sb-au logo
Story image

Phishers cash in on the COVID-19 pandemic - how to avoid being reeled in

03 Jul 2020

Article by WatchGuard Technologies A/NZ regional director Mark Sinclair.

It’s often said that a crisis brings out the best and worst in human nature. The COVID-19 pandemic has been deemed the biggest public health and financial disaster in a century – and high-tech hackers are swarming around in droves.

While billions of people were locked down at home for weeks, predatory hackers have been out phishing; using the fear and uncertainty the virus has generated to reel in and rip off unsuspecting victims.

The term phishing refers to the fraudulent practise of sending emails purporting to come from legitimate organisations, with the aim of inducing recipients to part with personal information, passwords or credit card details.

Since the coronavirus crisis began, there’s been a surge in this form of activity – so much so that the Australian Cyber Security Centre (ACSC) has issued a series of warnings for individuals and businesses to be on their guard. 

Never waste a crisis

It’s not the first time we’ve seen bad actors attempt to cash in on disruption and disaster. They’re long-time masters of malicious psychology whose missives are most effective when they reference current, newsworthy events – and the bigger the better. The 2004 Boxing Day tsunami brought them out in force, as did the GFC.

This time around, we’re seeing a rash of dodgy domain name registrations containing references to COVID-19, coronavirus and other terms related to the pandemic, cropping up faster than authorities can issue orders to have them taken down. By mid-April, the ACSC had disrupted more than 150 malicious COVID-19 themed web sites, with the assistance of major telcos, Google and Microsoft.

Meanwhile, corona-themed phishing gambits include campaigns to trick SMS and email recipients into clicking on links to update their banking information, claim government stimulus payments and obtain information on local virus testing facilities. Individuals who make the mistake of doing so will find they’ve been scammed – into installing malware which steals their personal information in order to commit identity theft, harvests their bank account details or infects their employer’s corporate network.

Taking the long way round – how to avoid risky clicks in the time of coronavirus

Endpoint Domain Name System (DNS) filtering can serve as a shield against phishing attempts. The technology can be installed to block users’ attempts to access links if the sites in question are known to be malicious. Additional protection can also be had by opting for Multi-Factor Authentication when accessing important online services such as banking and social media accounts. 

Approaching links contained within emails with extreme caution, unless you’re satisfied they emanate from a trusted source, is also a smart move. If you’re not sure whether an email is bona fide or bogus – and these days many of the latter look extremely convincing –the easiest way to ensure you don’t take a potential bait is to take the long way round instead.

Rather than clicking on the link, head to the web site of the organisation it has purportedly been sent from and track down the information manually. Alternatively, you can telephone, using contact details from a trusted source, to verify whether they have, in fact, attempted to contact you.

Staying cyber-safe through COVID-19 and beyond

For some unfortunate victims, the warnings come too late. The ACSC has received more than 95 reports of Australians losing money or personal information to COVID-themed scams and online frauds and it’s unlikely they’ll be the last. 

As the crisis continues to play out, the onus is on the rest of us to remain on high alert, to ensure our systems and data aren’t infected with another kind of virus.

Story image
Quantum extends Veeam partnership in a bid to protect against ransomware
“Quantum continues to expand its partnership with us and we are pleased to add ActiveScale object storage to a select group of S3 targets that can provide robust ransomware protection for our joint customers."More
Story image
Latest Tenable launch provides holistic approach to vulnerability management
Tenable.ep is reportedly the industry’s first, all-in-one, risk-based vulnerability management platform designed to scale as dynamic compute requirements change.More
Story image
Veeam reports growth as demand for modern data protection increases
“Even with the unforeseen challenges and circumstances that began in early 2020, Veeam continued its rapid growth with its second consecutive year of bookings over $1 billion."More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
Palo Alto Networks turns attention to supporting remote workforces
"We’re working with more organisations to pivot their security architecture and move towards a cloud-delivered security model that can safely connect any user, to any application, from anywhere.”More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More