Cybercriminals are finding increasingly innovative ways to defraud customers during the COVID-19 crisis, experts have warned, as new figures show cyber fraud cases rocketed during the height of the pandemic across the Middle East and North Africa region.
According to Anoop Das, a cybersecurity expert at the regional cyber resilience company Mimecast Middle East, said the pandemic led to a “significant increase in cybercrime, with threat actors continuously looking to exploit vulnerabilities for financial gain.”
Das said according to the Mimecast Threat Intelligence center, one of the cyber fraud scams that have reported a significant increase is ‘business email compromise’ (BEC).
“Attackers use this method to impersonate an executive and convince employees to wire money to fraudulent accounts,” Das told Al Arabiya English.
“This has been an attractive attack method as significant numbers of individuals have been working from home or are isolated from their peers and other support.”
Mimecast researchers saw a massive 751 per cent increase in unsafe clicks during the first three months of year in the MENA region – many of which were likely used for financial gain. They also found a staggering 30 per cent jump in impersonation globally from January to April 2020.
“During times of heightened disruption there is often a general escalation in cybercriminals’ activity,” said Mr Das. “Increases in coronavirus-related spam and impersonation attack campaigns are exploiting the vulnerability of users working at home, taking advantage of their desire for information about the coronavirus pandemic to entice them to click on unsafe links.”
“Our Threat Intelligence center picked up 115000 COVID-19-related registered spoof domains in the first three months of the pandemic, many of these sites were being used to offer fake or non-existent goods such as protective masks or COVID-19 cures. The general fear and uncertainty of this year has offered criminals the perfect opportunity to exploit vulnerable people.”
Das said another example picked up by Mimecast’s Threat Intelligence center early in the pandemic was a flight-refund phishing email, which attempt to exploit individuals who were potentially seeking genuine recompense for holidays booked. The landing page requested personal details including payment details.
However, Das said regional organizations are growing increasingly wary of criminals exploiting their brands to target their customers, partners or the general public.
According to the Mimecast State of Email Security Report 2020, 74 per cent of organizations in Saudi Arabia and United Arab Emirates are concerned about a web domain, brand exploitation or site spoofing attack.
“Organizations can register lookalike domains and launch sophisticated attacks impersonating trusted brands that are nearly indistinguishable from the real thing,” said Das.
“It’s become common for malicious actors to use well known and trusted banks to trick people into handing over money or sensitive information.”
“The research showed that the UAE and KSA were on high alert with 54 per cent and 52 per cent of respondents’ organizations respectively, expecting web and email spoofing attacks to increase in the coming year.”
In October Mimecast ran an analysis of some of the UAE’s major banks and found the log in pages of two of them had been duplicated, said Mr Das.
“Several suspicious domains were uncovered for both of the bank’s URLs and they each had at least one live attack.”
“Banking customers that clicked on the malicious links were redirected towards another website impersonating the bank, that looked exactly like the real thing.”
“Criminals made use of homoglyphs, so the fake website URL was hard to tell apart from the legitimate one. The landing page also looked exactly the same. In these attacks, the ‘log in’ page is used to gather customer credentials, including the information they fill and their passwords. This information can be used by criminals to log into the user’s bank account.”
Clever tactics, human error
Another tactic used by criminals to ensure they can make several payments over a long period of time is to capitalize on times when the customer is out of the country, said Das.
“They can see when a customer is traveling abroad, either through social engineering, or by analyzing their banking transactions.
“The criminals know that if they choose to make the fraudulent transactions at this time, the account owner won’t receive notifications so the fraud will go undetected until they either check their bank statement or arrive back in the country.”
“Only then will they contact the call center at which time it’s too late. And with the downscaling of many call centers, it’s often difficult to get through to freeze any accounts, giving criminals extra time to wreak havoc. With all of this in mind, it’s becoming increasingly important for banks to protect their brands and ultimately their customers.”
Another key trend that continues to be relevant is human error, said Das.
“It’s involved in more than 90 per cent of security breaches.”
“Most organizations invest in a multitude of cybersecurity solutions to protect their corporate environments but don’t focus enough on their last line of defense – the human firewall.”
“With a distributed workforce and an abundance of scams doing the rounds, the cost of human error escalates, so organizations need to take steps to adequately prepare employees to spot these threats.
“Frequent, consistent, engaging content that humanizes security is an effective way to reduce risk inside the network and organization.”