Corona virus has impacted the world in an unprecedented manner putting health and safety of several people in great danger during past few months. This has led to several countries announcing a complete or partial lock down whereby billions of people are advised to stay home and work from home. Cybercriminals have exploited this precarious situation and anxious mindset of people to commit social engineering attacks on them and phishing frauds. The Ministry of Home affairs, Govt of India has reported a steep rise as high as 86% in cybercrimes over the past four weeks. The modus operandi of criminals predominantly has been to use trojans, keyloggers, other malware sent through infected links, attachments via mails or social media posts to commit phishing and ransomware attacks.
In past few weeks, registration of domain names using keyword ‘Covid’ has grown exponentially, out of which 50% registered are being operated for fraudulent purposes. This is not limited to fake websites. Cyber criminals are luring potential victims to download infected files through sending suspicious emails and links like ‘Deadly Corona Virus Map’ that is designed to steal a person’s critical information such as usernames, passwords and credit card numbers. As a user tries to navigate through the map to learn the spread of Corona Virus, a malware identified as AZORult is activated which is an information stealer.
Rising cybercrimes during Covid times
Cyber terms – ready reckoner
-Malware Attack is an attack where criminal uses a virus, worms or Trojans to send infected links or attachments to potential targets to damage a device or system or take control of an electronic device like computer, mobiles.
-Identity Theft is stealing a person’s identity by spoofing for fraudulent purposes.
-Snooping attack is an unauthorized interception of a video or audio conference which is invasion of privacy and is criminal if done malafidely.
-Phishing is a financial crime where the criminal sends fake email or messages to a person to authenticate an account information and thereby extracts the password details or sensitive financial data to cause unauthorized debits to one’s account.
-Ransomware attack is a kind of extortion attack which prevents a device user from opening the files or applications on the attacked device.
-Data Theft or Hacking means dishonestly or fraudulently accessing a person’s data or system to steal data, introduce a virus, destroy a computer system etc.
-Man in the Middle Attack is where the attacker spoofs a genuine email address and manages to defraud recipient of mail to pay moneys into a fake bank account instead of genuine email address holder’s account.
The current Indian Cyberlaws framework & cybercrimes
Although the Personal Data Protection Bill,2018 is not yet enacted, the Information Technology Act,2000 has several provisions that deal with cybercrimes and prescribes punishments. For example, unauthorised access, downloading or extraction of data is punishable under Section 66 of IT Act and provides punishment of upto three years and fine or both. If a cybercriminal garbs a fake identity and steals financial data of a person through social engineering /phishing mails, the person could be guilty of Section 66C r/w 66D, and Section 420 of IPC. A person who hacks a system or device or video conference would be guilty of crime committed under Section 66 of IT Act,2000.
Section 66C prescribes similar term of punishment for identity theft and Section 66D of IT Act,2000 provides punishment for cheating by personation. The fake donation sites will attract this provision along with Section 420 of IPC for cheating.
Further, the Indian Penal Code, 1860 provides punishment for committing acts that create disharmony, public unrest, and provoking riots, hurting religious sentiments of a community under Section 153A, 295A of IPC punishable with imprisonment of upto three years and fine.
It is pertinent to point out that the National portal https://cybercrime.gov.in/ provides facility to register FIR online. Also, National Emergency helpline is 121 to report any emergency including cybercrimes.
Best Practices for Online safety in WFH times
The importance of keeping safe digitally apart from one’s physical health cannot be understated especially during Covid times. In order to be digitally secure, it is essential for businesses to adopt the following best practices in WFH scenario-
• Preparation of a work from home policy/ IT policy
• Use secure WiFi using WPA2/WPA3 technology
• Turn off WiFi and Bluetooth when not using it
• Use VPN for office work as far as possible
• Use Data loss Prevention Software, if possible
• Use strong antivirus and antispyware
• Update OS Software
• Use digital signatures to sign e-contracts and send emails
• Regularly backup the important data
• Impart security awareness trainings to employees
• Use only authentic applications after checking source
• Beware of the fake news/fake links/apps/ads
• Download Aarogya Setu app and visit the official news handles to check the news such and updates on Covid 19 as PIB, news portals/ websites
• For advisories, check the Ministry of Home Affairs, Ministry of Health and Family welfare, Ministry of Information Technology websites.
• Use secure and paid videoconference platforms.
• Read the terms and conditions and check source before you subscribe to a service.
• Use two factor authentications for accessing a service
• Do not share personal financial information with anyone over phone/mail/sms
• Use a reliable password manager service.
• Pay only on https websites
• You can register a criminal complaint online at cybercrime.gov.in
• National Helpline number 121.
• Type the address of a bank in URL address bar to access netbanking
• In case of phishing fraud- Preserve screenshots of evidence, report it to bank immediately if account/ plastic card data gets compromised
• Block credit cards /debit cards and lodge police complaint in case of any unauthorised debits.
It is important to stay home and stay safe during covid-19 times, and one’s digital safety is equally necessary. Cybercriminals are misusing the heightened anxiety levels among people to operate phishing rackets and make illegal gains. Adoption of online safety practices will be instrumental in not only curbing the rising cybercrimes but will aid in stopping fake news. Businesses, their crucial data and employees will be safeguarded from unauthorized intrusions and data loss by maintaining digital hygiene. Crucial data of organizations and people will be protected from hacking/phishing/malware attacks. Adopting little prudence and best practices to online safety will go a long way in averting prevalent threats and risks and support business resilience and continuity plans of any given organisation. Stay Home, Stay Safe and happy Surfing & WFH!
The author is Member, FICCI Homeland Security Committee and renowned Cyberlaw Expert