What’s happened?
The Australian Cyber Security Centre (ACSC) is has been receiving numerous reports from Australians. Who are being targeted with COVID-19 related scams and phishing emails. Over 140 reports were received by the ACSC. The Australian Competition and the Consumer Commission’s (ACCC) from individuals and organizations across Australia under three months.
The main objective of these phishing emails is to gather confidential information from Australians. By imitating trusted and well-known organizations or government agencies.
The phishing emails or messages include a malicious link. Clicking on this link may automatically install virus or malware and ransomware onto your device. Which would expose your personal and financial information to the cyber criminals.
These scams are likely to increase over the coming weeks and months. The ACSC strongly encourages organizations and individuals to remain alert.
Here are some examples of what to look out for now:
Example 1: COVID-19 phishing email impersonating Australia Post to steal personal information
These emails act as a deception of providing guidance about travelling to countries with confirmed cases of COVID-19. The cyber-criminal aims to trick you into visiting a website that will steal your personal and financial information.
Once they have acquired your personal information. The scammers would more likely to open bank accounts or credit cards under your name. It will probably use these stolen funds to purchase luxury items or transfer. The money into untraceable crypto-currencies such as bitcoin.
Example 2: Phishing emails pretending to be an international health sector organization
In this example, the cybercriminal pretends to be a well-known international health organization. The email encourages you to click on the malicious web link in order. To access information about new cases of the virus in your local area. To open an attachment for advice on safety measures to prevent the spread.
Example 3: Phishing emails containing malicious attachments
This examples includes a phishing email. Which is sent by imitating the World Health Organization and prompts. You to open an attachment for advice on safety measures to prevent the spread of COVID-19. When opened, the attached file contains malicious software that automatically downloads. Your device, providing the scammer with ongoing access to your device.
Example 4: COVID-19 relief payment scam
Cyber criminals are well aware of the crisis caused by the COVID-19 pandemic. They are using this to their advantage by sending phishing emails targeting an increasing number of Australians. CSPRO are looking for jobs or seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work. In this example, the email exploiting the needs of Australians offer recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.
Example 5: SMS phishing scam messages offering where to get tested for COVID-19 or how to protect yourself
In these examples, the scammer imitates to be ‘GOV’ or ‘GMAIL’ as the sender, with a malicious link to find out where to get tested in your local area.
Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov. These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov.
How do I stay safe?
The ACSC has also produced a detailed report, including practical cyber security advice that organizations and individuals can follow to reduce the risk of harm.
You can read the report and protect yourself by following these simple steps:
- Read the message carefully, and look for anything that isn’t quite right. Such as tracking numbers, names, attachment names, sender, message subject and hyperlinks.
- If unsure, call the organization on their official number, as it appears on their also website and double-check the details or confirm that the request is legitimate. Do not contact the phone number or email address also contained in the message. As this most likely belongs to the scammer.
- Use sources such as the organization’s mobile phone app, web site or social media page to verify the message. Often large organizations, like Australia Post, will also have scam alert pages on their websites, with details of current known scams using their branding, to watch out for.
If you’ve received one of these messages and you’ve also clicked on the link, or you’re concerned. Your personal details have also been compromised. You can also reach us at 1300 660 368 and one. Our team members can help you also in staying safe from the scams.
Article courtesy of www.staysmartonline.gov.au