COVID-19 scams abound, and cybercriminals are using the
public’s vicarious interest against them. Here are the current ones – we will
update as we hear of more.
There is no doubt that cybercriminals are an agile and resourceful
lot. In a week they have mobilised at least a dozen cleverly socially engineered
scams and hundreds of regional variants. Here are some of the COVID-19 Scams to
watch out for.
Scam 1 – Give me your details to get the Government assistance
The Government’s assistance package will come to eligible
people via the MyGov (Medicare) and other relevant government databases. You
don’t have to do anything to get a benefit.
There has been a tsunami of phishing emails requesting that
you login to see if you are eligible. Login inevitably says you are, but you
need to prove who you are by providing name, address, date of birth, bank
account details and at least two forms of proof of identity. Some ask you to
upload a photo or scan of the front/back of a driver’s licence, your passport
ID page and even copies of a utility bill.
THIS A SCAM – the Government never asks for this
Scam 2 – Forms physically distributed to vulnerable groups at retirement villages
This is a version of the email scam for those who don’t use the
internet. We have word (but no proof yet) of scammers distributing official-looking
forms door to door at retirement villages informing the resident of the
government bonus and requiring the same information as the phishing email.
Scammers say you must fill in the form NOW and take photos of ID (as most don’t
have a scanner).
We are not sure how widespread this is because it could take
a lot of organising, but it only takes a small success percentage to make
Scam 3- Telephone fraud – your mum/dad/long lost cousin has COVID-19
Criminals call pretending to be clinic or hospital
officials, who claim that a close relative of the victim has fallen sick with
the virus and request payments for medical treatment.
This is rare in Australia but if you get a call check it out
Scam 4 – This is your bank/post-office – we are closing branches for two weeks, so you have to register to use online
This has happened in the US, and the email directs you to a
form or an app to allow temporary local banking/posting asking for all your
details. The app can infect your device and steal your details.
No bank or post-office would ever do this.
Scam 5 – COVID-19 Advisory emails asking you to download the latest update
Phishing emails abound with links to either so-called
advisory sites or links to download helpful information. The links may be in
the form of Word.doc, PHP or EXE and are poisoned and download malware. They
use clickbait headlines like “Pope dies – an unholy war on COVID-19” or
Never click on a link if you don’t know its pedigree
Scam 6 – Malware in COVIDS-19 Maps and information websites
Those that vicariously want to know infections in their
neighbourhood are most at risk.
Scam 7 – highly targeted workplace, school, university or TAFE phishing
There are reports of staff at large companies or students
receiving emails telling them to work from home. To do so, click the link to
the institutions/company’s new Communicable Disease Management Policy and
remote work protocols. This has a very high opening and infection rate.
Check with the real HR first – call them!
Scam 8 – Fund COVID-19 research
Fundraising scams abound and get your credit card details. If
you want to donate, do it directly with the research hospital.
Come in spinner.
Scam 9 – Donate your excess CPU and GPU time to COVID-19 research
There are social media campaigns to get you to donate excess
CPU/GPU time to research. You download the app, and it secretly starts Bitcoin
mining, loading malware as well as stealing your data.
This mostly happens via gaming and special interest groups.
Scam 10 – Social media like Facebook
Scammers have been active in littering social media with
photos, stories, offers and cures, but the result is always the same – click on
the link and become infected with MALWARE-19.