Odds are, you were not among the small percentage of those who absentmindedly or purposefully clicked through to one of the 29,000-plus malicious websites invoking coronavirus that were created in March and April alone.
I can’t say the same — one way or the other, multiple hackers got hold of my information during that stretch. Between the extortion attempt via email (accompanied by more than a few choice epithets amid an unsuccessful attempt to bludgeon me out of some bitcoin) and the small spending spree on my payment card (that my bank thankfully scotched in a hurry), I thought it wise to pay a little more heed to a few of my online practices, and can only hope that is as far as the damage has gone.
The digital domain and personal finance are inextricably linked, of course, never more so than now after waiting out the pandemic from behind the antiviral moats we dug around our homes, probably with some purchase and monetary habits changed permanently, whether the result of newly discovered convenience or lingering concerns of the wisdom in being out and about.
The “Unit 42” research team at Palo Alto Networks analyzed the domain-name influx pegged to coronavirus, calculating more than 1,700 were being created daily on average this spring among a host of schemes it tracked. Google’s internal Threat Analysis Group had a bigger number to offer, saying some 18 million fraudulent emails pegged to COVID-19 were being sent daily on Gmail accounts.
Some of those fraudulent schemes will succeed, given so many people having to install and learn on the fly varying platforms to work from home in the early days of the pandemic, according to University of New Haven professor Vahid Behzadan, who has developed an expertise in cybersecurity over nearly two decades, including security implications for the most sophisticated artificial intelligence systems such as those for driverless cars.
Connecticut residents lost nearly $14 million last year to fraudsters in incidents reported to the Federal Trade Commission, of $1.9 billion nationally, with credit card fraud accounting for nearly half of activity whether the result of stolen numbers or identity theft to obtain new cards.
“In the first few weeks, security wasn’t the primary focus of many organizations that brought almost all of their business — all of their communications, all of their interactions with customers and internally — online,” Behzadan says. “This is a guess, but an educated guess, that at the end of this year the number is going to be much more than the few billion dollars that we have been used to seeing in previous years, because of the pandemic [and] because of the move of everything to the digital domain.”
For many who had not experienced a hack of some kind or another, the Equifax breach of 2017 was a major wakeup call, when the credit reporting agency discovered months after the fact that hackers had gained access to its systems, waiting weeks more before warning the public that personal information had been exposed for nearly 150 million people. Another wakeup call arrived this past January courtesy of Amazon CEO Jeff Bezos, after an information-security firm he hired determined that his mobile phone had been hacked.
If it can happen to Bezos, it can happen to me — and it did. Despite my long adherence to one safeguard Behzadan and others recommend, avoiding duplicate passwords for differing accounts, a hacker (or “dark web” password shopper, who knows?) emailed me repeatedly this winter and spring in an attempt to shake me down.
Having a system of distinct passwords for each account that I can commit to memory rather than recording them on a computer, I have a good idea of the source of the password — but as to whether my own lapse allowed that password to wriggle out of my grasp or whether that was the fault of an outdoors retailer of some renown, I’ll never know.
If comparatively harmless “Zoom bombing” will be the hack attached to the imagery of the pandemic, the monetary harm of coronavirus schemes has yet to be calculated.
We all shifted some of our lives to the digital domain as we took shelter indoors in the past few months. Chances are, we will be keeping a portion of that activity in the digital domain, whether by choice or necessity. It comes with a price. As the Norwalk-based data backup and security provider Datto puts it, “It’s not a case of if you get hit, but when.”
“Your password will someday be leaked,” Behzadan says. “You either accept to go ahead and use [online] services, or you decide to stay in the Stone Age and go out to the store, with the pandemic out there. It’s always a tradeoff — but knowing that it’s a tradeoff is half the solution to the cybersecurity problem. … You tune or modulate your behavior accordingly.”
Coronavirus cyber scams
Be on the lookout for these COVID-related schemes:
● “Phishing” emails purportedly from the World Health Organization, Centers for Disease Control and Prevention or government agencies
● Health crisis websites and interactive maps laced with malware to steal credentials or install ransomware
● Offers for bogus COVID-19 test kits and therapies
● Online sales of protective equipment never fulfilled
● Attempted theft of federal relief funds
● Solicitations for bogus charitable drives
● Phony coronavirus contact tracing recruitment
● Malicious mobile apps being made available on app stores
Sources: Datto, Federal Trade Commission
10 tips to protect your digital security
1. Employ unique passwords for accounts and change regularly
2. Use multi-factor authentication in systems that allow it
3. Run regular updates for operating systems and software
4. Install antivirus software and schedule regular scans
5. Take caution in clicking on links or opening attachments
6. Be wary of using public wireless internet hot spots
7. Limit any personal information divulged over social media
8. Back up data to a separate device or a cloud-based vendor
9. Keep and review regularly a disaster-recovery plan
10. Report to police any abnormal computer behavior or threat
Sources: Connecticut Department of Emergency Services and Public Protection, Department of Consumer Protection, Datto