Hackers are more active under lockdown

Hacking and scamming on the increase as more people are working from home.

A person using a macbook to make a video call

Tuesday, 26 May, 2020

More bad news?

Leading internet security firm, Darktrace, has said hackers are ramping up activity under lockdown. Their data shows a huge increase in malicious email attacks. It’s thought the reason for this is the increasing number of people working from home. Before the lockdown only 12% of malicious emails targeted home workers, now it’s 60%

While scientists have been looking to Italy as an example for the COVID spread, tech experts followed their internet behaviour. Data shows this increase is consistent with global lockdown measures. With increases in internet attacks coinciding with countries commencing lockdown measures.

Even huge firms have been affected by this surge in cybercrime. Most recently EasyJet announced a massive data breach, admitting over 9 million customer details were accessed.

Reuters reported that the EasyJet attack was traced back to China, which has been the case for many of these attacks. However, it is suspected these large scale attacks are more politically based.  These attacks seem to focus on gaining personal information rather than financial fraud.

How are they doing it?

Well, most attacks aren’t as ambitious as the EasyJet hack. The main tactics affecting most home workers come in the form of ‘spoofing’, remote tool hacking and phishing.

‘Spoofing’ is when a hacker pretends to be a known person to the target to access information. This is becoming increasingly common on bogus corporate messaging services or Zoom chats.

Many of us are new to working from home, and many don’t have home firewalls (get one, now!). So hackers are using this to their advantage. They do this by attempting to access sensitive personal and business information through weaknesses in home networks.

Often businesses will set up a VPN for their workers to use to increase security because of this. However hackers are  using this against them! This is done by impersonating IT staff or service providers to reset a VPN to gain access.

In May a malicious email to workers was reported. The email told recipients they could ‘opt into’ furlough scheme by clicking signing up to a fraudulent website. Similar scams to this are being reported daily, with classic ‘phishing’ tactics to steal passwords.

What should you do?

Make sure you know who you’re talking to. Check email addresses for the slightest variation. If your colleague’s email is ‘Johnsmith@work.com’, hackers might use ‘Johnsmith@wor.com’.

This is done by setting up a domain with a similar address to your work domain, in this case ‘work.com’ becomes ‘wor.com’.

So if you speak to a colleague over a third party app like Zoom, check if it’s the right profile by video calling to confirm. Remember, if in doubt, don’t risk it. Report suspicious profiles to your business’ IT department where possible.

The UK cyber-intelligence organisation, GCHQ, is asking the public to report any phishing emails or fake websites. They are working to block malicious websites as they discover them, so any reports will help.

Stay safe!

Natalie Dunning author picture


Natalie Dunning is a freelance writer and Media Psychology researcher based in Manchester.