My Credit Union

COVID-19 Phishing Scams

Print

30th March, 2020: 

The Australian Cyber Security Centre (ACSC) is aware of a significant increase in Australians being targeted with COVID-19 related scams and phishing emails.

These phishing scams are often sophisticated, preying on people’s desire for information and imitating trusted and well-known organisations or government agencies.

Clicking on these malicious links or visiting fake websites may automatically install computer viruses or malware and ransomware onto your device, giving cyber criminals the ability to steal your financial and personal information.

These scams are likely to increase over the coming weeks and months and the ACSC strongly encourages organisations and individuals to remain alert.

Here are some examples of what to look out for now:

SMS phishing scam: Offering where to get tested for COVID-19 (or how to protect yourself)

The SMS appears to come from ‘GOV’ or ‘GMAIL’, with a malicious link to find out where to get tested in your local area.

Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov.’ These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov which makes it extremely difficult to determine what is and isn’t genuine communication.

COVID-19 phishing email: Impersonating Australia Post to steal personal information

Under the pretence of providing advice about travelling to countries with confirmed cases of COVID-19, this phishing email aims to trick you into visiting a website that will steal your personal and financial information.

Once they have your personal information, the scammers can open bank accounts or credit cards in your name, often using these stolen funds to purchase luxury items or transfer the money into untraceable crypto-currencies such as bitcoin.

COVID-19 Phishing email: Pretending to be an international health sector organisation

These COVID-19 phishing emails pretend to be a well-known international health organisation. The email prompts you to click on the web link to access information about new cases of the virus in your local area, or to open an attachment for advice on safety measures to prevent the spread.

COVID-19 Phishing email: Impersonating WHO containing malicious attachments

The phishing email pretends to be from the World Health Organization and prompts you to open an attachment for advice on safety measures to prevent the spread of COVID-19. When opened, the attached file contains malicious software that automatically downloads onto your device, providing the scammer with ongoing access to your device.

COVID-19 Phishing email: Relief payment scam

Scammers are now sending phishing emails targeting an increasing number of Australians that are seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work. One particular email offers recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.

How do I stay safe?

The ACSC has produced a detailed report, including practical cyber security advice that organisations and individuals can follow to reduce the risk of harm.
You can read the report and protect yourself by following these simple steps:

If you’ve received one of these messages and you’ve clicked on the link, or you’re concerned your personal details have been compromised, contact your financial institution immediately and your local technical support provider.

More information

If you’ve suffered financial loss from cybercrime, report it to ReportCyber at www.cyber.gov.au/report.

Visit cyber.gov.au for advice to help businesses stay secure from cyber threats, whilst managing a remote workforce.

To stay up to date on the latest online threats and how to respond, sign up to the Stay Smart Online Alert Service, www.staysmartonline.gov.au/alert-service.

For information on the COVID-19 pandemic, visit https://www.health.gov.au.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Disclaimer
This information has been prepared by the ACSC. It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.