Watch out for cyber criminals during COVID-19 : Fortinet


Fortinet, a global cyber security solutions firm, has warned that cyber criminals may set up fake charity websites to get donors to transfer money, allegedly to help those adversely affected by the COVID-19 pandemic.

In a statement today, Fortinet said social engineering is the easiest and fastest way to exploit an individual or organisation in Malaysia amidst COVID-19 pandemic fears.

“With so many major events being cancelled, cyber criminals may also try to take advantage of this situation by luring their victims with phishing scams on refunds and fake news to get victims to reveal their credit card information,” it said.

Country manager for Malaysia Alex Loh said Malaysians should be wary of suspicious requests, unknown contacts and unsolicited information.

“Nobody is safe from them; administrative employees, contractors and even business partners can be targets to obtain access to their networks and sensitive information.

“Even children are potential targets. It is a perpetual bombardment, every minute of the day,” he said.

Loh said one of the ways attackers exploit the COVID-19 crisis for financial gains is by creating a false but believable story to get certain information from their targets, social media deception, as well as email-based phishing or spear phishing.

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

Loh said other digital attacks include the “watering hole” attack, where the attacker guesses or observes which websites a targeted group of individuals within a certain organisation, industry or region often uses and infects one or more of them with malware.

Apart from digital attack, he said there are also phone-based attacks like “smishing” — a text-based message attack which is done by impersonating a legitimate source in order to lure a victim into downloading viruses and malware onto their mobile device.

He said vishing (voice phishing) is also another way of phone-based attack where the attacker calls the victim and pretends to be a legitimate source, such as a bank, to try and convince the target into divulging sensitive information such as credit card information or social security numbers.

To protect personal and proprietary information, Fortinet advised Malaysian to be suspicious of any email or text message requesting sensitive information or financial transactions, especially third-party sources spreading information about COVID-19, and review all hyperlinks prior to clicking to confirm they are from legitimate sources.