Blog

StaySafe – but what does it actually mean?

March 2020

It’s rapidly becoming one of the most-used clichés, and for good reasons, but what does “StaySafe” actually mean for us and how can we do it?

IT-coronavirus-meme

 

Well obviously it means thorough hand-washing, social-distancing, self-isolating and for a great many of us, working from home. But ironically, working from home might just be one of the things that’s making us unsafe in an increasingly online world.

The scammers, hackers and general low-life scum that want to steal your personal information for personal gain have not been slow to exploit the new opportunities presented by a massively increased and vulnerable workforce that in many cases won’t necessarily have the same protection for their online devices that they do in the workplace.

So be prepared for new takes on old scams and keep your wits about you. Just yesterday I received an email which had as its subject an old password of mine that I used many years ago, so it grabbed my attention for that reason. Good trick eh?

I’d known for a long time that this particular password had been compromised as it was part of a breach by Adobe back in 2013, so I’d stopped using it. But having grabbed my attention like that I opened it and read it anyway, and what I read was quite chilling.

The sender claimed to know everything about me, saying he had hacked into my computer and installed a keylogger and now had access to all the sites I’d visited, all of my online contacts and all of my confidential usernames and passwords.

He was demanding $4000, non-negotiable, payable in bitcoin to an account nominated in his email. If I didn’t pay up he would ruin my life by faking porn videos of me and sending them to all my contacts among other things. If I didn’t believe him, I could just send a one-word reply to him and he’d prove he could do this by sending a video to just five of my contacts.

None of this was new of course, and I’ve had several such emails in the past, but this time he’d added a new coronavirus twist. He assured me that he could and would infect me and all my family with Covid-19 if I didn’t make the payment. This is one sick and twisted dude.

My point here is that we need to be extra vigilant about what could be a scam or an attempt to steal your personal data. The scammers are using your fears and anxieties about coronavirus/covid-19 to lure you into clicking links or opening documents that will probably infect your computer with malware.

Just look at these examples of recent phishing emails that have been sent:

coronavirus-scam-email-1 coronavirus-scam-email-2 coronavirus-scam-email-3

So all the old advice that you’ve heard a thousand times before still applies. Be on the lookout for fake emails claiming to come from your employer or sources that you might otherwise be inclined to trust, like the World Health Organisation or .gov.uk for example. There are usually some tell-tale clues like bad grammar or basic spelling mistakes, but that’s not always the case.

If an email or a website contains links, check the destination of the link before opening it. If it says it’s from .gov.uk and is linking to something ending in .ru or .ng for example, (or any of a thousand other dodgy domains) then it’s a fake. Don’t click it. Do a google search on the link if you’re not sure – something like “Is [clickmeimascam.ng] safe” will often reveal pretty much all you need to know. Hyperlink destinations usually appear if you just hover your mouse over the link without actually clicking it. If it doesn’t show when you hover, click your second mouse button on the link and choose “Copy Hyperlink” and then paste it into notepad or something before doing anything else.

Phishing scams don’t just come in emails and on websites. These days they’ll often be embedded in SMS, WhatsApp, Messenger and other popular messaging apps. Your friends, keen to share the latest amusing meme while they’re self-isolating may not have checked too carefully before sharing something that directs you to somewhere dodgy.  On most phones if you tap-hold over a link instead of just tapping it you’ll get the same option to “Copy Hyperlink” so you can check it out before tapping it. Your phone is just as susceptible to hacking as your computer and these days probably contains as much or more sensitive data. Look after it!

And Stay Safe!

PS: Spooky, but while I’ve been typing this article I received this email in my inbox:

 

coronavirus-scam-email-4

It claims to come from the American Center for Disease Control (why would they be emailing me, I wonder?) and is signed off by The Trustees of North Dakota University. The link claims to be to a pdf with information about covid-19 and coronavirus. Actually the link goes to “https://examo.ht/lndex.php”.

.ht is the internet domain suffix for Haiti. I smell a rat straight away here – the American Center for Disease Control, emailing me from North Dakota and directing me to a website in Haiti to get information about covid-19? I don’t think so somehow.