COVID-19 and financial scams: how the pandemic has dictated the threat landscape in 2020.

About two weeks ago, I published an article on LinkedIn and the Cyber Aware blog in which we forecasted a second wave of scams related to COVID-19. The article demonstrated that compared to the March/April period of 2019, in which Australians lost over $20 million dollars to scammers, the same period in 2020 saw an approximate 33% increase to this already colossal figure, at almost $32 million dollars in financial damages.

It’s common knowledge at this point that the current pandemic has introduced a plethora of scams to the Australian public, but what stood out to us largely was the following statistics in which there is a clear correlation between a sharp decrease in both COVID-19 daily cases, and financial damages as the result of scams.

Financial losses per month as a result of scams in Australia (Link)

Daily COVID-19 cases detected within Australia over recent months (Link)

In Victoria, where Cyber Aware is based, and wherein daily coronavirus cases recently broke 400, we’re gearing up for not only a second-round of lockdown restrictions and safe-practice, but also for the second round of COVID-19 related scams.

The reason that we attribute the rise in scams to causation rather than a mere correlation with COVID-19, is because of how hackers and scammers have operated historically. 90% of data breaches are successful directly due to human error. Scams are designed to directly pray on human insecurity, and create a sense of urgency behind a fraudful message. Whether it’s demanding bank details to “rectify a tax-claim error”, requesting sensitive data under the guise of a trusted colleague, or deceiving an out-of-work citizen into making payment for a false superannuation claim during the pandemic.

Hackers look at the vulnerable circumstances generated by the 2020 pandemic and see nothing but an opportunity to embezzle money from innocent individuals. Already we’re seeing this resurfacing in line with the increasing cases and media-attention, as ATO and government scams against the Australian public skyrocket.

And again, this trend of hackers jumping on mass-insecurity during times of disaster is evident as far back as September 11 in 2001, all the way through to the rampant bushfire scams at the beginning of 2020.

Typically, a trusted source is used to pray on this insecurity, such as government agencies (link) or well-known brands.

Take this recent scam for example, in which attackers send fraudulent email and SMS notifications claiming to be the Australian Taxation Office. Typically, the scam will look something similar to the below and will result in the victim granting full access of their ATO account to a malicious party.

Furthermore, not only have there been more scams, particularly praying on public concerns surrounding the pandemic, but our relationship to technology has shifted as a result of our mass migration to work from home as well.

This has frequently resulted in a lower quality of security, with people now sending private work information via personal social media accounts, sharing said data on family-shared computers, and operating largely on less secure internet connections and often without a VPN in place.

This has all resulted in not only a challenging obstacle to our productivity and workflow, but also to our workplace security.

Moving into the latter half of this unprecedented year, stay aware and cyber-safe with the following three tips:

• Be vigilant of scams. Any time you receive a sensitive request for action, whether it be logging in to a system, providing payment information, or supplying private/personal information, make sure that you were expecting the request and that you have verified the source of contact. Stay up to date on current COVID-19 scams via Scamwatch.
• Keep your personal and professional data separate. It can be easy to send a file via Facebook or your personal Gmail account, but in doing so you are increasing the risk of a data breach significantly. It may be difficult, but make sure your work-from-home systems are the exact same as the ones in your office. Keep your work at work, and off of personal accounts.
• Give each other a hand. The major difference in whether or not you fall victim to a scam is always going to be awareness. If your colleagues aren’t aware of the current scams, or if you spot an unsafe practice, let them know! Give your colleagues a friendly reminder or tip from time-to-time, and it can make a world’s (or bank account’s) worth of difference. The best defense against social scams is a social firewall.

For more tips and news on cyber-safety in 2020, visit cyberaware.com!