We would like to communicate that security experts have raised a warning about a security flaw in the system that can pose a risk to your business and personal information.
Widespread reports of COVID-19 malicious scams being sent to Australians.
By Bremmar Team
Today, Stay Smart Online, a community of more than 80,000 individuals and organisations committed to sharing online safety information, and part of the Australian Cyber Security Centre, shared a high priority alert about new scams and phishing emails being sent to Australians around covid-19.
The number of scams has increased significantly from January until now, and we recommend that you keep an eye out and inform your staff. During these times of uncertainty, people may be more vulnerable to these attacks so it’s very important to stay extra vigilant.
Below is the alert published by Stay Smart Online:
The Australian Cyber Security Centre (ACSC) is aware of a significant increase in Australians being targeted with COVID-19 related scams and phishing emails. In the last three months, the ACSC and the Australian Competition and the Consumer Commission’s (ACCC) Scamwatch have received over 140 reports from individuals and businesses across Australia. These phishing emails are often sophisticated, preying on people’s desire for information and imitating trusted and well-known organisations or government agencies. Clicking on these malicious links or visiting fake websites may automatically install computer viruses or malware and ransomware onto your device, giving cyber criminals the ability to steal your financial and personal information. These scams are likely to increase over the coming weeks and months and the ACSC strongly encourages organisations and individuals to remain alert. Here are some examples of what to look out for now:
Example 1: SMS phishing scam messages offering where to get tested for COVID-19 or how to protect yourself
In these examples, the SMS appears to come from ‘GOV’ or ‘GMAIL’, with a malicious link to find out where to get tested in your local area. Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov.’ These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov.
Example 2: COVID-19 phishing email impersonating Australia Post to steal personal information
Under the pretence of providing advice about travelling to countries with confirmed cases of COVID-19, this phishing email aims to trick you into visiting a website that will steal your personal and financial information. Once they have your personal information, the scammers can open bank accounts or credit cards in your name, often using these stolen funds to purchase luxury items or transfer the money into untraceable crypto-currencies such as bitcoin.
Example 3: Phishing emails pretending to be an international health sector organisation
This is an example of one COVID-19 themed phishing email where the sender is pretending to be a well-known international health organisation. The email prompts you to click on the web link to access information about new cases of the virus in your local area, or to open an attachment for advice on safety measures to prevent the spread.
Example 4: Phishing emails containing malicious attachments
In this example, the phishing email is pretending to be from the World Health Organization and prompts you to open an attachment for advice on safety measures to prevent the spread of COVID-19. When opened, the attached file contains malicious software that automatically downloads onto your device, providing the scammer with ongoing access to your device.
Example 5: COVID-19 relief payment scam
Scammers are also sending phishing emails targeting an increasing number of Australians that are seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work. In this example, the email offers recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.
How do I stay safe?
The ACSC has produced a detailed report, including practical cyber security advice that organisations and individuals can follow to reduce the risk of harm. You can read the report and protect yourself by following these simple steps:
- Read the message carefully, and look for anything that isn’t quite right, such as tracking numbers, names, attachment names, sender, message subject and hyperlinks.
- If unsure, call the organisation on their official number, as it appears on their website and double-check the details or confirm that the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.
- Use sources such as the organisation’s mobile phone app, web site or social media page to verify the message. Often large organisations, like Australia Post, will have scam alert pages on their websites, with details of current known scams using their branding, to watch out for.
If you’ve received one of these messages and you’ve clicked on the link, or you’re concerned your personal details have been compromised, contact your financial institution immediately.
- If you’ve suffered financial loss from cybercrime, report it to ReportCyber at cyber.gov.au/report
- Visit cyber.gov.au for advice to help businesses stay secure from cyber threats while managing a remote workforce.
- To stay up-to-date on the latest online threats and how to respond, sign up to the Stay Smart Online Alert Service
- More advice and support is available on our Get Help page.
- For information on the COVID-19 pandemic, visit health.gov.au
How we can help?
As technology evolves, software and security vendors keep developing and strengthening their systems. But it’s not all about technology these days. Security has shifted from a purely technical to also a behavioral concern. We’re talking about your staff and policies, which play a crucial role in the success or failure of your IT protection efforts.
Attackers are using smarter methods of targeting your business, focusing on the human factor as a key point of vulnerability. There’s no point investing in the best possible technology if the first point of access, your people, are not ready to also protect your business information. Staff education is key.
If your staff is working from home, setting up secure remote working takes time, there are a few questions your business should be asking:
- Are personal devices used meeting performance specifications and security standards?
- How are you keeping control over staff and devices once they are outside your network?
- What are the minimum security requirements staff should have in their personal devices not to jeopardise your business?
- Multi-factor authentication – MFA
- Hard drive encryption
- Mobile device management and remote wipe capability
Let us know if you are working remotely and we can help by performing a security assessment of your Microsoft 365, including your business secure score analysis or can review your business security posture to ensure you have the right measures in place to protect your organisation and staff.
We’re committed to helping businesses to work smarter and securely so if we can help, we will. Contact us on 1300 991 351 or fill in the form below and one of our consultants will get back in touch with you.