The Australian Cyber Security Centre (ACSC) has warned of an increase in scams and phishing emails seeking to take advantage of the uncertainty around the ongoing COVID-19 crisis.
According to the ACSC, the last three months have seen a significant increase in the number of individuals and businesses reporting scams and phishing emails.
In a report, the ACSC said both it and the Australian Competition and Consumer Commission (ACCC) have received over 140 reports from individuals and businesses across Australia about coronavirus-related scams.
“These scams are likely to increase over the coming weeks and months, and the ACSC strongly encourages organisations and individuals to remain alert,” the report said.
“These phishing emails are often sophisticated, preying on people’s desire for information and imitating trusted and well-known organisations or government agencies.”
In particular, the report noted an email scam offering recipients up to $2,500 in COVID-19 assistance payments if they completed an attached application form.
It said the attachment contains an “embedded macro” that automatically downloads malicious software onto the recipient’s device, potentially giving scammers access to personal and financial information.
“If you receive these types of phishing emails, do not open the attachments and simply delete the message,” the report said.
Working-from-home threats
With an increase in the number of Australians working from home, the ACSC highlighted the importance of good cyber-security practices.
It said businesses should include cyber security in their contingency planning, including measures such as ensuring virtual private networks (VPNs) and firewalls are up to date with recent security patches.
“Implement multifactor authentication for remote access systems and resources (including cloud services),” the ACSC report said.
“Multifactor authentication can make it significantly more difficult for an adversary to steal legitimate credentials to facilitate further malicious activities on a network.”
The ACSC also advised business owners, staff and stakeholders were informed and educated on good cyber-security practices, “particularly in relation to common threats such as detecting socially engineered messages”.
SMS scams
SMS scams have also increased in sophistication, and the ACSC has warned that these scams will potentially show up in the same conversation threads as previous official SMS messages.
Recipients have received an SMS from sources labelling themselves as “GOV” or “GMAIL” and, according to the ACSC, some have “myGov” as the sender identification.
The messages, which claim to have information about COVID-19 symptoms and testing facilities, carry a link to a website which installs malware to steal financial information from the recipient’s phone.
The ACSC has warned recipients to not click on the links while it works to take the malicious websites down.