WHEN Agnes D., a resident of Sta. Cruz, Laguna received a message in her inbox saying she was qualified for a vaccine shot at “a hospital nearest you,” she was elated. She was ready to give the shots to her 68-year-old mother because as a schoolteacher Agnes was also qualified to get free vaccines.
Teacher Agnes was dismayed to find out later she was a victim of a phishing scam, after the email came another one that asked her to pay a ransom of $1000 in bitcoins so the attackers could stop her email address from sending lewd or injurious messages to her contacts. This was of course not true, the attackers were not able to enter her computer–a government-issued one–which was protected by anti-malware software.
Agnes is one of the many COVID-19 vaccine-related attacks globally. Some users in the UK received an email that appeared to come from the country’s National Health Service. The recipient was invited to be vaccinated, having first confirmed their desire to be vaccinated by following the link. To make the appointment, the user had to fill in the form with their personal data, including credit or debit card details. By handing over their financial and personal data to the attackers, victims are easily scammed.
Another instance involves a fake email sent on behalf of vaccine producers. Such an email landed in one of Malaya’s email boxes where clicking a link for a gift for participating in a survey leads to a page where personal or corporate information was requested.
In some cases, according to a report by cybersecurity expert Kaspersky called the “Spam and Phishing in Q1 2021” the attackers asked for payment of a token amount, for delivery. The cybersecurity investigators also found spam letters offering services on behalf of Chinese manufacturers. The emails offered products to diagnose and treat the virus, but the emphasis was on the sale of vaccination syringes.
“In 2021, we saw a continuation of 2020 trends. Cybercriminals are still actively using the COVID-19 theme to entice potential victims. As coronavirus vaccination programs have been rolled out, spammers have adopted the process as bait. It is important to remember that though such offers may look very favorable, the likelihood of a successful deal is zero. The user can avoid losing data or, in some cases money if they remain vigilant to the supposed lucrative offers distributed online,” Tatyana Shcherbakova, a security expert at Kaspersky comments.
In order to avoid falling victim to a scam, Kaspersky also advises users:
As scammers are continuing to exploit this epidemiological challenge, they have also looked at another phenomenon that resulted from the pandemic-induced digitalization, the dependence on fintech.
Lockdown, travel and health-related restrictions led to the use of digital payments and electronic money platforms skyrocketing in a short amount of time. Keeping up with the demand, securing connections and transactions meant maintaining controls and compliance, and increasing performance and security.
“For the large majority of cybercriminals, easy money is the prime motivator. And the financial sector is uniquely positioned to be a target of attacks regardless of season because it’s always where the money is. The growth of digital financial services in the Philippines, like in other parts of the region, is creating new and heightened risks for both service users and service providers. In this case, technology will be the game-changer,” Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky said.
In a survey conducted by the Bangko Sentral ng Pilipinas recently, among all local financial institutions–universal/commercial banks and their subsidiaries, thrift banks, and rural and cooperative banks–revealed that a high volume of rural and cooperative banks were determined to incorporate technology in their businesses. Banks that are lagging behind in terms of digital transformation efforts also realized the need to fast-track their digitization journey. In 2020, respondent banks said they are now planning to use technology in banking services at 89.2 percent compared to 87.4 percent in 2019.
That upshift bring a lot of challenges, and a lot of opportunities for cybercriminals. In Kaspersky’s recent IT Security Economics Report, it was found that threat intelligence is considered an area of investment for 41 percent of enterprises and 39 percent of SMBs in response to a data breach.
To secure ongoing efforts for digital connectivity, identification, and payments infrastructure, up-to-the-minute threat intelligence feeds play a vital role in keeping tabs on the cyberattacks that grow in both frequency and complexity. This is why Kaspersky highly recommends for banks to increase their threat assessment and intelligence portfolio.
Threat intelligence can identify and analyze cyber threats targeting a business. It’s about going through piles of data to examine it, to spot real problems and deploy solutions specific to the discovered problem.
“Digital transformation always presents new challenges, especially for the financial sector. The Philippines is in the middle of a digital revolution where the use of online payment gateways and e-wallets is expected to expand. While it is a huge responsibility for banks and financial service providers to secure their virtual systems, investing in the most intelligent solutions is essential as they build their cyber defenses to better protect their customers and their businesses. From a cybersecurity standpoint, threat intelligence is an advanced, specialized framework that the financial sector will significantly benefit from,” Yeo concludes.