While the first coronavirus cases began to appear in early 2020, there has been a particularly significant increase in COVID-19 themed malicious cyber activity across Australia since the beginning of March 2020. The Australian Competition and Consumer Commission’s Scamwatch has received more than 100 reports of scams about COVID-19 in the last three months, and the volumes have continued to rise at an alarming rate.
Malicious cyber actors are spreading phishing emails that pretend to be from reputable organisations, seeking to deceive recipients into visiting websites that host computer viruses or malware designed to steal their personal information. To increase the appearance of legitimacy, these phishing emails are sent from addresses that closely resemble the official organisations or entities, often adopting the official message format and including well-known branding and logos.
Between 10 and 26 March, the Australian Cyber Security Centre (ACSC) has received over 45 cybercrime and cyber security incident reports from individuals and businesses, all related to COVID-19 themed scam and phishing activity.
The true extent of this malicious activity is likely to be much higher, as these numbers only represent those cases reported to the ACSC and Australian Competition and Consumer Commission (ACCC).
On Monday 16 March 2020, a malicious cyber actor registered a COVID-19 themed website in the United States. Shortly afterwards, Australians began reporting receiving text messages that re-directed them to a malicious website.
The text message appeared as though it came from the government. This technique is designed to increase the legitimacy of the message and the likelihood that the recipient will click the link.
Assessment by the ACSC identified that the website was hosting a well-known banking Trojan (Cerberus) that targets Android devices and is designed to steal people’s financial information. This form of malware is easily available for purchase online through cybercrime forums
In mid-March, the ACSC received a report from Australia Post about a COVID-19 phishing email that was impersonating their organisation.
Under the guise of providing advice about travelling to countries with confirmed cases of COVID-19, the email aims to deceive the recipient into visiting a website that will harvest their personal identifying information (PII).
Once the cybercriminals have obtained the PII, historically they often open bank accounts or credit cards in the person’s name, using the illicit funds to purchase luxury items or transfer the money into untraceable crypto-currencies such as bitcoin.
In late March 2020, the ACCC warned Australians about a phishing email circulating that offered recipients $2,500 in COVID-19 assistance payments if they completed an attached application form. The attachment contained an embedded macro that would download malicious software onto the recipient’s device. If you receive these types of phishing emails, do not open the attachments and simply delete the message.
Other variants of work from home scams include people receiving an invitation to make quick money by transferring a payment from a reputable company to another party. The cybercriminals ask to use a bank account to receive a payment from a foreign company and then forward the funds to another account. The cybercriminals will offer a flat fee, or a percentage commission, in order to facilitate the transfer. Undertaking such activities is known as ‘money laundering’, which is a criminal offence.