Covid-19 Corporate Cyber Scams The Need for Strong Biometric Authentication
Covid-19 has seen cybercriminals rapidly adapt their traditional targets and techniques to exploit the unprecedented environment we now experience. The need for strong authentication to protect digital channels and assets is now more critical than ever before, as the “new normal” evolves.
The Covid-19 pandemic and its impacts on everyday work and life has caused much disruption, confusion and anxiety. These are conditions that are perfect for cybercriminals to exploit with new phishing campaigns in particular, aimed at obtaining information and credentials that can be used for nefarious purposes.
In the “new normal”, many office workers now work from home, a situation not planned for and one where policies, procedures and security may not have been properly established. Payment relief from banks, subsidy benefits from governments, updates on restrictions, testing, education etc. are all new and unprecedented, and anxious citizens may be easily fooled by fake government and banking websites, emails and other correspondence.
The Australian Cyber Security Centre (ACSC) has seen an increasing number of scams targeting people working from home. These include social engineering techniques allowing the home worker to give the cybercriminals access to their device to “fix an issue”, as they may well do to a genuine IT technician.
Another scam is an email purporting to come from your employer’s IT Help Desk. It contains a link to a new “corporate” portal that requires your corporate username and password. Once the cybercriminals have those credentials, they have access to you company’s corporate network. It is entirely plausible in today’s home working environment that the IT Help Desk might be putting in place new procedures and portals. Would an employee want to be frozen out by not complying?
Just as with banking phishing scams that obtain usernames and passwords to empty online banking accounts, there will always be people who fall prey to these attacks, so the prevention is not concerned with protecting the credentials, rather making them useless when inevitably stolen.
Strong authentication renders stolen credentials useless without the additional security factor(s). Some are better than others, but with so many workers at home, any workable solution must not require physical provisioning or deployment. And because workers are in an uncontrolled environment, unlike a corporate office, a solution must be able to prevent stolen/hacked proxies from gaining access.
The only form of strong authentication that provides identity assurance is biometric authentication. It assures the identity of an actual person, as distinct to assuring possession of a piece of information by someone, such as a family member. ValidSoft’s voice biometric authentication for remote access, regardless of the access mechanism used, solves both the short and long-term requirements of affecting an immediate workable security solution and having in place a contingency solution post-pandemic, that can be enacted immediately when the next unforeseen crisis occurs.
Requiring no specialist hardware whatsoever, not even specific models of smartphones, capable of remote enrolment and providing the highest accuracy of any biometric modality, ValidSoft’s voice biometric authentication solutions for secure remote access, regardless of channel, is the most secure, cost-effective and user-friendly way to overcome the scourge of the Covid-19 cybercriminal.