COVID-19 and the Hidden Digital Risks
so·cial en·gi·neer·ing
/ˈsōSHəl ˌenjəˈni(ə)riNG/
“The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
~Oxford Dictionary~
The novel coronavirus has changed the digital habits of millions of internet users. To address the need for social distancing a significant number of people are now staying at home and moving their work, education, and social lives online. Cyber criminals have taken advantage of an already precarious situation to exploit vulnerable internet users through calculated COVID-related social engineering campaigns. These campaigns use techniques such as spamming and phishing attacks to harvest user credentials and rapidly spread malware across the internet. An attack can reveal sensitive information and in some cases, such as those of Syrian activists and journalists, can put a user’s life at risk.
In March 2020, internet users in Syria and the MENA region began to see a significant increase in malicious online activities related to the global outbreak of COVID-19. A number of suspicious websites were reported for promoting data collection forms in exchange for non-existent free data plans or humanitarian aid. The SalamaTech project became aware of these threats mid-March 2020. SalamaTech immediately began to release digital alerts to highlight the increased security risk and to provide tips to help users secure their devices, data, and online connections. The team launched a dedicated campaign to explain the concepts of social engineering and phishing attacks. As part of the campaign they released guides, infographics, and GIFs to ensure critical campaign messages were clearly understood and easily disseminated.
As of April 2020, COVID-19 related guides and resources have received over 21,000 total user engagements. For more information on social engineering in Arabic please visit www.salamatech.org