You aren’t the only one that’s been working online for a majority of 2020 – so, too, are cybercriminals!
Cybercriminals are known to thrive in time of crisis and major events. The current COVID-19 pandemic is no exception. In fact, never has the ground been more fertile for social engineering attacks.Fraudsters are preying on every emotion and circumstance introduced by the disruption. Because of stay-at-home orders, people have spent more time than ever on social media pages and are buying more online items which means more credit cards and financial information is being transmitted electronically.
Fraudsters are working very hard to utilize every opportunity to launch a new scam to fool you and capture your information. This can be done in different ways:
- Mobile Malware
- Smishing (a smishing attack is a phishing attack that uses SMS texts)
- Social Media attacks.
- Rogue mobile applications
1) Mobile Malware
Use of mobile malware has increased greatly, and evolved over the past few years. It is now one of the biggest global cyber threats.
Cerberus is a commercial malware widely used to target Android-based smartphones.It first appeared in mid-2019 and offered a unique Malware-as-a-Service (MaaS) model, offering “customers” support and regular updates.
Cerberus hides in seemingly legitimate applications in order to lure victims into downloading and installing it from legitimate app stores. . The sample brought herein, was disguised as an Adobe Flash Player application. However, more recent versions prey on COVID-19 themed mobile apps, in order to capture a wider audience.
Upon the launching the app, a victim is prompted to provide the administrator permissions in order to allow the app to work, therefore bypassing the security controls of the Android operating system.
In the case examined, the application simulates the very popular application, Adobe Flash Player.
When the application is launched for the first time, the victim is redirected to the device’s accessibility settings, and then prompted to provide permissions to the newly added service (demonstrated below).
The false Adobe Flash Player page takes the user through multiple screens asking for the following permissions:
Following the permissions request process, if a victim accepts, the application icon disappears from the applications menu, including its shortcuts on the home screen.The app can only then be found in the device’s application settings. When one attempts to access the application settings from this screen, Cerberus will close it right away to prevent the victim from uninstalling it.
2) Phishing and Smishing
Medical and government institutions are major actors during these challenging times.
As such, it is not surprising that these sectors are most top targets for cybercrime.
In the past several months, many fell victim to fraudulent SMS messages from the National Health Service offering a goodwill payment of cash to an individuals who’d recently been furloughed or laid off. All that was needed in return? Credit card details to receive the payment.
3) Social Media Attacks
Did you receive the below email message telling you that your Facebook password was reset and you’d need to visit a certain link to create a new password?
The below email appears legitimate, correct? But, if you you click on the “Complete this Form” link, you most likely will not have access to your Facebook account!
Below is another example. It appears like a social media post from a legitimate international retailer, wants to give away a free shopping voucher. But again, it’s a fake and potentially malicious.
4) Rogue Mobile Apps
Not all fraud attempts involve email, phone calls or text messages. Mobile apps are a rapidly growing attack vector for spreading malware, spyware and ransomware. Fraudsters have released a variety of fake mobile apps related to COVID-19 claiming to offer the latest breaking news and updates. However, these fake apps vehicles for transmitting malware and ransomware capable of taking over a victim’s mobile device.
Below is a Cerberus Android malware disguised as a coronavirus map application.
Avoid Becoming a Victim
Below are some proactive steps you can take now to avoid falling victim to these scams:
- Never share your personal or financial information via email, text messages, or over the phone.
- Do not respond to calls or texts from unknown numbers, or any others that appear suspicious. Scammers often spoof phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
- Be cautious if you’re being pressured to share any information or make a payment immediately.
- Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren't hacked.
- Make purchases only with trusted sellers and brands that have a trusted reputation.
- Limit the number of places or applications where you store your payment information online or use a secure digital wallet or an internet dedicated credit card.
- Keep online banking software and banking apps up-to-date and always download updates when you are prompted.
- Keep a close eye on your bank transaction statements , and report suspicious activity to your bank or credit card provider.
- Always verify a charity (for example, by calling or looking at its actual website) before donating.
- Avoid downloading any application from an unknown source, and always check the developer’s info before downloading
- If you are going to buy something online, use data provided by your network provider and not Public Wi-Fi networks.
- Always use secure websites. If the site is secure it will have “HTTPs” in the web address. To check a site's security, to the left of the web address, look at the security status:
About RSA FraudAction: Facing complex attack schemes, RSA FraudAction combines all the threat vectors into an all-inclusive external threat management service for complete fraud protection against phishing, Trojan attacks, rogue apps and social media threats. Additionally, customers can gain deeper insight into emerging threats with intelligence reports that provide visibility into the cybercrime underground. Learn more here.