Be Alert: COVID-19 Phishing Scams
The Australian Cyber Security Centre (ACSC) has posted an alert due to a significant increase in Australians being targeted with COVID-19 related scams and phishing emails.
The scams are getting increasingly sophisticated, preying on people’s desire for information and imitating trusted and well-known organisations or government agencies.
They expect these scams are likely to increase over the coming weeks and months and the ACSC strongly encourages organisations and individuals to remain alert.
Things to look for:
- Unsolicited emails or text messages using web addresses with COVID in them that end in .gov or .info – ALL official government web address end in gov.au”. Basically, if you didn’t request information – be very cautious of anything you receive.
- Emails from Australia Post. Scammers are pretending to be Australia Post and some are very convincing. The most recent scams appear to be from Australia Post concerning information about travelling to countries affected by COVID-19.
- Emails, messages and websites pretending to be health organisations. Again, official government web sources will end in gov.au
- Emails with attachments that appear to come from the World Health Organization (WHO) asking you to provide information about safety measures.
- Payment Scams. These are the lowest of all. Many of the requests you may see via email, SMS or on the web are not genuine. If you want to make a donation, stick to the well known charitable organisations. Visit their websites directly or make a donation at the Post Office, your local supermarket or the bank.
How do I stay safe?
The ACSC has produced a detailed report. It is long but contains a lot of useful information. As always though, the scams will get more creative as time goes on. You can read the full report on the ACSC website: https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity (note the web address ends in .gov.au!)
- Read the message carefully, and look for anything that isn’t quite right, such as tracking numbers, names, attachment names, sender, message subject and hyperlinks. Other obvious giveaways include spelling mistakes or missing logos.
- If unsure, call the organisation on their official number, as it appears on their website and double check the details or confirm that the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.
- Use sources such as the organisation’s mobile phone app, web site or social media page to verify the message. Often large organisations, like Australia Post, will have scam alert pages on their websites, with details of current known scams using their branding, to watch out for.
- And if there is any doubt – ask us. You can call us on (03) 9430 1777 anytime between 9am and 5pm (AEST) or forward the message to firstname.lastname@example.org and ask us to check it.