As people and businesses adapt to work-from-home as the ‘new normal,’ businesses are speeding up their digital transformations and cyber security has become a major concern. If cyber security is ignored, the consequences for corporate reputation, operations, legality, and compliance could be severe. The coronavirus pandemic and the ensuing lockdown resulted in a majority of the world being trapped at home, with many more hours to spend online each day and a growing reliance on the Internet to receive goods and services that before they would have obtained ‘offline’. Even children are spending more time online for school.
This digital-lifestyle sea-change has resulted in a corresponding increase in cyber-crime. More people spending more time online, combined with a sense of detainment, anxiety and fear generated by global lockdowns, has provided more opportunities for cybercriminals to cause disruption and reap profits.
Between February and May 2020, more than half a million people were affected by data breaches in which their personal information was stolen from a video conferencing platform and sold on the dark web.
The use of common cybercrime methods like phishing has increased. Phishing is the deceptive tactic of tricking people into giving up personal information like passwords and credit card numbers by using bogus websites or emails. Information obtained by Google and evaluated by Atlas VPN, a virtual private network (VPN) provider, shed light on the scale of these crimes. According to the data, Google recorded 149,900 active phishing websites in January 2020. That number nearly doubled to 293,000 in February. By March, that number had risen to 522,000, a 350 per cent increase in just three months.
The increase in online traffic has also heightened new web-based exploitation tactics, including bogus charity fundraising, and numerous medical scams. Despite the increased demand for technology, many companies and schools still do not provide a ‘cyber-safe’ remote-working environment.
Cybercrime in Pakistan
The full impact of the coronavirus pandemic has yet to be determined, but it has already confronted Pakistan with numerous new obstacles. The Covid-19 outbreak in Pakistan exacerbated crucial economic constraints as well as governance and internal security issues. The outbreak also ushered in a slew of changes involving organised crime and non-state actors, necessitating increased vigilance to track these trends.
In April 2020, six Nigerian gangs were apprehended for defrauding Pakistani citizens, particularly rural internet-users living in villages, by promising them millions of dollars. That same month, a major data breach affecting 115 million mobile users was uncovered. Late Senator Rehman Malik had responded by directing the Federal Investigation Agency (FIA) and Pakistan Telecommunication Authority (PTA) to investigate and report on darknet data sales.
In response, the PTA has warned against using public Wi-Fi networks, while the FIA and financial institutions have started social-media awareness campaigns.
In August 2021, the website of the Federal Board of Revenue (FBR) was hacked, exposing the most sensitive of information. In June of last year, the music streaming website ‘Patari’ was also hacked and cyber-criminals released the personal information of 257,000 members on the dark web.
Parents are also rightly concerned about their children being targeted for personal information, private photos, and financial information. The FIA’s Cyber-Crime Wing (CCW) issued new precautionary guidelines, suggesting that minors’ internet connections be closely monitored by parents.
Despite a 40 per cent rise in internet usage since the start of the pandemic, which means an increased risk of e-crime, the FIA initially claimed that cybercrime in Pakistan had reduced due to the CCW’s ‘successful actions’. Many business owners disputed this claim, attributing their own anti-fraud tactics, such as using separate bank accounts, for deterring cybercrime. More recently, the FIA reported a record increase in the number of cybercrime cases, with 8,500 complaints in January 2022 alone.
Cyber-crime and the Financial Action Task Force (FATF)
In the early months of the pandemic, the Financial Action Task Force (FATF) had granted Pakistan a three-month extension to submit its compliance report due to the pandemic’s massive impact on the country’s economy. The revised deadline, set for September 2020, meant to give the administration more time to stabilise the economy and implement meaningful anti-money laundering and anti-terrorist funding measures.
Pakistan seemed to have taken steps to meet FATF regulations. Following a brief lockdown, the Ministry of Interior began working on one of the FATF’s top priorities: creating a database to combat money laundering and terrorism funding. In the meantime, Prime Minister Imran Khan had tried to launch a controversial tax amnesty programme that allowed people to invest in the construction sector – however the FBR axed the scheme the following year. Economists were concerned that the new programme would generate problems with the FATF, which had previously warned that criminals could use the pandemic to commit financial fraud and exploit scams.
Many names were also removed from Pakistan’s National Counter Terrorism Authority’s watch list, which was created to assist financial institutions avoid doing business with terrorism suspects. According to a Pakistani official from the interior ministry, the list needed to be revised since it had become ‘bloated with many inaccuracies’.
Despite encouraging results like narcotics seizures and a purported decreases in cybercrime, caution must be exercised to prevent criminals from profiting from these difficult times. Recent government actions represent a red flag that must be closely monitored.
