Worldwide, the preferred means for distributing disinformation about COVID-19 was WhatsApp, followed by Facebook and Twitter, with the online press and Instagram closing the top-5, the same happening in the case of Portugal.
Highlight for Telegram, which now has a fundamental role in the distribution of misinformation, through the creation of channels and groups with thousands of users (less impact on its production capacity). Instagram, on the other hand, due to the type of content created and disseminated, is beginning to assert itself as an important agent in content creation. This bet is also due to the difficulty of algorithms in detecting misinformation in multimedia content format.
Last year, S21sec identified a set of cybersecurity risks arising from the existence of misinformation about the pandemic, impacting various sectors. From campaigns of discrediting and defamation of institutions, companies and brands (e.g. SNS, pharmaceuticals, telecommunications, etc.), as well as Phishing attacks – potentiated by the distribution of false information about the disease, confinement/decontamination rules and vaccination – with the objective of obtaining information from people and organizations and, thus, leveraging attacks such as ransomware or confidential data exfiltration to potentiate extortion crimes are some of the identified risks.
In disinformation campaigns detected all over the world, Portuguese ranks second among the 20 most popular non-English languages in which posts about Plandemic or Judy Mikovits were produced, with a record of 1,278 references, behind Spanish which leads largely with 3,995 references and the Italian closing the top-3 with 1,178 detected references.
S21Sec detected that the cases of disinformation with the greatest impact were produced by alternative media, which become producers of influence campaigns, then using various disinformation techniques with references to official content to give credibility to the discourse and, later, published in the social networks and communication channels, increasing the audience and impact of the content.
“The messages with alarming content are the ones that first impact citizens, increasing the flow of misinformation among users of new technologies and becoming a potential public risk. In addition, this type of content is also used to attack organizations, so it is important to bet not only on training employees to be alert, but also on the adoption of appropriate technological solutions for each case.” says Hugo Nunes, Threat Intelligence Team leader at S21sec in Portugal.
Recommendations not to be influenced by misinformation
As users of social networks and websites it is important to:
- Be suspicious of unofficial sources;
- Use institutional and public entity information;
- Prove (with double verification factor) the most impactful information;
- Do not contribute to the distribution of disinformation.
As for entities, whatever their nature, it is essential:
- Have a threat monitoring plan;
- Establish a clear corporate/institutional communication policy;
- Use institutional and public sources to distribute information;