What types of scams are currently circulating relating to COVID-19?
SMS phishing campaign
The Australian Competition and Consumer Commission (ACCC)’s Scamwatch has received multiple reports of COVID-19 themed scam texts being sent to members of the public.
A text message appearing to come from numerous senders such as ‘GOV’ ‘GMAIL’ and ‘myGov’ and including a link which states where and when you can get ‘tested in your geographical area’ for COVID-19. The link in these text messages is not legitimate, and if clicked on, may install malicious software on your device, designed to steal your banking details
A phishing text is received, it invites the recipient to click on a link for free ‘Netflix Access’. When the person clicks on the link, it takes them to a page to log into their Whatsapp account. Once in Whatsapp, it asks for your name, email & DOB and to send the link onto 10 of your contacts. The sole purpose behind this scam is to steal Netflix users' sensitive data, including credit card information.
Coronavirus 'safety measures' phishing email
A Coronavirus ‘safety measures’ email which is branded to have been sent from the ‘World Health Organization’ (WHO) is a phishing scam. It advises users on the safety measures that should be followed to prevent the virus.
The document attached to the email is a compromised file which if downloaded or opened on your device will infect your device with ransomware.
COVID-19 relief payment scam
A COVID-19 relief payment scam has been circulating that offers recipients $2,500 in COVID-19 assistance payments if they complete an attached application form. The attachment contains an embedded macro that downloads malicious software onto the recipient's device. If you receive these types of phishing emails, do not open the attachments and simply delete the message.
Other notable scams
- Some organisations have made dashboards to keep track of COVID-19. Cyber Criminals however have found a way to use these dashboards to inject malware into devices and steal information such as user names, passwords, credit card numbers stored in your browser. This application doesn’t need any installation and shows you a map of how COVID-19 is spreading, this allows them access to your device.
- Cybercriminals are also developing a range of scams targeting an increasing number of Australians that are working from home. The ACSC has been made aware of an overseas scam that invites people to support a ‘Coronavirus Relief Fund’ as a casual employee or volunteer. Applicants are told they will be assisting with processing ‘donations’ intended for COVID-19 support services.
MLC Life Insurance is committed to protecting our customer's online interactions, ensuring that you can transact online confidently and securely, no matter where you are or what device you are using.
We will never:
ask for your password
ask you to enter information on a web page that isn't MLC Life Insurance
send you an email or SMS asking for financial and/or personal information
These are used to verify the identity and authenticity of our websites. To see it, click on the padlock icon on your screen in the address bar.
We will proactively lock your account if we see repeated unsuccessful attempts to log in on your account. If you find your account is locked, someone may have been trying to log in as you. If you accidentally locked your account yourself, click the ‘Forgot your Password?’ link.
Our website uses encryption to protect all traffic. This means that everything you do on our website, from browsing our product brochures to logging in and managing your policies, is confidential. We stay current with top rated cryptographic algorithms to ensure your traffic is safe.
If you have been inactive for a while, we will automatically log you out, so your account is kept in a safe state. You will need to log in again when you want to continue.
If you think you have received an MLC Life Insurance branded scam email, please forward it to our cyber security team via firstname.lastname@example.org
The tips below can help to protect your personal and financial information from fraud and scams.
- Do not open suspicious or unsolicited emails – if unsure, delete immediately or contact the person/business through a separate, legitimate source to confirm it.
- Do not click on any links or open any attached files on suspicious emails
- To get to the MLC Life Insurance website, best practise is to enter the address (ie, www.mlcinsurance.com.au) manually directly into your browser
- Resist the urge to act urgently. A lot of phishing emails want you to act immediately. If you are unsure, ask out loud and get a second opinion.
- Be careful when clicking unsubscribe on an email. Spammers may use the 'unsubscribe' button to validate your email address, resulting in even more spam.
- If the offer seems too good to be true, it probably is! If unsure, always delete.
- Use up-to-date and comprehensive antivirus software.
- It is important to remember, criminals can set the "Sender Name" of SMS messages to make it appear as though they're being sent by the legitimate organisation and appear in the same "thread" as other legitimate messages on your device. This can make them more difficult to identify.
- Fraudulent SMS messages often feature similar characteristics to phishing emails and include links and/or attachments. Do not click on these links or attachments
- MLC Life Insurance will never ask you to provide your personal or financial information via SMS.
- Fraudulent SMS messages will often ask you to click a link which directs you to a fraudulent web page. If the link looks unfamiliar, it's likely a scam.
- Always check the website address as fraudulent URLs look remarkably similar to legitimate ones.
- Never enter personal or financial information on a website if you're not certain it is genuine.
- Never send your personal, credit card or bank account details through an email.
- Keep your passwords and PINs safe and don't share them with anyone.
- Have a different password/PIN for every online account.
- Check your credit card and/or bank statements regularly for suspicious transactions.
- If you accidentally provide account or banking details to someone suspicious, you should contact your bank or financial institution immediately.
- Phone calls
- If you are unsure of the nature of a call or who is on the other end, do not commit to anything. Hang up and call the organisation directly. Never use contact details provided by the caller - find the number through their website or the White Pages.
- If a bank or any other organisation phones you, don't provide your personal or financial information.
If you believe your online security has been compromised contact us immediately on 13 65 25 (or +61 3 9121 6500 from outside Australia) between 8am and 6pm (Melbourne and Sydney time), Monday to Friday.
If you receive an email, phone call or letter in the mail and think it's a scam you can:
- Visit the SCAMwatch website to check out the latest scams.
- Report it to the ACCC via SCAMwatch or by calling 1300 795 995
For more information on how to identify and respond to fraud and scams, you can visit some of the websites listed below:
Australian Government | Stay Smart Online (SSO)
Stay Smart Online provides topical, relevant and timely information on how home internet users and small businesses can protect themselves from, and reduce the risk of, cyber security threats such as software vulnerabilities, online scams, malicious activities, and risky online behaviours.
You can subscribe to the Stay Smart Online Alert Service at https://www.staysmartonline.gov.au/alert-service to keep updated with the latest threats and current scams.
Australian Government | Australian Cyber Security Centre (ACSC)
The Australian Cyber Security Centre (ACSC) brings cyber security capabilities from across the Australian Government together into a single location. It is the hub for private and public sector collaboration and information-sharing to combat cyber security threats.
To report a cyber security incident, go to https://www.cyber.gov.au/report
Australian Competition and Consumer Commission | Scamwatch
Scamwatch provides information to consumers and small businesses about how to recognise, avoid and report scams using publications, videos and other online resources.
Australian Government | Office of the eSafety Commissioner
The Office of the eSafety Commissioner provides online safety education for Australian children and young people, a complaints service for young Australians who experience serious cyberbullying, and address illegal online content.
Australian Government | Attorney-General’s Department
The Attorney-General’s Department website provides helpful information and resources about your rights and protections in regard to identity security, freedom of information and cyber security. The Department has developed a range of resources to assist people protect their identity and recover from the effects of identity crime.
Identity theft and misuse
Joint public-private sector not-for-profit organisation providing free services to victims of identity theft and misuse. iDcare tailor’s response plans for each individual circumstance.
Phone: 1300 432 273
Australian Government website providing information about protecting and recovering your identity.