News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Cybercrime continues during Covid-19

As the world continues to grapple with the coronavirus pandemic, businesses of all sizes have been forced to adopt remote work policies to keep their operations going. And having employees working from home, without the normal firewalls and cybersecurity measures in place, means companies and individuals are now at greater risk of having their data compromised.
James Bayhack
James Bayhack

IT teams are tasked with the daunting challenge of managing employees’ connectivity during the Covid-19 crisis to ensure productivity and minimal disruption to the business. At the same time, there has been a sharp spike in the number of ‘phishing’ and ‘smishing’ attacks since the outbreak began.

Every day, Gmail blocks more than 100 million phishing emails. In the first week of April 2020, Google reported 18 million daily malware and phishing emails related to Covid-19. This was in addition to more than 240 million Covid-related daily spam messages.

How phishing works

Phishing is still one of the most effective methods that attackers use to compromise accounts and gain access to company data and resources.

Most online users are aware of phishing emails, which often encourage you to log on to what seems to be an online banking portal or other credit facilities. The user enters their login details on the fake portal, after which the scammers use this information to raid the user’s bank account.

How smishing works

Smishing is a growing cybercrime trend. Essentially, it’s Phishing 2.0 – via SMS. The sender ID for SMS messages can be tweaked to look like a message from a bank or other recognised institution, but in fact, it comes from a person. A link to a fraudulent portal in the message does the same as the link in a phishing message, only via the mobile phone.

Smishing also works when scammers send a phone number in the message. If the victim calls the number and gives away private information, this can also cost a lot of money.

Internet fraudsters are creating new phishing and smishing scams every day to make a quick buck from the fear and uncertainty surrounding the Covid-19 pandemic. With so many people working, shopping, and communicating online, fraudsters are seeking to benefit from any possible lack in online security.

One trick is to impersonate the World Health Organization (WHO) to solicit fraudulent donations or distribute malware. Another is to capitalise on government stimulus packages and imitate government institutions to scam small businesses.

With many consumers now being forced to shop online, cybercriminals are taking advantage of this by sending fraudulent shipping alert text messages. These SMS messages, which appear to be from major carriers such as UPS, Amazon, etc., contain a fake tracking number and link that directs the target to update delivery preferences, while also requesting credit card information.

Securing your mobile communications

Mobile communication has become more important now than ever, with consumers unable to visit your office or store. That means companies need to prove their trustworthiness and protect their customers from fraudsters. Luckily, there are ways to ensure secure mobile communications between the brand and consumer. We recommend two mobile security precautions you can take to safeguard your personal and business mobile interactions.

  1. Look for the tell-tale signs of a fraudulent message

    • A normal phone number consists of 10 digits. If you receive a message from an 11-digit number, it’s likely to be a scam.
    • If an SMS asks you to send money to any specific account, it may be a scam.
    • If it seems too good to be true, it probably is. SMS scams often involve news that you’ve won some type of prize or a sum of cash. You may even be asked to click on a link to claim the prize. Don’t do it.
    • Government departments don’t ask for donations through text messages. If you receive an SMS like this, don’t respond.

  2. Secure access to your online portals
  3. Another way to limit risk threats is by adding Two-factor Authentication (2FA). This means adding a level of authentication whenever granting access to secured online environments. Think of medical information for patients, company info for your employees, financial information for consumers, and order pages for consumers.

    By adding a second level of authentication on top of just a username and password, the chances of sensitive information falling into the wrong hands are limited. The user will also need to add, for example, a One Time Password to validate the user’s identity.

    A ‘One Time Password’​ is a string of characters or numbers automatically generated to be used for one single login attempt. One Time Passwords can be sent to the user’s phone via SMS or Voice.

In addition to the abovementioned advice, always keep these general cybersecurity tips in mind to prevent Smishing and other cyber threats:

  • Be careful with links and phone numbers in text messages
  • Make sure your bank reports unusual transactions
  • Never communicate your credit card details, username and password


Finally, remember that banks will never send you a text message with a link to log in for online and mobile banking or ask you to reply with sensitive information. When in doubt, always contact your bank directly.

About James Bayhack

James Bayhack, Director - sub-Saharan Africa at CM.com
Let's do Biz