Deception = Distraction + Decoy

29-May | Written by Steve Tso • Founder, Cyber Business Review • Victoria, BC

Deception is a two-part process involving a “distraction” and a “decoy”. For many Canadians, COVID-19 represents a multi-dimensional distraction that’s simultaneously impacting numerous aspects of life, and these distracting effects are especially pronounced when they stroke matters that mean most to their victims. There has been enough public education to date to assume that most of the general populace have learnt to harness some form of guardedness around disclosing personal and financial information. However, distractive triggers such as financial pressure, health & well-being angst, and pent-up frustration from being confined, can cause many to inadvertently lower their guards. And yes, the hackers are well-aware of this and have come up with their latest human-based attack vector- mimicking the Canadian federal government, targeting its citizens.

Imagine that your income has been negatively affected by COVID-19 and you apply for the Canadian Emergency Response Benefit (CERB). You have not heard back on your application and so you call the 1-800 number from the website, only to find that you either can’t get through, or you’ll be on hold for an extended period of time due to higher call volumes and reduced staff. You choose to hold, and 30 minutes in, your 10-year-old daughter calls for homework help. You tell her you’re busy, but she insists. You sense her urgency and frustration and so you hang up and decide to try again tomorrow, knowing full well that the chances of an improved outcome is zero. Later that evening, you receive an SMS message stating that you can check the status of your CERB claim by visiting a linked site. The language looks legitimate and so you clicked on the link. You then land on a site that looks identical to the one where you submitted your application. The instructions, written in perfect government-esq language, with the Canadian federal government logo situated next to it acting as a subliminal endorsement, asks you to enter your name and financial information before they can retrieve your file. You say to yourself, “This seems legitimate, and it is reasonable for them to ask for my credentials before retrieving my file… right?” 

This example is not fictitious. It was one of many decoys hackers paired with the COVID-19 distraction. In fact, this particular example was listed as a “notable COVID-19 lure” in Canadian Centre for Cyber Security’s (CCCS’s) report titled: Cyber Threat Bulletin: Impact of COVID-19 on Cyber Threat Activity.

The concerning part is that the above was not the only lure deployed, nor was it one of a few. The same CCCS report states that “As of 27 April 2020, CCCS was aware of over 120,000 newly registered COVID-19 themed domains, a large proportion of which was considered malicious or related to fraudulent activity”, and “As of 27 April 2020, CCCS was aware of over a thousand malicious imitations of Government of Canada (GC) websites using COVID-19-themed lures and provided information to initiate their take down. Most of these malicious impersonations were related to Canada Revenue Agency (CRA) and the Canadian Emergency Response Benefit (CERB)”.

Hackers know how we think and feel, and they’re very good at connecting the dots to predict our reactions. The result is a series of sophisticated scams engineered to tug at our most innate triggers with precision timing and relevance, enticing us to unknowingly lower our guards while they steal our information.

So how should we best protect ourselves? According to Scott Jones, Head of the CCCS, there are several ways for the public to screen for nefarious websites pretending to be Canadian federal government sites:

1. Check the site for certification. If it doesn’t have a security certificate, chances are it’s fake

2. Scroll up and review the website domain. All Canadian federal government websites end with either “canada.ca” or “gc.ca”. Anything aside of these two domain endings is not a Canadian federal government website

3. Rather than clicking on email or SMS links that take you directly to supposed government pages, go to the main government site and either use the search feature, or navigate through the site itself to reach the page you’re looking for

About the CCCS

The CCCS is helping Canadians identify and combat cyber crime. It’s important to note that the CCCS is not a regulatory body, nor is it a part of law enforcement. Instead, it is an unit under the Communications Security Establishment (CSE) agency of Canada, that is responsible for monitoring threats and coordinating the national response to any cyber security incident. Read more about the CCCS at www.cyber.gc.ca.