Australians have been warned to remain wary of a rise in phishing emails as online hackers and scammers become more sophisticated in their methods of targeting people impacted by COVID-19.
Emails from these ‘threat actors’ pretend to be trusted brands and ‘lure’ victims in, before stealing their personal information, money, or hack into users’ devices, said security software company ProofPoint.
Although online scams have been around for decades, it is the sheer scale of them that is concerning, said Sherrod DeGrippo, senior director of threat and research detection at Proofpoint.
“Never before has there been such a convergence around a single social engineering lure for such an extended time,” she said
“Pandemic-themed attacks remain ever-present, transcending borders languages and industries.”
Proofpoint research has uncovered scammers spoofing postal delivery company DHL and the World Health Organisation in order to trick users into clicking malicious links, downloading files or handing over their personal details.
For instance, one email that appears to be from DHL Express takes advantage of the global COVID-19 vaccination rollout through claims that the user has “an undelivered COVID-19 Vaccine appointment reservation”.
Another email scam with an attached Word document labelled ‘Deadly variants of COVID-19’ looks like it was sent by the World Health Organisation.
US aerospace organisations have been particular targets of these emails. The attachment carries with it a remote access trojan – so once it’s downloaded, hackers are able to remotely gain access to the recipient’s device.
But DeGrippo said the most expensive type of scam was business email compromise (BEC) fraud, with Proofpoint researchers expecting malicious actors to continue leveraging this type of scam throughout the pandemic.
In one example, scammers claim they are “on [their] way” to a “COVID-19 vaccine conference” and issues an “urgent request” for the recipient to purchase $500 gift cards for their use.
According to DeGrippo, we should expect that COVID-19 scams will be here to stay.
“Threat actors will continue to follow the money, spoof trusted brands, and rely on social engineering to succeed,” she said.
“It’s important to remain wary of any unexpected messages.”
How can I protect myself?
If the site includes 'https://,' then it’s a secure site.Mark Gorrie, NortonLifeLock APAC senior director
These scams are only going to increase as Australia’s vaccine rollout provides a new way for scammers to target Aussies, according to Mark Gorrie, senior director at NortonLifeLock Asia-Pacific.
Here are some tips that can help you protect yourself:
If you have a VPN, keep it on. “Unencrypted connections may give cyber criminals a chance to snoop on data being sent and received by your device,” Gorrie said. A VPN encrypts the data being transferred to and from your account.
Stay wary of COVID-19-themed phishing emails. “Emails may appear to come from company officials, government or health bodies and might ask you to open a link to a new company policy related to the coronavirus.” But if you click or download it, it’s likely that you’re inadvertently downloading malware into your device. “Don’t click on the link. Instead, immediately report the phishing attempt to your employer and run a scan on your computer.”
Only use sites you trust when giving away personal details. Always check the URL, Gorrie advises. “If the site includes “” then it’s a secure site,” Gorrie said. But if the URL is missing the ‘s’ in https, it’s a red flag, and you shouldn’t punch in any credit card data or details like your tax file number.
Back up your files. In the event that your system or device is hit by a cybersecurity attack, you may have to wipe your device clean. “It will help to have your files stored in a safe, separate place.”