Cybercriminals use the COVID-19 panic for new online scams worldwide. Malicious cyber scammers are targeting Australia with COVID-19 related scams through phishing texts and emails. Since early March 2020, COVID-19 themed online scams have significantly increased across Australia. The Australian Competition and Consumer Commission’s Scamwatch has received over 100 scam reports in the last three months that relate to COVID-19. Just between 10 – 26 March, the ACSC received more than 45 cybercrime, and cybersecurity issue reports from Australian individuals and businesses. All these reports related to COVID-19 themed scams. These COVID-19 online scams are expected to increase in frequency and severity over the coming months.
“We see some upticks in the COVID space. It’s most likely the same cybercriminals just trying to go about their normal day job of stealing from us all,” acting head of the ACSC Karl Hanmore said. “They’re coalescing under COVID-19 as the one thing they know we’re all interested in right now.”
These COVID-19 scams are created to seem legitimate by impersonating well-known organisations. Through these phishing emails and text messages, cybercriminals install computer viruses onto a device. These are viruses such as banking Trojans or other variants of ransomware. They may also be designed to harvest user credentials, such as passwords, bank details, and personal identification to gain access to someone’s network, device, or online banking account.
Examples of COVID-19 Online Scams
#1. Australia Post Email Scam
On 19 March, the ACSC received reports about a COVID-19 phishing email, impersonating the Australia Post. The email provided advice about traveling to countries with confirmed cases. By clicking the link, the user’s personal identifying information (PII) is harvested. Scammers often use these details to open bank accounts or credit cards in someone’s name, using the illicit funds for purchases or they transfer money into untraceable cryptocurrencies like Bitcoin.
#2. World Health Organization Scam
Another phishing email scam was impersonating the World Health Organization. This phishing email has malicious attachments that contained embedded computer viruses. The email refers to an attachment that offers advice on safety measures to prevent the spread of the virus. When opened, software is downloaded on the recipient’s device that gives the scammer access to install other malware, such as spyware that tracks everything the user does. Or obtain personal contact details to scam-related contacts.
#3. COVID-19 Relief payment scam
March 2020, another phishing email was circulating that offered recipients $2,500 in COVID-19 assistance payments. All they had to do, was to complete the attached application form to receive the relief payment. This attachment contained an embedded macro that downloads malicious software onto the device.
You can find more scams here.
Government action against online scams related to COVID-19
The Australian Signals Directorate (ASD) mobilised its offensive cyber capabilities to disrupt the foreign cybercriminals behind these malicious online activities that relate to the global pandemic, according to Minister for Defence Linda Reynolds. According to Reynolds, the ASD is hitting back at cybercriminals: “We are hitting back through the Australian Signals Directorate, who have already successfully disrupted activities from foreign criminals by disabling their infrastructure and blocking their access to stolen information.”
Engaged Telecommunication firms have been asked by the ASD to block and take down websites identified as malicious. The ASD’s Australian Cyber Security Centre (ACSC) also works with Google and Microsoft to flag websites as malicious, to warn users about these sites before visiting them.
How to recognise a phishing email or text message?
There are some key elements to look for, to recognise a phishing email.
Sender email address
Read the message carefully. In most cases, you can see if an email is fake by checking the email address or message subject. In the email below, a recent Westpac scam, you can see the email address is unusual and not the official Westpac email.
Sometimes it’s very easy to spot, like the email address in the Westpac scam email. However, some scammers use almost identical email addresses. If you are unsure, Google the email address or subject line to see if it has been reported as a scam by others.
On a PC or laptop, you can check the link of an embedded URL is legitimate. HOVER, don’t click, your mouse over the button or link, and usually, the URL will appear on the bottom.
Scammers are, in most cases, not native English speakers. Therefore phishing emails often contain grammatical errors.
Australian Scams Reporting
You can report online scams related to COVID-19 to Scamwatch.
If you lost money to a scam, you could report the scam with the Private International Disruption Organization (PICDO), who will try to retrieve your money for you.