The outbreak of COVID-19 has introduced most Sri Lankans to the concept of ‘working from home’ as a precautionary measure against the spread of the virus by limiting people’s travelling habits. Even though many were unfamiliar with the idea of working from home, and some even found it difficult to work from home due to the nature of their profession, this move bore fruit and helped keep many institutions/businesses afloat during this difficult time. This move also encouraged people to learn new Information Technology (IT) skills, mainly the use of internet-based applications, which can be quite beneficial in the long run.
However, during the past few weeks, IT professionals and organisations have been warning and raising awareness about several IT-related scams and cyber attacks that predominantly threatened people’s privacy/personal data on the internet. IT professionals claim that cyber criminals have started using the COVID-19 situation to their advantage, and that people must pay more attention to their safety and privacy on the internet.
According to Information Technology Society Sri Lanka (ITSSL), the increasing number of COVID-19 cases and related developments has caused significant changes in people’s day-to-day lives as well as their internet behaviours. ITSSL Chairman, Rajeev Yasiru Mathew, speaking to Ceylon Today, said that cyber criminals see people’s irresponsible internet behaviours, especially how they behave on social media, as good opportunities for internet-based crimes, which involve stealing people’s personal information.
He added, “Owing to the COVID-19 pandemic, people have developed an interest for COVID-19-related news. This interest can cause problems if people act out of emotion rather than fact. Most people share COVID-19 related news/articles without checking their accuracy or source. Sometimes they merely look at the title of the links shared by their friends, and then go on to share those without even opening the link.
“Many links shared on social media contain malware/spyware that can be used by cyber criminals to steal and use your information. This situation becomes worse because the curfew and lockdown have confined most people in their homes, which considerably increases people’s tendency to use the internet for entertainment/work purposes.”
According to Mathew, cyber criminals use spam messages/emails to steal people’s personal information. One of the most common types of spam messages/emails circulated these days is free data offers.
He explained, “There is a data crisis due to the high internet use/demand. Taking advantage of this situation, cyber criminals send spam messages/emails to people, claiming to give free data. Some people believe these types of offers and share the message with their friends, without checking the source of information.
“There is a rise of ransomware, which involves demanding ransoms from people. When it comes to ransomware, there is no assurance that the hacker will delete and/or decrypt the victim’s personal data after extorting money. Most of the times they don’t do that, and therefore, being extra careful is extremely important.”
Social media users in Sri Lanka have also witnessed an astronomical number of ‘giveaways’ during the past few weeks, including but not limited to free face masks, free sanitisers, free internet data and also money. All these giveaways require the applicants to do various things to be eligible for the offer, including providing their personal details.
Mathew further said that mobile phone users must be more cautious than computer users, since mobile phones tend to be more vulnerable than computers in terms of security. He also said that those working from home must be extremely vigilant and refrain from clicking on or sharing unknown links, and remember to check the source of what they receive.
“Usually, if your social media accounts are hacked, the hackers remove your email, password and phone number. They disable the account for a couple of days, and then enable the account again like nothing happened.
Sometimes they don’t do anything to your account for a long time, and you won’t even know your account was hacked,” he said, explaining the behaviour of certain cyber criminals that makes it difficult for victims to take action.
Mathew went on to explain how the irresponsible circulation of spam links may affect internet users. “People must think twice about the authenticity and source of links before sharing and/or accessing a link. People must think whether ‘free offer’ messages are sent by official/verified sources, through their official media.
“Be vigilant about other suspicious signs of these links and also the nature of the messages you receive. Some social media sites, like Facebook, have strict rules in place regarding these types of links. Sharing these links may result in your account being temporarily blocked, or permanently banned. In addition, in the event you lose your account, you will also lose your personal data.
“Sometimes, the phone numbers of those who share/access these websites are collected by scammers. Recently, there was news that people had received calls from foreign countries. People received these calls because there is a database somewhere of these people’s phone numbers. These numbers can be used for various other activities. Later, in a month or year or so, these people might receive calls, SMSs or emails various advertisements, promotions or even requesting money.”
Recently, the media reported that Zoom, a popular video communications application, had security issues. This gained widespread attention since many who were working from home due to the curfew were using this application to hold meetings. Mathew noted that ITSSL studied the said security issue in this application.
He went on to say, “Any application may have minor issues. Zoom allows many users to join the conversation at a time and due to such facilities it became famous. The problem was that there was a security vulnerability that made it possible for someone to steal login/password information of a participant of a Zoom meeting. However, this vulnerability had been rectified in the latest update.”
Speaking of the rise of cyber attacks during the COVID-19 pandemic, he added that so far, more than 40,000 scam websites have been identified. “The topic ‘COVID-19’ is a trending topic on the internet and people are enthusiastic to hear COVID-19 related news,” he said, adding that therefore, people tend to purchase all COVID-19 related domains.
Mathew stressed, “Internet users should be vigilant about these websites.These websites are filled with various threats and harmful programmes. People access these websites and contents therein without any idea as to how their personal information may be stolen.”