Scammers love to prey on people who are emotionally drained… and the heightened anxiety felt across our society during the recent health crisis has unfortunately provided them with new opportunities.
With numerous financial stimulus packages released by the Government, cybercriminals are increasing their efforts to gain identification records that will help them access bank accounts or other financial records.
The Australian Cyber Security Centre (ACSC) recently released the details of a number of scams currently being reported around the country.
We look at some of these scams today and encourage you to be cautious of their methods.
Bank themed SMS phishing scam
One current scam is in the form of an SMS that appears to be from a legitimate Australian bank. The details of the SMS indicate that you have to update your details before being able to continue to access the bank’s services. The message is sent under the premise that due to COVID-19 all customers must review their personal information.
There is a link included in the text message that seems to be a URL connected to the bank, but it is actually “a malicious website that is hosting malware.” The malware is designed to then harvest your financial information.
In this example, the ACSC has already lodged a “take-down request” with the domain registrar and has distributed a request to block the website through Australian telecommunication companies as well as Google and Microsoft.
Australian Government COVID-19 payment relief email
Another scam seeking to gain access to personal banking information has been circulating in the form of an email from an Australian Government official. The email instructs the reader to open an attached document that contains details about receiving COVID-19 payment relief.
The attachment is embedded with malware that automatically attempts to steal sensitive information such as usernames and passwords.
Again, the ACSC has submitted a “take-down request” to the domain registrar based in South Africa and has sought to have the website blocked.
Similarly, a separate scam utilising an Australian Government persona suggests you have an “allocation of subsidy benefit.” The email asks the recipient to reply with the details of their tax file number and copies of identification documents such as a passport, driver’s licence and Medicare card. With these key pieces of personal information, identity theft is likely and “criminals could open bank accounts or take out loans in your name.”
COVID-19 testing SMS phishing
GOV or myGov identities have been used to send text messages that appear to contain important information about coronavirus testing or restrictions.
The sophistication of these scams enables the messages to be received within legitimate message chains from Services Australia.
The link within the message directs you to a website that looks like an official government domain but again contains malicious malware.
Woolworths grocery giveaway
The Australian Competition and Consumer Commission’s [ACCC] Scamwatch website has also received reports of a phishing scam involving Woolworths.
The text encourages the recipient to click the included link to register for “free groceries worth $250” that Woolworths is offering to support the nation during the pandemic.
While the website URL appears to be a legitimate domain belonging to the retailer, it is another attempt to gather sensitive personal data.
Tax Practitioners Board warning
In addition to the many SMS and email based scams, the Tax Practitioners Board (TPB) is also warning of fraudulent offers of advice and services relating to the various financial stimulus packages. Unregistered organisations are offering misleading advice services for schemes such as JobKeeper, Cash Boost for Business or Early Release from Super.
These services are often promoted on social media and are “usually bundled with unnecessary services in a subscription or locked-in contract.” Plus, there are others that might request information such as Tax File Numbers and myGov login details.
The TPB encourages you to contact them if you “become aware of a potential scam or unregistered tax practitioner offering stimulus benefit advice.”
How to protect yourself
The ACSC outlines a number of helpful tips you can follow to protect yourself, such as:
- consider who the sender is and what they are requesting; if unsure contact the organisation through a verified channel
- do not open any attachments or click links in unsolicited text messages emails
- do not provide any personal information to an unverified source and never allow remote access to your computer
- use email, SMS and social media platforms that use spam and message scanning
- use two factor authentication on all your essential services – email, bank accounts, social media – as this is much stronger security.
It is also worthwhile regularly reviewing any recent notes on current scams. The resources provided through this article are constantly updated.
If you are concerned about any communication you have received or if you believe you might have had your personal information collected, contact the Scams and Identity Theft Helpdesk (Monday to Friday) on 1800 941 126. If you experience anything suspicious, you can also contact a First Financial team member for advice. Read more Financial Industry articles.