Cybercriminals are capitalising on the urgency of COVID-19 communications to send hoax ‘phishing’ emails and SMS attacks that could infect computers or lead to the theft of logins and personal information.
Key points:
- COVID-19 is being used as a phishing lure by cybercriminals
- We expect to see an increase in exploits related to COVID-19 as publicity around the virus increases
- Cybercriminals are using trusted brands, like the World Health Organization (WHO) and the U.S. Center for Disease Control & Prevention (CDC), to build credibility and entice users into opening attachments
Latest example of an email phishing attempt:
The language used, below, in an example email sent to all employees on Sunday 29 March gives an idea of the tactics being used:
All Staffs and are expected to migrate to the New 2020 Microsoft Outlook Web portal to access ***ClickHere*** to migrate. Important notice: All staffs are expected to migrate within 24 hours to avoid delay on mail delivery. On behalf of IT Support. This is a group email account and its been monitored 24/7, therefore, please do not ignore this notification, because its very compulsory.
Sincerely.
Med Admin Team
What can you do? (Stop, Think, Click)
- Don’t click on COVID-19-related or any links or attachments you receive via email or messaging apps unless it’s coming from a trusted source. That includes messages to personal email providers like Gmail
- Don’t be fooled by legitimate-looking branding on messages you receive; unlike the example above there are some good fakes doing the rounds.
- Cybercriminals will also often use language that conveys a sense of urgency, so be alert.
- If you want COVID-19 news, use best practices by typing URLs into your web browser or using Google Search to search for sites
- Don’t put your credentials into third-party sites unless you’re 100 percent sure you’re on the correct site
- Report any suspicious messages to ITCyberSecurityOffice@monashhealth.org or contact IT Helpdesk on 9594 7255 (select option 1)