cfo-au logo
Story image

Phishers cash in on the COVID-19 pandemic - how to avoid being reeled in

03 Jul 2020

Article by WatchGuard Technologies A/NZ regional director Mark Sinclair.

It’s often said that a crisis brings out the best and worst in human nature. The COVID-19 pandemic has been deemed the biggest public health and financial disaster in a century – and high-tech hackers are swarming around in droves.

While billions of people were locked down at home for weeks, predatory hackers have been out phishing; using the fear and uncertainty the virus has generated to reel in and rip off unsuspecting victims.

The term phishing refers to the fraudulent practise of sending emails purporting to come from legitimate organisations, with the aim of inducing recipients to part with personal information, passwords or credit card details.

Since the coronavirus crisis began, there’s been a surge in this form of activity – so much so that the Australian Cyber Security Centre (ACSC) has issued a series of warnings for individuals and businesses to be on their guard. 

Never waste a crisis

It’s not the first time we’ve seen bad actors attempt to cash in on disruption and disaster. They’re long-time masters of malicious psychology whose missives are most effective when they reference current, newsworthy events – and the bigger the better. The 2004 Boxing Day tsunami brought them out in force, as did the GFC.

This time around, we’re seeing a rash of dodgy domain name registrations containing references to COVID-19, coronavirus and other terms related to the pandemic, cropping up faster than authorities can issue orders to have them taken down. By mid-April, the ACSC had disrupted more than 150 malicious COVID-19 themed web sites, with the assistance of major telcos, Google and Microsoft.

Meanwhile, corona-themed phishing gambits include campaigns to trick SMS and email recipients into clicking on links to update their banking information, claim government stimulus payments and obtain information on local virus testing facilities. Individuals who make the mistake of doing so will find they’ve been scammed – into installing malware which steals their personal information in order to commit identity theft, harvests their bank account details or infects their employer’s corporate network.

Taking the long way round – how to avoid risky clicks in the time of coronavirus

Endpoint Domain Name System (DNS) filtering can serve as a shield against phishing attempts. The technology can be installed to block users’ attempts to access links if the sites in question are known to be malicious. Additional protection can also be had by opting for Multi-Factor Authentication when accessing important online services such as banking and social media accounts. 

Approaching links contained within emails with extreme caution, unless you’re satisfied they emanate from a trusted source, is also a smart move. If you’re not sure whether an email is bona fide or bogus – and these days many of the latter look extremely convincing –the easiest way to ensure you don’t take a potential bait is to take the long way round instead.

Rather than clicking on the link, head to the web site of the organisation it has purportedly been sent from and track down the information manually. Alternatively, you can telephone, using contact details from a trusted source, to verify whether they have, in fact, attempted to contact you.

Staying cyber-safe through COVID-19 and beyond

For some unfortunate victims, the warnings come too late. The ACSC has received more than 95 reports of Australians losing money or personal information to COVID-themed scams and online frauds and it’s unlikely they’ll be the last. 

As the crisis continues to play out, the onus is on the rest of us to remain on high alert, to ensure our systems and data aren’t infected with another kind of virus.

Story image
Hyland adds handwriting recognition to Brainware Foundation platform
The addition of advanced handwritten text OCR will enable organisations to expand their ability to extract information from documents and forms, as well as their ability to accelerate downstream processes.More
Story image
Y Soft expands Microsoft Universal Print integration
YSoft SAFEQ Cloud portfolio, which includes SAFEQ CloudPro and Breeze, is now fully integrated with Microsoft’s Universal Print.More
Download image
A guide to the email galaxy - and how to avoid catastrophic cyber threats
Some 60% of organisations believe it’s inevitable or likely they will suffer from an email-borne attack in the coming year.More
Story image
Macquarie Telecom and Juniper Networks join forces for an Aus wide network refresh
“Together, we are confident that we can improve time-to-market while increasing the end customer’s experience, all while providing Macquarie Telecom with an ultra-reliable and highly-agile network for years to come.”More
Story image
Intel & VMware collaborate on vRAN platform to support 5G
The two companies are collaborating on a software platform to assist communications service providers (CSPs) with rolling out future 5G networks across a software-defined, virtualised infrastructure.More
Story image
RPA is important, but not as important as people
Robotic Process Automation (RPA) and other intelligent automation technologies are increasing in popularity with businesses as they look to leverage competitive advantage during this uncertain time. However, having a people-centric approach continues to be a critical advantage. More