Hackers are exploiting the great deal of anxiety over the coronavirus and the shift towards work from home, J Kesavardhanan, Founder and CEO of IT security firm K7 Computing said in an interview with BusinessLine . Edited excerpts:

Has the risk of cyber threats to individuals increased as a result of the coronavirus and tensions along the border?

Cyber threats to individuals have definitely increased as a result of the coronavirus. There is a great deal of anxiety over the coronavirus, which makes people exercise less than usual prudence when clicking on a link or opening an attachment in their haste to get the latest news. This is exploited by cybercriminals who create links that lead to malware or apps that offer something related to Covid-19, such as face masks or tests, and steal users’ sensitive information and credentials.

Many individuals are also working from home without the protection of enterprise IT infrastructure, but are still accessing enterprise data and networks. This is also an opportunity that hackers are keen to exploit. We have recorded a 260 per cent increase in cyber attacks since the lockdown began, which illustrates how threat actors are rushing to take advantage of the current situation.

What are the new-age financial frauds that customers need to be aware of and how can they safeguard themselves?

The underlying nature of fraud tends to remain the same, though the technology used to implement fraudulent schemes may evolve along with the rest of the technology ecosystem. Having said that, cybercriminals can combine different methods to create new ways to defraud people. For example, we came across a sextortion scam that combined Bitcoin, ransomware, and the potential for people to have embarrassing browsing histories when confined to home during the lockdown.

The pandemic is on everyone’s mind which has led to Covid-19 themed attacks, such as fake ads and banking trojan mobile apps that disguise themselves as a coronavirus map to steal user’s information or offer information on infected people around the user for a small amount and then steal the user’s card details when they make the payment.

Rather than looking out for specific characteristics to spot frauds, which criminals can vary quite easily, we urge users to bolster their defences by keeping their devices, applications, and cybersecurity products updated with the latest patches and definitions, exercising scepticism, and only installing and using applications from authorised sources.

What are the different kind of threats that one should be wary about in mobile banking, online payments, UPI?

Banking trojans are a big threat in mobile banking as they can convincingly impersonate a legitimate banking app and steal the victim’s banking credentials and even OTPs to empty their bank accounts. Similar risks exist in other forms of online payments where fake websites can look like the real thing, and malicious links can be disguised to appear legitimate.

UPI scams often take advantage of users’ unfamiliarity with how UPI works by asking them to enter their UPI PIN where they should input their ID, or using a UPI ID that very closely resembles a legitimate ID to collect payments meant for someone else. Customers of fintech services may be targeted by KYC scams where they are asked to enter their personal information in a fake KYC website or requested to download a malicious app under the guise of KYC verification.

Users can protect themselves by being careful about what apps they install, ensuring they only install apps from the official app stores, using effective mobile cybersecurity, and following the official social media accounts of financial services providers for authorised information. Users should also check all details related to a transaction before making a payment such as the requester’s full email ID, any link they need to click on, the URL of the website through which they are making a payment, the UPI ID to which they are making the payment, and whether they expected to make such a payment. An anomaly in any of these could indicate a scam and further verification may be required before proceeding with the transaction.

What kind of financial fraud, in your view, poses the biggest risk to in these current times?

Any financial fraud that relies on phishing poses a big risk in today’s world. This is because phishing uses social engineering to gain the victim’s trust and then persuades them to perform an action that is antithetical to their interests, such as transferring funds to a cybercriminal impersonating a person they know or have reason to trust. Such attacks are particularly dangerous because they target the user rather than the device, and the victim is likely to override warnings from their cybersecurity product as they are convinced that their actions are safe.

What is the redressal available for victims of fraud?

Victims can file a complaint at the National Cyber Crime Reporting Portal and file an FIR with the police. Frauds perpetrated through the banking system should be reported to the bank immediately. Redressal will depend on the type of fraud and how it was carried out but it should be remembered that cybercriminals are not easily restricted.

comment COMMENT NOW