Fraud is nothing new. What is new is the significant increase in cyberattacks that use social engineering to exploit victims’ vulnerabilities—particularly since the first COVID-19 cases emerged in Portugal and the resulting confinement measures were put in place.
Fraud is nothing new. What is new is the significant increase in cyberattacks that use social engineering to exploit victims’ vulnerabilities—particularly since the first COVID-19 cases emerged in Portugal and the resulting confinement measures were put in place.
These attacks may arrive via email, phone calls, or even social media. Messages may appear fully tailored and personalized to you. However, it is essential to exercise extreme caution when managing the information you receive—and even when sharing information.
That said, we strongly recommend remaining especially alert whenever you receive spam emails with commercial appeals, SMS messages from unknown sources containing suspicious links, or requests to change confidential data (such as login credentials or PINs).
We also share the following recommendations:
-
Keep your antivirus software up to date, as it protects your computer from malicious attacks by scanning installed programs and incoming emails.
-
Use a firewall. A firewall filters incoming and outgoing internet traffic, reducing the risk of unauthorized access or viruses.
-
Requests for personal data should always be validated directly with the institution involved and should never be shared via phone, email, or SMS. If you suspect any unusual situation, immediately change your email password and update it across all platforms where it is used.
-
Pay close attention to the sender’s email address, checking for extra or altered characters (such as dsttelecom or dstelecom1).
-
Receiving an email from someone you know does not necessarily mean they sent it. Their computer may have been compromised by malware that sends emails to all contacts. If you receive a suspicious email from a friend or colleague, confirm it by calling them.
-
Avoid suspicious links. If there is a button or text link, hover your mouse over it before clicking to verify the destination page.
-
Avoid using insecure Wi-Fi networks (public hotspots). Public networks may lack essential security resources such as antivirus or firewalls.
-
Protect access to your smartphone in case of loss or theft by setting a password.
-
Do not use the same password for all websites. Choose a strong password (lowercase and uppercase letters, numbers, punctuation, and special characters) and change it periodically.
-
Only connect to Wi-Fi networks you know and trust.
According to the Cybersecurity Observatory Bulletin of May 2020, published by the National Cybersecurity Center, there was a 217% increase in phishing incidents reported to cert.pt between February and March. These phishing campaigns took advantage of confinement to imitate high-demand digital services, such as home banking, streaming platforms, and online stores.
The same source highlights the most commonly reported types of attacks:
-
Phishing attacks using the names of health-related organizations to capture personal data;
-
Malware distributed via email or DNS redirection;
-
Applications claiming to offer COVID-19-related functionalities but distributing malware, including ransomware in some cases;
-
Digital fraud schemes collecting donations through crowdfunding for the false purchase of medical supplies;
-
Fake websites or fraudulent offers selling medical equipment;
-
Sale of COVID-19 kits on the dark web;
-
Disinformation campaigns blaming minority groups or states for the pandemic;
-
Ransomware attacks targeting essential services.
Stay alert. Stay safe.
Connected to the world—but securely.
