The coronavirus pandemic is spreading to both real and virtual space. Domain names with the words ‘corona,’ ‘covid’ and many others are increasingly being used by cyber frauds to take advantage of internet users.
These are websites that contain unverified information about the disease or that distribute fake medicine. The ‘coronavirus’ domains can be used to distribute mail with malicious attachments, links or fake messages, for instance, on behalf of the WHO or the centers for disease control and prevention to collect donations for those infected.
But the main threat for internet users is phishing, whose goal is to obtain bank details, passwords and other personal data, 55 percent of online security experts said in a survey done by Dimensional Research.
Malicious websites take second place (32 percent) and various malware rank third (19 percent).
Russian cyber frauds have also joined the malicious campaign. By April 9, 2,889 domain names that use the words ‘corona,’ ‘covid’ and ‘virus’ had been registered in the Russian national domains .RU and .РФ. Thus, in the two weeks since the last survey on March 27 the number of ‘coronavirus’ domains has doubled: from 1,634 domains. Most registrations were made on April 2, probably due to the address by Russian President Vladimir Putin.
How to protect yourself from cyber frauds during this pandemic and in the future? Here are some useful hints from cyber security experts:
- Install an antivirus system on each device connected to the internet (smartphone, tablet or PC)
- Only provide your login and banking information to those websites that support secure protocols (the address must begin with https://)
- Be careful when receiving a message with information about the coronavirus: check whether the URL in the message corresponds to its content (to do so, point the cursor at the link while not clicking on the mouse: the real URL will be shown in the lower left-hand part of the screen)
- Do not open executable files (for instance, those with .exe extension) you receive from unknown addresses
- Search for information about the coronavirus on official sources. In Russia, the official website “to inform citizens about the coronavirus (COVID-19)” is located at стопкоронавирус.рф.
The Coordination Center for TLD .RU/.РФ is monitoring the situation regarding the growth of cyber fraud against the backdrop of the spread of COVID-19, and is doing its best to reduce the number of cases of abuse in DNS. In particular, it is coordinating the activity of organizations in charge of the detection of violations in Runet as part of the Netoscope research and technical cooperation project. Among these organizations are Kaspersky Lab, the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), Group-IB, RU-CERT, Bank of Russia and some others. They provide the Coordination Center and accredited domain registrars with information about resources with illegal content, phishing and botnets in .RU and .РФ. Registrars have the right to cancel the delegation of such domain names.