Cash losses soar as virus scams spread
Cybercriminals are increasingly using the coronavirus pandemic to steal money from unsuspecting Australian internet users, with huge spikes in malicious email and text messages, fake websites, and attempts to steal users' identities.
Security agencies and firms say they have already removed 150 malicious websites exploiting fear about COVID-19, identified 700 disguised as legitimate streaming services, and are now fighting more than half-a-million coronavirus-themed scam messages every day seeking to "piggyback on the public's interest in COVID-19".
But some online criminals appear to be winning the battle, with losses to scams up by more than $380,000 last month, according to Australia's consumer watchdog.
Attempts to steal money using the coronavirus as bait began to emerge in mid-March, according to a new analysis of web and email traffic by Forcepoint X-Labs.
The cybersecurity firm found malicious emails exploiting interest in COVID-19 spiked by 358 per cent on March 23 and had remained high.
Criminals had now ramped up their operations to send more than half-a-million coronavirus-themed scam emails a day after sending only a "negligible" number in January and February.
Forcepoint X-Labs strategic business director Nick Savvides said the scammers were working hard to exploit Australian's financial concerns, health fears, and confusing information about social distancing.
"Scammers always follow the trends. Right now the trend is coronavirus so they're sending messages pretending to be from the tax office, MyGov or banks," he said.
Mr Savvides said vulnerable people were more likely to respond without asking questions, and so many were being sent by email and text messages, embedded in malicious or fake websites, and promoted in scam calls, more people were bound to lose money.
In some scams, criminals were even following up scam SMS messages with phone calls to their victims, he said.
The ACCC's ScamWatch found Australians had already lost an extra $385,510 in March compared to February.
Australian Cyber Security Centre head Abigail Bradshaw said the agency had received 95 reports of money lost to coronavirus scams since March 10, and warned criminals were launching scams within hours of major announcements to trick people in search of help.
Some of the scams included fake text messages from banks, phishing emails that appear to come from the Australian Government, complete with the coat of arms, text messages offering health advice through a malicious web link, and emails targeted at remote workers that appeared to come from IT help desks.
Security firm Mimecast also warned Australians were even being targeted in their downtime after it identified 700 new websites impersonating videostreaming services.
To avoid being scammed, Mr Savvides advised recipients to avoid following links sent in emails or text messages, and instead visit websites directly.
Originally published as Cash losses soar as virus scams spread