When Sunita R called up the customer support of the bank in late June to complain of certain technical glitches in a banking application that she uses, she was assured of a solution. Hours later, she received a call from a person, claiming to be from the support team.

Sunita was instructed to download an application named ‘Quick Support’ through a link that the caller sent her via SMS. Unsuspecting, she downloaded the application. The caller then sent her a form to fill in the “Know your Customer” (KYC) details, that included Aadhaar number and other details. She was told that the caller would deduct Rs 10 to test and activate her account.

Minutes later, Rs 35,375 was debited from her account. A frantic Sunita redialled the number, it was switched off and it was then that she realised that she had been deceived by a fraudster. She sought help yet again from the bank’s support team. “I was informed that the application I installed recorded the information on the mobile screen with which they got my transaction details,” a worried Sunita says. 

Sunita has filed a First Information Report (FIR) and awaits further updates about the cyber-attack. Many companies have not been able to adopt a comprehensive security practice with adequate checks and balances, as the shift to remote working happened out of the blue, due to the lockdown.

Cyber-attacks in the city during COVID-19

With work from home becoming the order of the day, Chennai has witnessed a spike in cyber-attacks the past four months, reveals a report by K7 Security, a cybersecurity company based in the city. 

“During the lockdown, the most common cyber-threat faced by citizens was e-commerce fraud, as many of the platforms discontinued cash on delivery and customers had to use digital payments. Data theft, hacking and phishing attacks were the most commonly reported instances of cyber attacks during the pandemic,” says Dr S Latha, Assistant Professor, Department of Criminology, University of Madras.

Every four out of ten Internet users from Chennai have encountered at least one cyber attack in the last quarter. The chart notes that 54% of the infection rate (users who encountered at least one cyber threat, which was blocked and reported) is through ScanEngine (lack of file protection), followed by web threats (access to unwanted online content).

The many kinds of cyber threats

The team at K7 Security studied how cyber-attackers are utilising the pandemic as an opportunity. Here are the key findings of the researchers:

1. Your PC is susceptible to cyber-attacks if you do not have additional security features such as encrypted network connections and updated operating systems. 
2. COVID-themed attacks: Malicious emails with unsafe attachments about COVID are widely in circulation. However, when such attachments are opened, it automatically downloads tools that steal personal and financial information.
3. Popular remote communication platforms such as Webex, have also been found to be vulnerable to cyber-attacks.  The threat lets any user join a secured meeting without having the need to enter the password for joining the discussion. 
4. The researchers have found a massive rise in virus-infected applications on the Internet. 
5. The report recorded that the researchers witnessed a rise in potentially unwanted programmes and adware (a tool that automatically downloads pop-up ads and other such material) in Mac devices.

How to mitigate cyber threats?

As many companies are potentially looking to embrace remote working in the long term, having good cyber hygiene should be of prime importance. Here are some ways to stay safe from cyber threats:

1. Use a secure virtual private network (VPN) that helps users to transfer data across public networks in a secured manner.
2. Have a strong password on your router and firewall (software that protects from unauthorised access to your computer).
3. Update firewall rules to block unwanted traffic.
4. Maintain safe email handling practices. Secure your device by keeping it up-to-date and patched for the latest vulnerabilities. Always use the right security product to scan your devices and network.
5. It is advisable to download tools only from Android’s official Google Play Store and Apple’s App Store. Do not click on unknown links delivered via SMS, emails and the like.
6. Use authentic anti-virus software and scan your device regularly to root out threats.