“When people are working at home, either on their own systems or corporate systems, they are more vulnerable to phishing attacks,” said Michael Connory, chief executive of research and advisory firm Security In Depth.
“Their personal systems might not be patched properly, they might not have the latest anti-virus software. Some hackers on the dark web say now is the absolute perfect time to attack.”
Security In Depth found the increase in phishing lures was evidence of cybercriminals capitalising on the overwhelming amount of COVID-19-related content now being shared online.
In a survey of 520 Australian businesses last week, the research firm found 70 per cent of emails were related to the virus outbreak.
Meanwhile around 4000 COVID-19-related domain names have been registered online since the start of this year, a recent report by threat intelligence analyst Recorded Future found.
Many of these domain names have been linked to scam emails using “trusted” organisations like the World Health Organization and U.S. Centers for Disease Control and Prevention, “to get users to open attachments or click on the link,” the report said.
In Australia cybercriminals have utilised fake myGov websites and text messages to capitalise on the thousands of Australians now seeking urgent financial support after losing their jobs overnight.
Mr Connoroy added that the health care sector, in particular hospitals, needed to be mindful of potential scams and ransomware attacks at a time when resources were already so stretched.
Last year some of Victoria’s major regional hospitals were targeted by a sophisticated ransomware attack, which ultimately forced healthcare providers offline.
At the time Premier Daniel Andrews said the criminal attack caused “weeks’ worth of work… to secure that network.” No personal patient data was believed to have been accessed.
Co-founder of EFTsure Mike Kontorovich said healthcare providers were “certainly more vulnerable” to attacks in the wake of the pandemic, thanks to increased activity in the sector.
EFTsure’s ‘Know Your Payee’ technology sits over an organisation’s banking platform. When a business enters payment information, the platform draws on a range of data sources to verify that payee and raises an alarm if it looks suspicious.
“There are a lot more legitimate requests for payment flying through, so it’s much easier to hide illegitimate requests,” he said.
“In the past month we have had three or four major attempts on businesses. I believe it is because cybercriminals know more people are working from home and a lot of security approvals, double approvals may not be happening.
He said consumers and business needed to be “just as cognisant of our digital health as our physical health right now.”
A spokesman for the Australian Competition and Consumer Commissioner said its Scamwatch portal had so far received more than 300 reports of COVID-19-related scams, with losses of more than $44,000.
The majority of losses deal with online shopping scams, however there were “18 reports of .gov.au scams.”
Other reported examples included superannuation scams, such as a text claiming to be from the National Superannuation Review, “offering a review of my superannuation due to COVID-19 and changes to legislation.”
There have been no reported losses from superannuation scams.
Lucy Cormack is a crime reporter with The Sydney Morning Herald.