Zoom, a video conferencing software company has had huge number of users flock to it recently due to the coronavirus pandemic. As more people work from home, Zoom use has exploded. But Zoom has recently come under fire for numerous privacy and security issues. Vulnerabilities are being discovered, and cybercriminals are taking advantage of the spike in its usage by registering new fake “Zoom” domains and malicious “Zoom” executable files in an attempt to trick people into downloading malware on their devices. To make matters worse, lack of end-to-end encryption makes it even more difficult to keep users safe. Zoom falsely claimed for years that it was using end-to-end encryption.
To safe guard yourself from those security issues, ensure that apps are kept up to date, use waiting room options, take control over screen sharing, use random meeting IDs and set meeting passwords, make some rules of etiquette and stick to them, look out for emails from unknown senders and lookalike domains that contain spelling errors and order goods from authentic sources.
During the week under review, popular webhosting company, Godaddy.com suffered a phishing attack that enabled the cyber criminals to view and modify customer details and change domain settings for half dozen Godaddy clients including transaction brokering site escrow.com. Hackers phished employee login details in order to gain access and redirected DNS records to a third party website in Malaysia.
As a preventive measure users are advised to consider using two factor authentication, password managers, registry lock, and to review security settings and monitor issuance of new SSL certificates for domains to enhance security.
As nations around the world race to contain the COVID-19 pandemic, many are deploying digital surveillance tools, and even using counter terrorism technologies, as a means to exert social control over their own citizens. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to hinder the spread of the virus; but there are fears that it could lead to more invasive forms of government snooping later. There are fears that widespread use of those technologies may alter the precarious balance between public safety and personal privacy on a global scale. We must ensure that data collected for these purpose is not repurposed for either governmental or commercial ends.
Finally, the Nigerian National Information Technology Development Agency (NITDA), during the week under review said that are some fraudulent and fake websites trying to capitalize on the COVID-19 pandemic to defraud unsuspecting Nigerians via various phishing tricks. One of such tricks requires users to complete an online form with their personal information including bank details, in order for them to receive weekly payment of allowances for observing the ‘Stay at Home’ directive.
Similarly, the Nigerian Communications Commissions (NCC) has also exposed the activities of cybercriminals who attempt to scam telecom consumers and the general public by creating suspicious websites asking Nigerians to apply for free 20GB internet data by clicking a web link in order to defraud them.
Citizens are advised to avoid clicking suspicious links, disregard offers requesting for bank details and sensitive personal information, and report such websites to appropriate authorities.