The Australian public is being warned against an SMS scam urging users to click on a link for Coronavirus testing locations.

On Monday night, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) issued a High Alert Priority warning advising users to simply delete the text message and not click on any links.

“The link in these text messages is not legitimate, and if clicked on, may install malicious software on your device, designed to steal your banking details,” the warning read.

It came as the Australian Competition and Consumer Commission (ACCC)’s Scamwatch reported it had received multiple reports of coronavirus-themed scam texts from members of the public.

The scam message, which appears to come from a sender called 'GOV', reads: “You’ve received a new message regarding the COVID-19 safetyline symptoms and when to get tested in your geographical area”, followed by a link which uses ‘covid19info’ as part of its domain name.

Despite being grammatically challenged, the message uses words such as safety and tested, two key words preying on people’s susceptibility to click on links for more information about a rapidly threatening pandemic.

Ramping up

The warnings come a week after users were warned to avoid scam emails along the same lines.

Crispin Kerr, Australian Country Manager for cyber security firm Proofpoint said the company had observed a sharp increase in the number of coronavirus-related email scams, with bad actors sending out more than 200,000 emails at one time.

“These emails are extremely well-crafted and use stolen branding to make it appear they are coming from a legitimate, trusted source,” Kerr said.

“For example, we’ve seen cybercriminals pretending to be the ‘World Health Organisation’ and ‘Australia HealthCare,’ a fake but fully branded health organisation, to try and convince individuals to click through to a malicious link by offering advice on how to stay safe from the coronavirus.

“The COVID-19 lures we’ve observed are truly social engineering at scale.

“They know people are looking for safety information and are more likely to click on potentially malicious links or download attachments,” Kerr said.

The ACSC says if you've received one of these messages and clicked on the link, contact your bank immediately.

If you’ve been scammed out of money, report it to ReportCyber at www.cyber.gov.au/report.