Fraudsters and hackers are active and downright evil. We are seeing reports of all sorts of activity on their part, trying to use people's fear and gullibility to make a profit. Some examples include:
1. Sending out SMS messages purporting to be providing advice of COVID-19 testing locations. These messages contain a link to a site which installs software on the user's device, allowing hackers to access it remotely..
2. Sending out emails impersonating Australia Post, purporting to provide information around travel advisories and travel bans. Visiting the website then required you to divulge enough personal data for the hacker to steal their identity and potentially open bank accounts, etc.
3. Emails from the World Health Organisation, which include a document containing advice around safety measures to prevent the spread of COVID-19. The Word document contains a virus which, once again, provides hackers with remote access to the user's device.
4. Emails offering Australians $2,500 in COVID-19 Assistance Payments by completing the attached application form. Once again, the Word document attachment contains a malicious virus.
How to spot if an email or text message is phishing?
There are some key things to look for to determine if the text message or email is phishing:
• Read the message carefully, look for anything that isn’t quite right, such as tracking numbers, names, attachment names, sender, message subject and URLs.
• On a PC or laptop, hover your mouse over links to see if the embedded URL is legitimate, but don’t click.
• Google information such as sender address or subject line to see if others have reported it as malicious.
• Call the organisation on their official number as it appears on their website (separate to any contact details in the received message) and double-check the details or confirm that the request is legitimate. Do not contact the phone number or email address contained in the message, as this most likely belongs to the scammer.
• Use sources such as the organisation's mobile phone app, web site or social media page to verify the message.
Protecting yourself against phishing emails
As the examples above illustrate, cybercriminals and scammers can produce phishing emails that look very
legitimate.. By following these simple steps, you can assist in protecting yourself against phishing emails:
• Before opening an email, consider who is sending it to you and what they are asking you to do. If you are unsure, call the organisation you suspect the suspicious message is from using contact details from a verified website or other trusted source.
• Do not open attachments or click on links in unsolicited emails or messages.
• Do not provide personal information to unverified sources and never provide remote access to your computer.
• Remember that reputable organisations locally and overseas – including banks, government departments, Amazon, PayPal, Google, Apple, and Facebook – will not call or email to verify or update your personal information.
• Use email, SMS or social media providers that offer spam and message scanning.
• Use two-factor authentication (2FA) on all essential services such as email, bank and social media accounts, as this way of 'double-checking' identity is stronger than a simple password. 2FA requires you to provide two things, your password and something else such as a code sent to your mobile device or your fingerprint, before you – or anyone pretending to be you – can access your account.
Sadly, we have to continue to consider these issues in such troubling times. Unfortunately, there are those in the world who see this as an opportunity to defraud others.
We might have to add to the slogan … Stay Safe. Stay Home. Stay Secure.