高清福利片

Dr Suranga Seneviratne is a computer scientist and cybersecurity expert from the Faculty of Engineering who warns that conditions caused by the pandemic are leaving Australians vulnerable to a scam surge. He provides timely advice for on how to spot scams and avoid becoming a target.

鈥淭he COVID-19 pandemic has hit Australia again. Many of us were caught off guard and we have all had to quickly react and adjust. Changed work conditions 鈥� or lack thereof, home-schooling, social isolation and information overload are making many of us,even the tech savvy,聽vulnerable to scams,鈥� said Dr Suranga Seneviratne.

鈥淪cammers target vulnerability and thrive on disorder 鈥� current conditions are the perfect breeding ground for this type of nefarious activity.

鈥淣ow, more than ever, we should be on high alert for possible cyber-crime and scam activities targeting us.鈥�

Lessons from lockdown 1.0

鈥淟ast year we witnessed several pandemic-specific scamming activities. The early days of the pandemic saw attempts to distribute malware using apps and websites disguised as providing COVID-19 information,鈥� said Dr Seneviratne.

鈥淭here were also phone, SMS, and email campaigns around the world where the attackers targeted mobile users with convincing stories, such as pandemic relief packages, test results, information about travel restrictions, and early access to vaccination. During the same time, regular scam activities 鈥� such as romance scams and fake advertisements 鈥� also increased locally as well as globally.

鈥淔or example, according to the Australian Competition and Consumer Commission (ACCC)鈥檚 latest report [link?], losses from scam activities sky-rocketed in 2020 鈥撀爄ncreasing by a staggering 23 percent compared to 2019. The US Federal Trade Commission reported similar trends in the US.鈥�

What鈥檚 happening this time around?

鈥淲hile it remains to be seen whether scam activities have increased during the current outbreak, there鈥檚 evidence that attackers are 鈥渟eizing the moment鈥� with crafty stories designed to exploit people鈥檚 heightened vulnerability,鈥� said Dr Seneviratne.

鈥淛ust last month, Australian mobile users were targeted by the 鈥楩lubot' scam. Targeted users received a seemingly innocuous SMS with a link to a supposed voice mail message. Once the link was clicked, users were asked to install a voicemail app, which was in fact malware. Some thought this message was related to their COVID test results.

鈥淒uring the pandemic, people have been getting calls from unknown numbers for all sorts of reasons, and not all of them have been nefarious. This increased communication, coupled with many people being more preoccupied than usual, has caused many otherwise cautious people to absent-mindedly click malware links or answer calls from scammers.

鈥淏usiness emails have also been compromised by scammers. Some businesses or individuals may be behind their payments due to the pandemic or dealing with challenging remote working conditions. Attackers have been pretending to be suppliers, trying to scam money from businesses.鈥�

鈥淔ake postage or logistic texts and emails, claiming to be DHL, Australia Post and Toll have been rife too, with scammers capitalising on the increase in orders and trade by post.鈥�

鈥淣ow that we are in a new financial year, increasingly, scammers are posing as the Australian Taxation Office and are requesting large sums of money. There have also been instances where people have received voicemails telling them they have a warrant out for their arrest because of tax evasion.鈥�

6 top tips for avoiding cyber scams

There are several easy, everyday actions we can all take that can protect us against cybercrime, such as: regularly updating our software; using antivirus solutions; creating secure passwords and; enabling multi-factor authentication.

There are also several scenarios in which you should proceed with caution:

1. If you receive an unsolicited message with a link, don鈥檛 click it. Many text messages appear to be legitimate, but on closer inspection are not (see fig.2).
2. If you receive a text alerting you to a voicemail, don鈥檛 click the link. Instead use your telco provider鈥檚 voicemail number to find out if you actually have received one.
3. The same goes with the bank or other similar institutions. If you get a message, don鈥檛 click on it. Instead, directly log into the bank from your computer or the app. Many banks are now moving away from sending texts containing links. Rather they only send messages like 鈥渢here was some suspicious activity in your account, please log in to your online banking portal and check鈥�.
4. Never give out your personal information over the phone on an unsolicited call. There are many occasions that we receive legitimate calls from unexpected numbers at unexpected times. However, if you give away personal information over the phone, it is strongly recommended that you first verify the identity of the other party. For example, if the person claims to be calling from the bank, ask for their name and enquire as to their request, then hang up and call the bank at a verified number and corroborate these details 鈥� the bank will be able to tell you if this was a legitimate request.
5. Check email sender information.
   While email filtering solutions are doing a reasonable job in preventing bulk phishing attempts from entering your inbox, highly targeted phishing and scam attempts can still make it into your inbox. Always check the email address of the sender and do a verification of whether it is really coming from the person it claims to be. For example, if one of your work colleagues emails asking for an urgent financial favour, verify whether it is the correct email. These phishing attempts will often get the names and contact information correct and combine it with a plausible story, but if you inspect closely you will realise the email address is not the one you know. For example, a fake University of Sydney email address might read: john.Appleseed@sydney.au.edu or john.appleseed@sydney.co.
   
   Especially on mobile devices, attacks often manipulate sender names so you only see part of the sender name, such as 鈥淎ustralia Post鈥�. But when you expand the actual email address, such emails will not have a valid Australia Post domain name (See Fig.2)
6. Remember everyone is vulnerable to being scammed. While all of this may seem obvious and straightforward, many tech-savvy people have fallen victim to these simple tricks and heightened stress is making us all more susceptible.