As the novel coronavirus spreads around Australia, there is another insidious threat proliferating as cyber criminals try to take advantage of the panic bred by the pandemic.
Global cyber security company Proofpoint is warning of an explosion in coronavirus-related scams targeting Australians in a bid to fleece people of valuable personal details.
Crispin Kerr, Proofpoint’s Australia Country Manager, said the company has identified more than 36 straight days of coronavirus scams, with the volume progressively increasing as the crisis ramps up in western countries.
It is the biggest issue-based spate of scams the company has ever seen.
“Looking a this campaign that’s leveraging a particular theme, COVID-19, it is by far and away the largest selection of different types of threats that have all come under one single theme that we’ve ever seen,” he told Yahoo News Australia.
“And we’ve been in this space for about 18 years.”
In Australia these scams have primarily included phishing e-mails from recognisable brands being impersonated by cyber criminals, including a fake version of the World Health Organisation.
Other scams masquerade as made-up health institutions such as ‘Australia HealthCare’, a fake health organisation which has included AMA branding in the phishing email attack.
According to Proofpoint’s analysis, approximately 70 per cent of these types of scams deliver malware, which typically encourage the victim to click on a link and download a file to their computer which can give hackers remote access to the device.
About 30 per cent aim to steal individual’s credentials by directing them to a fake landing page were the end users are asked to provide information such as VPN login details, e-mail and password, or even credit card details which are scraped by the attacker.
The majority of email campaigns are landing on business days and there are currently about three to four separate campaigns taking place each day, the company said.
The volume of emails being sent at once ranges from around a dozen more targeted emails to spam campaigns which cast a wide net and send as many as 200,000 at a time.
Sherrod DeGrippo, the Proofpoint’s Senior Director of Threat Research and Detection said the email scams are mostly coming from the usual global suspects.
“It’s very widespread, we are seeing a number of well known threat actors and new actors who are just starting,” he told Yahoo News Australia.
“A number of them are based in Eastern Europe, including Russia and former Soviet states, and we’ve seen efforts from West African actors out of Nigeria, Lagos, and Morocco.”
It’s not just email scams either. This week the Australian Cyber Security Centre (ACSC) warned about various fraudulent text messages, some appearing to come from “GOV”, that include a link telling recipients where they can “get tested in your geographical area” for COVID-19.
“The link in these text messages is not legitimate, and if clicked on, may install malicious software on your device, designed to steal your banking details,” the ACSC said.
Added risks as Australia works from home
As many Australians are now working at home under strict new social distancing measures, there is heightened risk for individuals to be targeted via e-mail scams, particularly if they work for large corporations.
Working from home on residential Wi-Fi, outside of the protection of a company’s firewall and IT department, potentially makes them an easier target, Mr Kerr said.
“Using your own Wi-Fi is going to open up potential risks,” he said. “That’s a key one.”
At a corporate level, data rich sectors are being targeted with thieves fishing for network credentials, he said.
“In terms of where we’re seeing things targeted, it’s specific industries such as healthcare, insurance, finance and aerospace.”
For those in larger organisations, whose employees are often the target of such phishing scams, Mr Kerr said it’s important to speak to your companies IT department about how best practice.
“If you’re not clear on how best to work from home, pick up the phone and call your IT department,” he said.
If you have access to a VPN, you should be using it and always guard the VPN logins.
Think twice about clicking on any links, particularly if they come from an unsolicited source and look suspicious.
You can hover over any links to look at the full web address and look closely at the address of any e-mail because scams impersonating known brands will often have small spelling errors or strange formats that give them away.
Do you have a story tip? Email: firstname.lastname@example.org.