Membership is FREE!   Professional Designations for Business & Technology Professionals

Cybersecurity

Deception = Distraction + Decoy

2 Mins read

Deception is a two-part process involving a “distraction” and a “decoy”. For many Canadians, COVID-19 represents a multi-dimensional distraction that’s simultaneously impacting numerous aspects of life, and these distracting effects are especially pronounced when they stroke matters that mean most to their victims. There has been enough public education to date to assume that most of the general populace have learnt to harness some form of guardedness around disclosing personal and financial information. However, distractive triggers such as financial pressure, health & well-being angst, and pent-up frustration from being confined, can cause many to inadvertently lower their guards. And yes, the hackers are well-aware of this and have come up with their latest human-based attack vector- mimicking the Canadian federal government, targeting its citizens.

Imagine that your income has been negatively affected by COVID-19 and you apply for the Canadian Emergency Response Benefit (CERB). You have not heard back on your application and so you call the 1-800 number from the website, only to find that you either can’t get through, or you’ll be on hold for an extended period of time due to higher call volumes and reduced staff. You choose to hold, and 30 minutes in, your 10-year-old daughter calls for homework help. You tell her you’re busy, but she insists. You sense her urgency and frustration and so you hang up and decide to try again tomorrow, knowing full well that the chances of an improved outcome is zero. Later that evening, you receive an SMS message stating that you can check the status of your CERB claim by visiting a linked site. The language looks legitimate and so you clicked on the link. You then land on a site that looks identical to the one where you submitted your application. The instructions, written in perfect government-esq language, with the Canadian federal government logo situated next to it acting as a subliminal endorsement, asks you to enter your name and financial information before they can retrieve your file. You say to yourself, “This seems legitimate, and it is reasonable for them to ask for my credentials before retrieving my file… right?”

This example is not fictitious. It was one of many decoys hackers paired with the COVID-19 distraction. In fact, this particular example was listed as a “notable COVID-19 lure” in Canadian Centre for Cyber Security’s (CCCS’s) report titled: Cyber Threat Bulletin: Impact of COVID-19 on Cyber Threat Activity.

The concerning part is…

Read The Full Article

Related posts
BlockchainCybersecurity

Bitcoin: $1bn seized from Silk Road account by US government

1 Mins read
More than $1bn (£772m) in Bitcoin linked to the notorious Silk Road website has been seized by the US Department of Justice…
Cybersecurity

Over 200 Documented Blockchain Attacks, Vulnerabilities and Weaknesses

3 Mins read
By Kurt Seifried, Chief Blockchain Officer at Cloud Security Alliance Blockchain attacks are very hot right now for one simple reason: it’s…
Cybersecurity

The CISO’s Dilemma: Balancing Security, Productivity With a Housebound Workforce

3 Mins read
How are CISOs managing the tug-of-war between IT security and worker productivity in this new, remote-first era? Before the pandemic, remote work was already…
Join BIZTEK

Yes, I have read and live by this Code of Ethics - https://biztek.org/code-of-ethics/. We are BIZTEK, located in Mississauga, Ontario. Business Certification is an important part of doing business in Canada. Join us to set new standards and professionalism to the technology sector. We will email you regarding issues that affect business and technology professionals in Canada. Contact us at info@biztek.org or call us at 647 499 2744. You can unsubscribe at any time.