fbpx
COV-10 Telecommunications Notification
26/03/2020
ZOOM Security Bug Lets Attackers Steal Windows Passwords
02/04/2020
Show all

FW: Alert Priority HIGH: Widespread reports of COVID-19 malicious scams being sent to Australians

 

 

 

27 March 2020

 

What’s happened?

The Australian Cyber Security Centre (ACSC) is aware of a significant increase in Australians being targeted with COVID-19 related scams and phishing emails. 
 
In the last three months, the ACSC and the Australian Competition and the Consumer Commission’s (ACCC) Scamwatch has received over 140 reports from individuals and businesses across Australia. 
 
These phishing emails are often sophisticated, preying on people’s desire for information and imitating trusted and well-known organisations or government agencies. 
 
Clicking on these malicious links or visiting fake websites may automatically install computer viruses or malware and ransomware onto your device, giving cyber criminals the ability to steal your financial and personal information.
 
These scams are likely to increase over the coming weeks and months and the ACSC strongly encourages organisations and individuals to remain alert. 
 
Here are some examples of what to look out for now:

 


Example 1: SMS phishing scam messages offering where to get tested for COVID-19 or how to protect yourself

 

In these examples, the SMS appears to come from ‘GOV’ or ‘GMAIL’, with a malicious link to find out where to get tested in your local area. 
 
Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov.’ These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov.

 

 

 


Example 2: COVID-19 phishing email impersonating Australia Post to steal personal information


Under the pretence of providing advice about travelling to countries with confirmed cases of COVID-19, this phishing email aims to trick you into visiting a website that will steal your personal and financial information. 


Once they have your personal information, the scammers can open bank accounts or credit cards in your name, often using these stolen funds to purchase luxury items or transfer the money into untraceable crypto-currencies such as bitcoin.
 

 

 

 

Example 3: Phishing emails pretending to be an international health sector organisation


This is an example of one COVID-19 themed phishing email where the sender is pretending to be a well-known international health organisation. The email prompts you to click on the web link to access information about new cases of the virus in your local area, or to open an attachment for advice on safety measures to prevent the spread.
 

 

 


Example 4: Phishing emails containing malicious attachments

 

In this example, the phishing email is pretending to be from the World Health Organization and prompts you to open an attachment for advice on safety measures to prevent the spread of COVID-19. When opened, the attached file contains malicious software that automatically downloads onto your device, providing the scammer with ongoing access to your device.

 

 

 


Example 5: COVID-19 relief payment scam

 

Scammers are also sending phishing emails targeting an increasing number of Australians that are seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work. In this example, the email offers recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.

 

 

 

If have any questions, please contact us at QBT.