Avoiding cybercrime during COVID-19
29 May 2020
Cyber security experts are using artificial intelligence to combat a rise in online scams and fraud during the COVID-19 pandemic.
The increase in the number of scams came as many people were forced out of their workplaces and into working-from-home arrangements, compromising the security of their devices, according to Professor Iqbal Gondal, Director of Internet Commerce Security Lab (ICSL) at Federation University Australia.
Compounding the problem has been the rise in online banking and shopping as the restrictions were introduced.
“This has created a lot of opportunities for cyber criminals and we have seen a rise in banking-related and online scams. We have seen examples of car sale scams and people selling products touted as treatments for COVID-19, even though these products obviously don’t work,” Professor Gondal said.
“There are various types of scams, like romance scams, where someone will try to develop a relationship with a victim when in fact all they want to do is steal their funds. So our work has been very much following the journey of the scam, from the beginning until the end, and where there could be various signs that this is a scam and looking at the model that has been adopted by the scammers.”
Information on the Australian Competition and Consumer Commission’s Scamwatch website shows more than 2,700 scam reports mentioning the coronavirus have been made, with more than $1 million in reported losses since the outbreak of COVID-19. Common scams include phishing for personal information, online shopping, and superannuation scams.
Professor Gondal said ICSL researchers worked with publicly available datasets, with the information showing that many scammers typically pretended to be legitimate businesses.
A second key area of research for ICSL is working with partner Westpac to combat banking fraud. Artificial intelligence is playing a key role in identifying the frauds, with techniques developed at ICSL identifying where and how the crimes were happening.
“Normal emails and fraudulent emails – where someone is trying to get our details through a web link – can be difficult to tell apart. With artificial intelligence, particularly machine learning, it can learn from the previous experiences about what was a normal email and what has been fraudulent,” Professor Gondal said.
“When new emails come in, our trained algorithms will identify if it is a phishing email, or another scam, or if it's just a normal message.
“The artificial intelligence can make quick decisions with a high degree of accuracy. But its accuracy depends largely on how we train it, so if that data was to be manipulated by cyber criminals, that's another game altogether and a very advanced type of cyber-attack that we also have to guard against.” Professor Iqbal Gondal
Professor Gondal said there were several steps people could follow to avoid becoming victims of the cybercrime.
“The most important is education. We need to educate ourselves that any information that we receive must be treated with suspicion because if it's unsolicited information and it’s offering us some type of reward, that is very much the first indicator. Branded products which are normally expensive, but are being offered at much cheaper prices, that's another strong indicator that these messages should be avoided," Professor Gondal said.
“And if the information is received from the Australian Tax Office, or from superannuation funds, or from government, for example, because there are many new government initiatives that have come up, these messages should be treated with caution because these departments or institutions will never ask for personal information and if people are suspicious, we should absolutely call the department or the institution to verify it.
“So any unsolicited information should be treated with great caution. We must always keep our devices secure and make sure they're updated with the latest security software, with well-protected passwords. Education is very important, and even if these scams are not related to us, we should report these to the organisation being targeted and to the Scamwatch website.”
Federation University has designed a Master of Applied Cyber Security (MACSec) in consultation with industry to prepare the workforce for the future. This program will be offered in 2021.
