Credit: Dreamstime
Telstra’s cyber security unit has warned of a phishing scam making use of a fake Microsoft Office 365 login page, targeting those working from home amid the coronavirus pandemic.
The scam references the victim’s workplace and include the domain found in the victim’s email address in the email’s subject line, a malicious link and signature.
When accessed, the link sends the victim to another URL, loading a page that appears to be a Microsoft Office 365 login screen. However, any entered usernames and passwords will be sent to the scammer.
Telstra’s cyber security team has been working with the Federal Government’s Australian Cyber Security Centre (ACSC) to block malicious domains as they appear.
As phishing emails are altered to target specific individuals and to avoid exposure, Telstra’s cyber security team noted that this particular example could change.
The alert of this phishing scam follows a similar one made by Telstra’s deputy chief information security officer Clive Reeves about fake login pages masquerading as Microsoft Office 365 and Adobe services.
Other COVID-19-themed scams include a text message scam targeting Android phones, email scams claiming to contain updated coronavirus information or relief payment but install trojans and other malware and impersonation scams claiming to be from the World Health Organisation (WHO), Telstra and other businesses.
A fake antivirus scam has also been identified that claims to defend against the actual biological coronavirus but instead adds infected devices to a botnet.
