COVID-19 Scammer Alert!

The rapid rise of the COVID-19 pandemic has also, unfortunately, provided ample opportunity for cyber criminals.

The Australian Cyber Security Centre (ACSC) is aware of a significant increase in Australians being targeted with COVID-19 related scams and phishing emails.

In the last three months, the ACSC and the Australian Competition and the Consumer Commission’s (ACCC) Scamwatch has received over 140 reports from individuals and businesses across Australia.

These phishing emails are often sophisticated, preying on people’s desire for information and imitating trusted and well-known organisations or government agencies.

Clicking on these malicious links or visiting fake websites may automatically install computer viruses or malware and ransomware onto your device, giving cyber criminals the ability to steal your financial and personal information.

COVID-19 scams are expected to increase in coming weeks and month, and businesses and consumers are being urged to remain alert.

Examples of such scams include:

COVID-19 SMS Scam1. SMS phishing scam

This SMS phishing scam provides information on where to get tested for COVID-19 or how to protect yourself

In these examples, the SMS appears to come from ‘GOV’ or ‘GMAIL’, with a malicious link to find out where to get tested in your local area.

Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov.’ These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov.

 

2. Phishing email impersonating Australia Post

Aust PostCOVID-19ScamA COVID-19 phishing email impersonating Australia Post aims to steal personal information.

Under the pretence of providing advice about travelling to countries with confirmed cases of COVID-19, this phishing email aims to trick you into visiting a website that will steal your personal and financial information.

Once they have your personal information, the scammers can open bank accounts or credit cards in your name, often using these stolen funds to purchase luxury items or transfer the money into untraceable crypto-currencies such as bitcoin.

 

health organisation COVID-193. Phishing emails pretending to be health sector organisation

This is an example of one COVID-19 themed phishing email where the sender is pretending to be a well-known international health organisation.

The email prompts you to click on the web link to access information about new cases of the virus in your local area, or to open an attachment for advice on safety measures to prevent the spread.

 

WHO-COVID-19-Scam4. Phishing emails containing malicious attachments

This phishing email example is pretending to be from the World Health Organization and prompts you to open an attachment for advice on safety measures to prevent the spread of COVID-19.

When opened, the attached file contains malicious software that automatically downloads onto your device, providing the scammer with ongoing access to your device.

 

5. COVID-19 relief payment scam

Relief Payment ScamScammers are also sending phishing emails targeting an increasing number of Australians that are seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work.

This email example offers recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.

How to Protect Your Business

There are a number of ways you can protect yourself and your business from COVID-19 scams:

  • Read the message carefully, and look for anything that isn’t quite right, such as tracking numbers, names, attachment names, sender, message subject and hyperlinks.
  • Educate your employees on how to recognise phishing and scam emails
  • If unsure, call the organisation on their official number, as it appears on their website and double check the details or confirm that the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.
  • Use sources such as the organisation’s mobile phone app, web site or social media page to verify the message. Often large organisations, like Australia Post, will have scam alert pages on their websites, with details of current known scams using their branding, to watch out for.
  • Implement COVID-19 Business Continuity planning
  • Understand the importance of cyber security for your business
  • Implement a laptop security policy. This is particularly important for remote work.

If you’ve received one of these messages and you’ve clicked on the link, or you’re concerned your personal details have been compromised, contact your financial institution immediately.

For expert advice and assistance on cyber security in your business, contact Surety IT today.

Contact Us

Name(Required)
This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top