Cybercrime is infectious

Working from home? Here’s how to protect yourself from COVID-19 themed cyber scams:

• Avoid acting on emails using mobile devices
• Verify the sender and look for the official announcements
• Be wary of emails and texts that directly solicit your username and password

Read: Top Tips for Cybersecurity when Working Remotely

The Australian Cyber Security Centre have issued a warning about a proliferation of scams and other cyber activity .

Karl Hamore, Acting Head of the Australian Cyber Security Centre (part of the Federal Government’s Australian Signals Directorate) was interviewed on ABC Radio last week.

Mr Hanmore says there is a whole range of “spear phishing” and “phishing attacks” going on at the moment.

“It’s really cyber criminals trying to find a way of parting you from your hard-earned money and these sort of bad guys are out there all the time,” Mr Hanmore said.

“Their day job is to steal our money and they do that with sending SMS’s or email messages that will look fairly official and asking you to click a link.

“If we look at cybercrime activity more broadly, we’re getting people self-reporting about 145 cybercrime incidents to us a day and their self-reported losses are in the order of just under $1 million a day.”

Who’s the bad guy?

“These are global organised crime organisations,” Mr Hanmore says. “Right now, we’ve got reporting of actors in eastern and western Europe, as well as Asia and Africa.

“So it’s not a real narrow geography that we could just say, “well, all these people are doing it and they’re from one part of the world.”

“There’s a criminal ecosystem that underpins these sorts of scams.

“You might have one person who is really, really good at designing the email message or the SMS, and that’s the only service they provide.

“They’re almost like a criminal graphic design organisation and then they will work with a separate organisation of criminal software developers who will write the virus to impact your phone or your computer.

“Then they will work with some criminal sort of I.T. providers, or mail providers, to help distribute those messages, and they will each take a cut of our hard-earned money as it goes through the criminal ecosystem.

“So these are quite sophisticated actors.”

What are the latest scams?

“Click a link to learn more about the coronavirus – we’re seeing a bunch of that.

“Click a link and then download a file so that you can update a form to get free money from the government – also a scam.

“We’re just hoping we can make Australians aware of it so that they don’t have two crises to deal with.

Be alert but not alarmed

“Be cyber alert, but not cyber alarmed,” Mr Hanmore says.

“With things that come through electronic channels like SMS or email, it’s a case of having a really careful look at it.”

• If there’s any doubt at all – go to the official website for the organisation to see if you can verify it that way.
• Doing a quick Google to see if other people are reporting the same potential scam that you’re seeing or,
• Call registered organisations on their listed number, not the number that they will provide you in their scammer traffic, to make sure that you can actually get the legitimate advice.

COVID-19 Test message scam

“This one is about a week old now but we keep seeing the bad guy behind it changing their messages slightly to get past all the blocks we’re putting in place.,” Mr Hanmore said.

“You get a message like, “You’ve received a new message regarding COVID-19 safety line and how to get tested in your region. Visit…”, and then they will provide a link to a website.

“Now if you click on that link, your phone will redirect to that website and the bad guys will download what we call malware, or a computer virus, onto your phone.

“In this particular scam that’s all about that virus will steal your banking credentials, so the next time you log into your bank, they will try to make off with all your money.

Dodgy Forms to access services

Mr Hanmore said another quite effective scam features forms that appear to come from official sources.

“In the particular one I’m looking at here, they also included the password for you to type in to open up the form, which is always a bit of a tell, because that’s the bad guys trying to make sure that we can’t see into their evil document on the way past.

“No-one legitimate is going to send you a password via text for a document that they’re also sending you.”

It’s super hard to tell what’s fair dinkum and what isn’t

“If I get a message from someone who I’ve been dealing with and I expect that message, I’m more willing to sort of trust that as probably being okay.

“If I get something that’s unsolicited, I didn’t ask for it, I’m not going to click the link.

“I will look at who it’s reportedly from.

“If it’s reportedly from my bank, I will give my bank a call and say, “Hey, did you just ask me to click a link?” And most times they will say no.

“But it’s important to note that sometimes the message will look legitimate,” Mr Hanmore added.

“It will look like somebody you deal with, like Netflix.

“It’s pretty easy for the bad guys to make something look legitimate.

“So if in doubt, don’t click the link, just give them a call.”

UNSW cybersecurity expert Yenni Tim says an overload of COVID-19 communication has set the perfect scene for malicious actors.

Below is a link to the UNSW article: “Working from home? Here’s how to protect yourself from COVID-19 themed cyber scams”:

Useful links:

• Choice Guide to Password Managers
• Top Tips for Cybersecurity when Working Remotely