Two Australians per day across the last month have fallen victim to COVID-19-themed scams, with government agencies reporting a “significant increase” in the malicious tactic.
The Australian Cyber Security Centre (ACSC) issued an alert this week on the vast increase in this type of online scam, saying there has been a “significant increase in Australians being targeted with COVID-19 themed scams, fraud attempts and deceptive email schemes”.
Since 10 March, the ACSC received more than 95 cybercrime reports – two per day – about Australians losing money or personal information due to a COVID-19 themed scam or online fraud.
In this time, the Centre also responded to 20 cyber security incidents impacting important COVID-19 response services or major national suppliers.
The ACSC also disrupted more than 150 malicious COVID-19-themed websites, with assistance from Australia’s largest telecommunications companies, along with Google and Microsoft.
“Cybercrime actors are pivoting their online criminal methods to take advantage of the COVID-19 pandemic,” the ACSC alert said.
“These scams have continued to increase over the past month and the ACSC strongly encourages organisations and individuals to remain alert and follow advice on how to protect yourself and your business.”
On 30 March, the Centre received 16 reports of a phishing text pretending to be from Westpac. The message attempted to entice the receiver to click a link directing them to a website that would harvest their personal information.
The ACSC then lodged a takedown notice for the website and reached out to telecommunications companies, as well as Google and Microsoft, to get that site blocked. Other scams have used government branding and referenced very recent announcements in an attempt to appear legitimate.
The Australian Competition and Consumer Commission (ACCC) has also received over 1,100 reports of COVID-19 themed scams, from both individuals and businesses.
These have resulted in almost $130,000 of reported losses to those impacted by them.
“These phishing campaigns are often sophisticated, with cybercriminals aligning malicious activities within days – sometimes even within hours – of government announcements such as relief payments or public health guidance,” the ACSC said.
“They prey on people’s desire for information, imitating trusted and well-known organisations or government agencies.”
These scams often lead to the installation of malware, giving the scammers the ability to access the users’ personal information or money.
Last month, the ACSC warned of an SMS scam that urged the receiver to click on a link to see coronavirus testing locations. If clicked on, malicious software was installed on the device which had been designed to steal banking details.
The ACSC has also warned of a recent increase in “sextortion” campaigns.
In just the last two weeks, it has received more than 1,900 reports of sextortion emails.
This is a form of blackmail where the scammer threatens to release personal images they have of the victim to their friends and family unless a ransom is quickly paid.
Despite their claims, in most cases the scammer does not in fact have access to any such images or personal information.
“The cyber scammers responsible are threatening to release personal and sensitive information to the recipient’s contacts unless the scammer is paid in cash or bitcoin,” the ACSC said.
In the most recent examples of these scams, a different sender name was used in each of the near-2000 emails reported to the ACSC.
