Scammers have a variety of avenues they may try in order to steal your money and sensitive information, and authorities around the globe have warned of several criminal scams tied to the coronavirus.
Along with selling false products online and phishing attempts via emails and texts, there are also reports of criminals impersonating government authorities and legitimate businesses across health, financial institutions and travel agents.
For up to date information or to make a scam report, visit the Scamwatch website. If you receive a suspicious message, contact the organisation directly before clicking any links and remember that most legitimate organisations should never ask you to confirm your passwords or identifying details over the phone or via a link.
Here’s what to be aware of
SMS phishing scam where a text message appearing to be from GOV or GMAIL is being sent with a malicious link to where to get tested in your local area. Some people are also receiving scam messages from myGov which are appearing in previous and legitimate threads from myGov. Cyber-criminals are also sending emails that appear to be from Australia Post with false information about travel advice in an attempt to get you to visit a website where they can steal your information.
In the US, it’s been reported that cybercriminals are posing as representatives from the World Health Organisation (WHO) to install malware or steal sensitive information. Such attempts may include asking for your login information, sending emails with malicious attachments or instructing you to go to a website other than www.who.int.
Cyber-security companies have identified a number of scams, such as phony websites selling consumers the ‘best and fastest’ Coronavirus tests. Similarly, some scams have involved emails telling you how to ‘boost your immunity’ to the virus or offering cures or vaccinations.
There have also been phishing emails sent to consumers, supposedly from the Centre for Disease Control and Protection. Often, the attachment will be an executable file that gives scammers a backdoor into your machine, or installs a Trojan virus that helps them harvest your credentials.
How to protect yourself from scammers
Being alert and aware is key. Any unsolicited approach to you via email, SMS, social media or on the phone could be a scam, so trust your instincts. Here are some handy guidelines to help you avoid being a victim of fraud or falling victim to one of the coronavirus scams currently circulating.
If you are directly affected by a natural disaster, you may seek a government grant to help you get your life back on track. Unfortunately, this is another area that is a fertile environment for scammers.
Scamwatch has offered more advice for those seeking government grants, to help them make sure they stay safe and secure.
- Double-check the email address. If, say, it’s a WHO email, the email address will look slightly different to an official domain, e.g. ‘person@who.int’ – not person@who.com. If anything but ‘who.int’ appears after the @ sign, chances are it is not from the WHO and could be a phishing email.
- Look for mistakes. Any typos, odd grammar, strange addresses, low res images or templates that look ‘thrown together’ can be a sign that the email is not legitimate. A similar-sounding domain name can also be a clue that it’s a scam so either delete the email or go and check the domain online.
- Don’t click on any links. If it’s a shopping email offering you a great deal or asking you to buy something and you’re interested in the product, ensure you’re buying it from an authentic source. Ignore the links in the email and go online to the actual website or search for the deal via Google.
- Think twice before providing sensitive information. There are no situations in which someone would need your login and password details. Be wary if they’re asked for, even from what looks like a legitimate source. Don’t feel rushed or under pressure to do anything, even though scammers are adept at catching you off guard or in a vulnerable moment.
- Protect your computer. Updating virus software, strong passwords and backing up your data is all essential. You should also password-protect your WIFI network and avoid using public hotspots to do online banking or provide sensitive information.
- Don’t allow remote access to your computer. One known scam in which criminals phoned people pretending to be from Telstra and requested remote access to their computer saw people lose hundreds. Anyone who gains access to your computer can install a virus or steal your data.
If you realise you have been scammed...
Firstly, don’t panic. But do be proactive.
You’ll want to go and change your passwords as soon as possible.If you think a scammer is posing as an organisation, you may also wish to contact the organisation to notify them, especially if it’s your bank. Let them know the specifics of the scam and exactly what you did, so they’re in a better position to protect you and your funds if the scammer does try to attempt to steal from you.
It’s also a good idea to report the scam to the ACCC and Scamwatch, so they can warn the community.