Cybercrime dangers in times of Corona
and what to do against them

How cybercriminals take advantage of the situation - and how to stay safe

In times of global crises, cybercriminals are among the first to try to profit from people's fear, insecurity and need for information. This is no different with the corona virus.

The more the corona virus spreads, the greater the need for information. A website promises to show infections with the corona virus in real time on a map, including in Germany. Clicking on it, however, not only opens the map, but also downloads a malware program in the background. Phishing mails are currently circulating, claiming to contain video instructions for virus protection and current developments regarding the corona threat.

The World Health Organization (WHO) is also being misused in the form of fake information offers and announcements for criminal activities in the course of the corona epidemic.

As many companies are currently relying on home offices to contain the further spread of the virus and to ensure that their operational workflow is as safe and efficient as possible, we strongly advise all users and employees working from home to follow the instructions listed below:
  • Train employees so that they are aware of the dangers that may be associated with unsolicited messages. Awareness training for the entire workforce about the new risks in the home office, in particular the increase in phishing attacks in connection with Covid-19.
  • Also and especially in the home office all specifications, instructions and guidelines of the company apply without restrictions!
  • Live the 4-eye-principle also in your home office! Since physical signatures are no longer possible for higher financial transactions, it may make sense to introduce a 6-eye principle. In addition, call back procedures should be introduced with the supervisor before higher transactions are released.
  • Be particularly vigilant! Do not take anything for granted and question everything!
  • Exchange the most important telephone numbers (business and private numbers) for consultations with colleagues and superiors.
  • Always enter web addresses independently. Do not click on links or attachments or reply to unwanted messages.
  • Restrict the access rights of people connecting to the corporate network.
  • Choose secure passwords! Passwords should be long, complex and not easy to guess. Use different passwords for different services
  • Install the latest updates for operating systems and apps. The latest updates for operating systems and apps must be installed immediately - as soon as they are available - in order to close vulnerabilities as far as possible. 
  •  
  • Be especially careful with emails from unknown senders with attachments or links. The following domains / addresses on the subject of corona are already identified as dangerous, for example:
    -          coronavirusstatus[.]space
    -          coronavirus-map[.]com
    -          blogcoronacl.canalcero[.]digital
    -          coronavirus[.]zone
    -          coronavirus-realtime[.]com
    -          coronavirus[.]app
    -          bgvfr.coronavirusaware[.]xyz
    -          coronavirusaware[.]xyz
  • Always check against changes in account details, whether from customers or suppliers.
  • Do not click on suspicious links that promise exclusive content, but only obtain information from official, trustworthy sources.
  • Check file extensions of downloaded files, documents and video files should not be in EXE or LNK format..
  • Check with the alleged principal / sender of an e-mail if an action to be performed seems strange to you. Choose an alternative communication channel (e.g. the known telephone number).
  • The new danger of speech synthesizer/voice simulation: No acceptance of internal as well as external payment instructions or changes of bank data by telephone. Question the request of your CEO or CFO for assistance with financial transactions. Call the person back at the telephone number you know. Insist on a written instruction and forward it to your superior.
  • Fraud scenario "WhatsApp": In principle, "WhatsApp" should not be allowed on company smartphones. If your CEO or your supervisor sends you a "WhatsApp", clarify the content with a phone call (no WhatsApp call and no FaceTime Video) with the colleagues concerned. Distrust any "WhatsApp" voice message.
  • Apps should only be downloaded from trusted sources such as Google Play, the App Store, or application pools provided by your company.
  • Fraudsters use information from social networking sites, so be careful about revealing information online.
  • Do not use your company email address or passwords to register privately with online services!
  • Do not use public / private computers for business purposes! Public / private computers can be manipulated. There is a risk of data leakage and manipulation. If you should use your private computer in your home office, please coordinate this in advance with the company IT / EDP employees and your supervisor.

Protection

If, despite all the precautions taken, cybercrime does cause financial loss - can I protect myself against it? The answer is yes!

With fidelity insurance you protect yourself against financial losses caused by intentional unauthorized actions, acts of so-called "trusted third parties" - this includes targeted cybercrime attacks on your company or data misuse by third parties.

Do you have any questions on this topic? Please feel free to contact us at any time.