Australians are being warned about a surge in phishing scams being launched in the guise of official Covid-19 government support services, with malware-compromised machines giving cybercriminals direct access to personal or financial information.
The scams, which disguise themselves as Covid-19-related support materials, appear as official correspondence from government agencies, international healthcare advisory sites, postal services, or entities that manage relief payments.
Both the Australian Cyber Security Centre (ACSC) and the Australian Competition and Consumer Commission (ACCC) have warned that the number of email scams hitting inboxes will likely escalate as Covid-19 case rates increase.
So far since the coronavirus outbreak, the ACSC and ACCC’s Scamwatch have received more than 140 reports of digital scams from individuals and businesses.
An Australian Government red alert has warned recipients to avoid clicking on suspect links that divert users to malicious websites.
Opening a malicious link or fake website may automatically install malware or ransomware, allowing cybercriminals to steal financial or personal information or prevent a victim from accessing their data.
One instance of a recent phishing scam, sent via SMS, involved a “test” for Covid-19 together with “advice” on how to protect oneself. This SMS appeared to come from a ‘.gov’ or ‘gmail’ address.
Another, sent through email, used Australia Post’s credentials offering recipients “advice” on travelling to countries with confirmed cases of Covid-19.
“This phishing email aims to trick you into visiting a website that will steal your personal and financial information,” the Government’s Stay Smart alert service said in a statement.
“Once they have your personal information, the scammers can open bank accounts or credit cards in your name, often using these stolen funds to purchase luxury items or transfer the money into untraceable cryptocurrencies such as bitcoin.”
The World Health Organisation’s credentials were used in an email with an attached file containing malicious software. This attachment would automatically download onto a device, enabling scammers to gain control of the device.
Another Covid-19-themed phishing email prompts recipients to click on a link for information about new cases in the local area. Recipients were asked to open an attachment for alerts involving safety measures to contain the spread.
Relief payment scams have also targeted people seeking to work from home, needing financial assistance, or volunteering for relief efforts, with one offering recipients $2,500 as an “assistance payment” once they completed an attached application form. Opening this attachment would download malicious software onto the targeted device.
The ACSC is advising people to read incoming messages carefully before they click or download. The advice is to look for anything that “isn’t quite right”: this may include tracking numbers, names, attachment names, sender, message subject or hyperlinks.
Large organisations such as Australia Post carry scam alert pages on their websites. They may provide details of current known scams that are using the organisation’s brand.
Phishers targeting remote working tools
Meanwhile, security experts have warned of a sharp surge in hackers attempting to exploit popular online communications, eConferencing and eLearning platforms, including Zoom, Microsoft Teams and Google classroom, as users flock to the services in the midst of Covid-19-related shutdowns.
Online publisher iTnews reports that eConferencing and communications services – which have seen a sharp jump in usage since the pandemic’s spread forced mass workplace shutdowns – are providing useful cover for hackers to compromise users’ systems.
Hackers appear to be making use of tried-and-true phishing techniques to lure unsuspecting users to malicious links, allowing machines to be compromised through malware or ransomware.
Users of remote working and learning tools are being advised to take extra precautions when opening emails and files from unknown senders (and take note of email addresses from known users with fake domains), particularly if they contain special deals or discount offers.
Citing a warning from security vendor Check Point, iTnews said: “Every leading communications platform has been targeted by cyber criminals setting up phishing websites, including the Zoom video conferencing and Microsoft Teams collaboration suites.”
More than 1,700 new domains with the name “zoom” in them have been registered since the beginning of the year. A quarter of these new domains were registered in the last week.
Four per cent of the newly registered domains are said to have malicious characteristics, Check Point said.