Warning: COVID-19 scam alert
In recent months reports of phishing scams and cybersecurity incidents have gone through the roof, especially in relation to COVID-19.
Many of these attacks are variants on common methods we see, but with the rise in working from home and increased stress levels, they’ve been given a Coronavirus twist. With the bad guys shifting their techniques and methods to align with government announcements within days or even hours of their release, it’s more important than ever to stay vigilant.
If you come across anything suspicious or out of the norm, contact our helpdesk immediately.
Here are just a few examples of what we and the Australian Cyber Security Centre have encountered in recent weeks:
Emails impersonating IT helpdesks and in particular targeting people working from home, with the intent of collecting usernames & passwords
Big red flags on this one – any reputable IT provider will never send an email of this nature to clients, so if you do receive anything like this, do not click on any links or attachments, and do report it directly to your usual support contact.
Microsoft remote access dodgy number trap
Scammers are exploiting a legitimate US Microsoft support number – (1) (800) 642 7676. When you dial this legitimate United States number from Australia seeking support from Microsoft, the last digit gets cut off. You’ll actually dial 1800 642 767, which is not a legit number and has been registered by cybercriminals here in Aus. Victims are asked to provide their name and date of birth for verification and are informed someone will call back shortly.
The scammers call back and direct people to download a remote access program that gives the criminals access to their computer. Once access has been gained, the cybercriminal convinces the victim that their computer is compromised and that they need to pay a large sum of money for it to be fixed. The scammers are insistent that due to COVID-19 they are required to pay in untraceable cryptocurrency. The scammers will also try to extract banking details and other sensitive info while they’re in there.
Emails impersonating a real contact or supplier you usually deal with, but with banking details changed to divert your payment
These can be super convincing and in the middle of a pay run, your accounts team might not even question it. If you receive any comms like this, the best course of action is to speak to your usual contact from the supplier directly and verify the details. A few extra seconds can save you thousands.
Text messages impersonating official government communications
These smishing messages look legit down to the correct contact name in the first example. After the initial scam attempts were reported, the perpetrators redesigned the messages to replicate MyGov official communications to a T, allowing messages to appear within existing conversations. The links in each of these messages host malware, putting your device and your information at risk.
Emails impersonating government financial benefit communications.
Centrelink & other government services will never ask you to reply directly to an email. By providing these details, criminals have sufficient information to commit identity theft.
Fake sale listings for puppies
Scammers have been posting ads for puppies that don’t exist on Gumtree & similar sites. Once they receive your deposit they’ll keep requesting extra money, pushing back the ETA of your new pup until you give up. Australians have lost almost a massive $300,000 to scams of this nature during the pandemic.
More phishing scams currently circulating include text messages and emails impersonating banks, insurance providers or supermarkets – getting you to verify your details or click links to claim financial benefits.
If you have any queries or concerns please contact our team on 1300 228 480 or send us a message – and stay safe out there.
For more updates, see the Australian Cyber Security Centre’s latest threat advice and subscribe to our newsletter.