An alert by the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has warned of a COVID-19 themed scam text being sent around, coming from the sender, “GOV”, and more could be on the way.
The text alerts the recipient with a notice that they have received a message in regards to the “COVID-19 safetyline” about symptoms and where to get tested in their local area, as well as a link at the end of the message.
The ACSC has warned that clicking the link may install malicious software on Android devices, with Clive Reeves, deputy chief information security officer at Telstra, which has jumped in to help shut down the scam, claiming it will prompt users to check a box allowing for the device to install applications from unknown sources.
Meanwhile, non-Android phones would be directed to a Government website.
Reeves said that Telstra has blocked the domain, as has Google through its Google Safe Browsing Initiative, but warned there is a possibility of copycat domains surfacing with the same malicious content.
The circulating text is the latest in a range of COVID-19 themed phishing scams since January 2020, with scams supposedly being sent supposedly on behalf of the Australian Medical Association and global bodies, including the World Health Organisation (WHO).
Reeves highlighted research from cyber security vendor Check Point Software Technologies, which identified the registration of 4,000 COIV-19 domains between January 2020 and 3 March 2020, and suspects that 120 of those domains, or 3 per cent, are suspicious.
An earlier COVID-19 phishing email sent out in January 2020 targeted Japanese users, claiming to have advice about the coronavirus outbreak, but contained the Trickbot malware in one of its attached documents. Reeves highlighted the fact that Trickbot was previously used to download the Ryuk ransomware.
While Telstra has blocked the offending domain, Reeves said the rapid nature of cybercrime means new copycat domains that potentially contain the same content are likely to surface.
Other COVID-19 phishing emails include the NanoCore remote access trojan, giving attackers control of infected systems, and links to malicious login pages for Adobe and Microsoft Office 365 products.
“We should all be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened,” Reeves said.
“These phishing attacks -- and dozens of others that promise information on COVID-19 -- entice users to open malicious attachments (some containing dangerous malware) and follow links designed to steal logins.
“We encourage everyone to be on alert for any unexpected emails that request users login to pages or download attachments. Looking for typos and poor grammar is a common but ultimately effective indicator of phishing.”
He also recommended that anyone working from home should avoid opening unexpected email document attachments and to either report suspected phishing attempts to their company or to just delete them outright.