and immoral such as peddling fake COVID-19 tests online, and adding insult by nabbing your personal and financial information to sell on the dark web. There's an age-old sentiment about the criminal enterprise, which no reasonable person can deny. If they'd simply apply their entrepreneurship, craftiness, problem-solving and other efforts toward the common good…. But alas. Try to convince the con to change her or his way, eh.
That's why the next evolution of coronavirus inspired fraud and crime wasn't a great surprise, to me at least. The administration has been throwing everything at this including economic relief. Part of that, as you know, is en route to you! The Treasury is passing out cold, hard cash in the spirit of economic stimulus. Millions more are filing for unemployment benefits, which generally have been made more abundant these days. Lo and behold, cyber-thieves! Two more avenues from which to squeeze ill-gotten gains.
Around $2 trillion in aid and relief has come into play for businesses and individuals. We were treated to similar emergency relief after the recession of 2008 and 2009, but these techie thieves have evolved greatly since. And, the computing hardware, likewise, is much more advanced.
Ten years ago it would've taken a great deal of computing power and ingenuity to crack complex passwords. Now, the advanced algorithms push the power of the computer into overdrive to test billions of combinations and permutations of characters before - Bingo! - one hits. What used to take, in cybersecurity parlance, "brute force" to uproot a password now only takes force. We users, as you know quite personally, have not been evolving our passwords' strength and complexity in lock-step. "Password1234" is still one of the most widely used (shaking his head).
You'll be getting, or already have, an email, for example, appearing at first glance to be from the IRS. It'll give you the "opportunity" to quickly receive the relief funding by "clicking this link" to input your bank's routing number and your account number. You may have read early predictions that stimulus money may take until August, so the temptation will be real. Or, you'll get one from (not) the Kentucky Electronic Workplace for Employment Services to help you along the unemployment process; help you, to help the criminal that is.
These worst-of-the-predators are double dipping, to boot, because after they snag your stimulus or unemployment dollars they'll turn your personal and banking information over to the wolves in the dark web. Sure enough, the first strike is derailing your $1,200 stimulus check and then they'll grab a few crumbs, comparatively, by selling a virtual roster of their victims to other fraudsters online.
What to do. The phrase that comes to mind is "trust but verify." I can't, here, illustrate every scenario, but that spirit should be at work throughout. At the base, you can always simply call the office that sent the email. Unless, that is, your iPhone got hacked along the way.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
Commented
Sorry, there are no recent results for popular commented articles.