There is a sad actuality that goes along with a major crisis, especially when they are global in nature – there will inevitably be people who will take advantage of it through various nefarious means.
COVID-19 is no different - scammers found new ways to gain access to our data, relieve us of our money and spread misinformation. So, not only do we have to deal with the COVID situation itself, but we also need additional vigilance to ensure we keep our data safe alongside our health.
Fear enables scammers
Social engineering is the use of sensitive or personal information, combined with the use of various means of persuasion to gain access to information or accounts.
COVID is a perfect tool for any engineer to obtain more information than we should ever openly give out. All they need is to call a person claiming that they are from a government agency and stating that you have been in contact with an infected person.
To most, it probably is scary enough to make us divulge things like social security information, credit card details for person verification, personal details etc. We’re prone to these mishaps when we’re afraid and tend to be our own enemies here.
But sometimes the best way to protect ourselves is to create multiple fail-safes to ensure we have more time to think, need more moves to react and can’t give out all of the needed info in a single slip of the tongue.
And getting an even half-way decent link to say test results, information on infections in your area or on how the service you are using is doing/what measures they are taking and how you are affected – can all be significantly more effective in triggering clicks that install malware, grant access to nefarious agents or rob us of access to our services under pain of relinquishing our hard-earned money to gain it back.
With fake news being a thing nowadays, the use of misinformation is more evident than ever. And if that information is shared by service providers you believe or frequent, you are much more likely to let it affect your decisions.
Even if the presentation of the content is lacking a bit in some regard – the relevancy of the content will most likely inhibit our critical thinking abilities.
Simple things have a big impact on security
So what can we as companies do to ensure our users are safer, better informed and less prone to giving out sensitive data?
The basics are actually pretty obvious – provide multiple layers of security, verify users actively and communicate proactively.
These steps don’t need to be radical, rather there are simple nuances to improve the already existing means of handling these situations, which increase the safety of the users significantly.
Two-factor authentication is pretty common nowadays. Multiple layers means that it’s significantly harder to gain access to your accounts and you have to directly enable someone’s access even if you accidentally spill your password.
SMS is a hassle-free way to add that layer. It’s easy to implement, the reach is immense and usability super easy. Here’s the full story on it.
Verifying customers and their phones is a great way to ensure that the person accessing an account and the device they use/the location they are accessing the service from is validated and secure. Number verification helps with that a lot and works pretty much like 2FA.
But you can also use number lookup to check numbers you send information to beforehand to ensure only the right recipients and active numbers get the information. This helps to ensure the message is received by the right people and them only.
Create trust
Creating trust is extremely important. Especially when creating content and triggers that resemble the genuine ones are rather easy.
Consistency in communication is key here – ensure that all channels deliver the same information and that the keywords associated are the same. The addresses remain the same and the sender names used remain the same.
Where possible, use alpha senders for SMS. These enable you to get your brand name or product name as the first thing they see. If it matches perfectly and can only be registered to you, the clients can be much more certain that the information shared is also valid.
Make sure all channels you have share a common thread of communication and that the clients know to trust only the information shared via the channels you deem as reliable and legitimate. This way you can keep accidental triggers and clicks to a minimum.
These trying times require us to be diligent in our communication and security efforts to ensure the safety of our users. Any crisis is going to be used to entice them to make decisions that will have adverse effects, we’re afraid and it’s normal.
Companies
need to make sure that measures are in place to ensure minimized access by
scammers, multiple layers of protection that buy time, and communication that
is trustworthy, timely and easy to access.