Hackers are taking advantage of people’s fears by launching a wave of COVID-19 themed phishing attacks.
Typically, these attacks deliver malicious links or attachments to people purporting to be from trusted organisations. Sometimes they claim to be from healthcare organisations, at other times from financial institutions or even government agencies such as the Australian Taxation Office.
Delivered via email, SMS, voice message, or other communications platforms such as Zoom and Microsoft Teams, they create a sense of urgency to dupe unsuspecting people into clicking the link or opening the attachment.
Even downloadable apps aren’t always secure. Recently, a trojan was discovered in an Android app which claimed to track the global number of COVID19 cases. However, once the app was installed, it locked the mobile device and demanded $100 worth of bitcoin in order to unlock it. If the ransom was not paid, the attackers threatened to delete all the victim’s data within 24 hours.
Once the recipient a recipient clicks a malicious link or opens an attachment, malware can be installed on the computer or mobile device.
The most common purpose of these attacks is credential harvesting. Hackers seek to steal confidential login and password details to online banking platforms, email or social media accounts. This enables them to engage in identity theft and financial fraud.
In an age of remote working, people are particularly vulnerable. When working from home, the sorts of security measures within the corporate environment don’t exist. People use weaker home wi-fi networks, whilst remotely accessing the enterprise network from outside heightens the risks to an organisation’s valuable corporate, financial, customer and staff data.
Users are strongly advised to take additional precautions when receiving files from unknown senders, when opening attachments and clicking on links, particularly where they contain special urgent news or safety information, as well as lookalike domains containing spelling errors.
Heightened awareness is key given the scale of threats and the increased possibility that one click could lead to your system’s compromise.