We invite you to consult our dedicated page with resources on cybercrime and COVID-19.
The COVID-19 pandemic renders individuals and society extremely vulnerable in all respects. During this crisis, we all rely more than ever on computer systems, mobile devices and the Internet to work, communicate, shop, share and receive information and otherwise mitigate the impact of social distancing.
There is evidence that malicious actors are exploiting these vulnerabilities to their own advantage. For example:
- Phishing campaigns and malware distribution through seemingly genuine websites or documents providing information or advice on COVID-19 are used to infect computers and extract user credentials.
- Ransomware shutting down medical, scientific or other health-related facilities where individuals are tested for COVID-19 or where vaccines are being developed in order to extort ransom.
- Attacks against critical infrastructures or international organizations, such as World Health Organization.
- Ransomware targeting the mobile phones of individuals using apps that claim to provide genuine information on COVID-19 in order to extract payments.
- Offenders obtaining access to the systems of companies or other organisations by targeting employees who are teleworking.
- Fraud schemes where people are tricked into purchasing goods such as masks, hand sanitizers, but also fake medicines claiming to prevent or cure SARS-CoV-2.
- Misinformation or fake news are spread by trolls and fake media accounts to create panic, social instability and distrust in governments or in measures taken by their health authorities
Everyone will need to be extra-cautious and reinforce security measures. See for example, the information provided by Europol, including guidelines on how to make your home a cyber safe stronghold (information available in several languages) and the safe teleworking tips and advice, as well as the tips on cybersecurity when working from home shared by ENISA. The COVID-19 Pandemic – Guidelines for Law Enforcement, issued by INTERPOL will be useful for criminal justice practitioners.
Criminal justice authorities need to engage in full cooperation to detect, investigate, attribute and prosecute the above offences and bring to justice those that exploit the COVID-19 pandemic for their own criminal purposes.
With the Budapest Convention a framework for effective cooperation with the necessary rule of law safeguards is available to 65 States. As a result of capacity building programmes, many States should now be able to act.
It is also clear that additional solutions are required to address future crises. Capacity building for criminal justice authorities must be further enhanced. And the 2nd Additional Protocol to the Budapest Convention that is currently under negotiations will be crucial to permit instant cooperation in urgent and emergency situations.
The Council of Europe – like many other organisations – has decided to apply extraordinary measures to limit the spread of the virus and reduce risks to staff and experts. Activities on cybercrime involving physical meetings or international travel as well have been postponed. However, we cannot afford to have our efforts on cybercrime come to a standstill. The staff of the Secretariat of the Cybercrime Convention Committee in Strasbourg and of the Cybercrime Programme Office (C-PROC) in Bucharest continue to work remotely and through video-conferencing to support partners and to advance in our common efforts against cybercrime.