Businesses in Australia can be affected if the workforce is not reminded to practice security hygiene. Source: AFP

Businesses in Australia can be affected if the workforce is not reminded to practice security hygiene. Source: AFP

COVID-19 phishing and email scams surge in Australia

In any kind of crisis, there are those that will seek to take advantage.

It’s not surprising then, that in the current climate, that’s seen many companies take their workforces ‘remote’, cybercriminals are keen on exploiting the upheaval, and general anxiety for their own gain.

Australia, in particular, has seen an increase in cyber risks and threats amid the intensifying outbreak. That’s led the Australian Cyber Security Centre (ACSC) to release a new threat update exposing the patterns of these schemes through a series of case studies.

“Cybercriminals are very opportunistic and we are seeing an increased targeting of Australians through COVID-19 themed malicious activities,” said the acting head of ACSC, Karl Hanmore.

Over 100 scam cases have been reported to the Australian Competition and Consumer Commission’s Scamwatch in the last three months with a significant surge in malicious cyber activities affecting businesses and individuals since early this month.

This is why the new threat advice update also outlined practical security measures to be practiced by businesses and individuals alike, as private networks can be a lot less secure than an organization’s patched up operating network.

However, the situation could be worse given that a lot of cases usually go unreported. Not to mention, the threats can be difficult to identify because these criminals go the extra mile to masks themselves as health agencies or news media companies.

In one case, an SMS phishing scam was launched where Australians were sent a link to a COVID-19 themed website claiming that some latest news on how to best protect themselves are available on the site.

Those who unfortunately clicked the link were sent to a malicious website that contains a banking Trojan that will steal users’ financial information.

There were also phishing emails from ‘International Health Agencies’ or the Australia Post asking receivers to provide travel history records or offering the malware-filled attachment ready for download.

Hanmore acknowledged that the pandemic outbreak has emerged as lucrative ‘business opportunities’ for cybercriminals whose job was “to steal our money.”

Again, as more businesses operate from home, it’s important that cybersecurity or IT teams ensure that the workforce is armed with the right cyber defense systems and knowledge. Such sentiment was also echoed by the Australian Strategic Policy Institute’s International Cyber Policy Centre’s director, Fergus Hanson.

“There are absolutely more vulnerabilities and probably softer targets in a work-from-home arrangement and there does anecdotally seem to be an uptick on attention on those issues,” Hanson told The Sydney Morning Herald.

He also revealed that there is no guarantee that it is possible for the government to safeguard remote working network systems.

In these instances, again, it’s best that businesses align their cybersecurity practices with the entire workforce and remain vigilant at all times. Understandably, the usual protection that a typical office-based network offer is absence, but remote working can still be safe.

However, as Hanmore said, Australians can always refer to the ACSC website to verify the emails and SMS they have been getting.