COVID-19: From the Mindset of the Attacker

COVID-19: From the Mindset of the Attacker

As the coronavirus continues to cause widespread panic and disruption, it is easy to lose sight of the secondary threats. Even if you aren’t worried about the virus itself, you can still be affected by its non-direct effects. Obviously, the economic damage is one of these effects, and an increase in hacking activity seems to be another.

Assessing The Problem?

According to virtually every authority on cybersecurity, the Covid-19 pandemic has been accompanied by a substantial increase in phishing email scams. As you might know, phishing email scams are some of the most common cyberattacks. They affect tens of thousands of people every year. According to this report, about 60,000 phishing sites were reported in March of 2020 alone.

It seems that this is the most common type of cyberattack, and it’s easy to see why. By tricking one person, a hacker can bypass a whole host of security measures. All they have to do is trick you into clicking on a tainted link. According to this report from Symantec, about 65% of all known hacker groups use phishing as their primary method of attack.

From The Mindset Of The Attacker

At this point, it pays to put yourself in the mind of a cyber-scammer. This might be hard for a lot of us since we don’t normally think in that way. However, the only way to beat a hacker is to think like one…at least, to a point.

Like any other predator, the cyber-criminal is probably driven by a desire for certain results. This might include monetary gain, the acquisition of useful information, or perhaps just the pleasure of causing mischief. Naturally, they are going to look for the easiest way of obtaining those desired results. In most cases, that means going phishing.

Link Trackers And How They Work

The first thing you need to understand is how easy all of this can be. Any weblink can be embedded with a script that tracks the user’s exact location. Because this information is tied to your IP address, and because that IP address is tied to your internet provider, all sorts of personal information can be accessed. This is how hackers can easily obtain someone’s full name, home address, etc. Anything your internet provider has on file can be found.

Let’s try this one time, just for practice. Start by going to this website. It is a free tool that allows you to generate a “boobytrapped” link. It will lead the target to a site that appears completely harmless and mainstream, but it will, in fact, be capturing the IP addresses of any who click on the link.

You will need a friend in order to do this next part. First, go to the place where it says, “URL & Image Shortener.” So, why do they call it a “shortener,” you ask? Well, it’s because the link has to be shortened to avoid suspicion. An excessively long URL is sure to grab a little more attention, as it is irregular.

So, enter the URL of a common website into the box. This is the page where your target will go when they click the link. For our purposes, let’s go ahead and use http://www.youtube.com, as it is one of the most heavily-trafficked sites on the internet. On the next screen, you will see a link that you can copy. It will begin with https://iplogger.org/, and that is too obvious. Change the domain name using the dropbox below.

Now, all you have to do is copy the link, put it into an email, and get your friend to click on the highlighted text. The site will capture their IP address, which can be seen on the tab marked “Logged IP’s.” Now, just go to an IP lookup site like this one and get all the information. It’s that easy, and a dedicated hacker can do things with a lot more sophistication than this.

How To Avoid Coronavirus Phishing Scams

At this time, most of the dedicated scam artists are using the coronavirus as a path of attack. A lot of people report that they have received coronavirus-related text messages that contained links to phishing sites. These messages would often claim to be from the CDC or some other legitimate government organization. Email scams of this type have also been reported.

As a general rule, you should never click on links from unknown parties, whether it’s an email, a text message, or anything else. However, there are times when you will want to click on these links. For those times, we would recommend using a reverse tracker to detect any redirections that might take place. This site provides a free tool for this purpose, but there are many others. Look at the feedback and see if there are any suspicious redirections before clicking on any link from an unknown party.

The use of a VPN or proxy is another good way to defeat this method. By using an encrypted “tunnel” between you and the websites you visit, a VPN gives the hacker false information. Most phishing tools cannot see past this mask, but it may not defeat the most sophisticated attackers. At this time, it is a good policy to avoid clicking on any coronavirus-related ads. You should also be suspicious of texts or emails that contain a lot of spelling, grammatical, or graphical mistakes.

Conclusion

It would be nice if there were an easy way to mitigate this threat, but there isn’t. Antivirus tools and other security software can definitely help, and we would particularly recommend SIEM software that can quickly alert you to a phishing attempt. However, none of these is a “magic bullet,” so you will still need to use caution. These kinds of scams are intended to ensnare the most unwary of internet users, so make sure that isn’t you! If you have found this article to be helpful, please fill out the contact form.