CORONAVIRUS | Internet connectivity can be both a boon and a bane to those who are restricted from going out and doing their normal daily activities during the movement control order (MCO) period.
With connectivity, employees are able to work from home and businesses can operate online as people are confined to their homes in a bid to flatten the curve of Covid-19 cases.
However, due to the spike in Internet usage, black hat hackers are using their computer skills to obtain data from users and encrypted data, causing security breaches through various ways including phishing.
Phishing is a cybercrime in which the target (or targets) is contacted by email, telephone or text message by someone posing as a legitimate institution to lure the individual into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
From fake video conferencing applications to applications linked to the government such as the Prime Minister’s Office as well as Bank Negara Malaysia, the hackers are finding loopholes to capitalise on the spike of Internet usage.
CyberSecurity Malaysia, through the Malaysia Corporate Emergency Response Team (MyCert), has published several guidelines to advise Internet users to minimise the risk of being attacked and losing their personal data.
On video conferencing, it said that most video teleconferencing (VTC) providers have already enhanced their applications according to security reports as evaluated by security practitioners.
“As for the users, they are reminded to only use the latest version of VTC and security software, only download software from its official website or official app store, update regularly the software to its latest version, never share confidential information during a meeting as well as avoid discussing any confidential information to prevent leakage,” it said.
It also reminded people to enable non-recordable videos and audios, and limit file sharing, do not share or publish the conference ID and URL sent by the organiser, log out from the application when you finish the meeting and, if something is suspicious, log out from clients VTC immediately.
This is an important reminder, as thousands of people worldwide have reported that their data had been stolen and company security had been breached via a free video-conferencing application, Zoom.
Based on an email sighted by the National Security Council (NSC), the application does have its flaws that allow hackers to manipulate the software to enable third parties to eavesdrop a teleconference.
Taiwan has just become the first country to ban all official use of Zoom and is also the first to impose an outright ban on the popular video-conferencing application over security concerns.
However, Zoom is not the only application targeted by black hat hackers to do their dirty jobs.
Check Point, a cyber-security company, has found that Zoom was not the only platform to be targeted by cybercriminals, with phishing sites found to be masquerading as Google Classroom used to trick students.
Besides video conferencing issues, malicious mobile applications have also sprouted out like mushrooms, using phishing to capitalise on people’s need to access government agencies to obtain information on the Covid-19 situation as well as the aid being disbursed.
MyCert is advising all Malaysian citizens not to share personal or financial information in an email. They also should not respond to email solicitations for confidential information or simply click on links provided.
Instead, they are advised to verify with the sender or with agencies that can help, and to only use trusted sources such as legitimate government websites for up-to-date, fact-based information.
Since the MCO was implemented, text messages sent by the government on all the efforts taken to combat Covid-19 as well as financial aid information and many others will be tagged as MKN by the service provider.
Users should be vigilant and not fall victim to the cyber black holes.
Minimise risks by not saving financial details, especially card numbers, on online shopping sites.
Absolutely avoid linking any of your details to your social media accounts, never conduct banking activities using an open WiFi signal, never share your card details, transaction authorisation code (TAC) or one-time password (OTP) details with anyone.
Remember, our phones and laptops with an Internet connection can help kill our boredom during the MCO, but it can also open a lot of doors for irresponsible hackers to capitalise on our weaknesses during these times.
Keep up with the latest information on the outbreak in the country with Malaysiakini's free Covid-19 tracker.
Malaysiakini is providing free access to the most important updates on the coronavirus pandemic. You can find them here.
Help keep independent media alive - subscribe to Malaysiakini.