Scammers are using the public interest in Covid-19 to create opportunistic online scams and attacks, Cert NZ warns.
The Crown agency was set up as a cyber 'triage unit" (the initials stand for Computer Emergency Response Team) and can direct people or small businesses to the right law enforcement or technical help in the event of an online attack, or attempted scam.
Cert NZ director Rob Pope says international partner agencies, including Interpol, have issued alerts about three types of Coronavirus scams doing the rounds:
Text message scams
Reports have been received in Australia of Covid-19 themed scam text messages that have a link that claims to direct people to testing facilities, Cert NZ says. This link is not legitimate and instead may install malicious software on your device that's designed to steal your personal information, such as banking details.
Phishing emails claiming to have updated Covid-19 info
Individuals in the UK have been targeted by coronavirus-themed phishing emails, with infected attachments containing fictitious 'safety measures'. Instead of the link containing health information, it instead installs malicious software on your device that's designed to steal personal information.
Cert NZ been made aware of similar emails being circulated internationally that encourage people to fill in their email and password before they can get information on Covid-19. These are not legitimate, and instead are an attempt to steal personal information.
Fake coronavirus maps
Security researchers have identified a new campaign where the attackers claim to have a 'coronavirus map' application that people can download onto their devices. Instead, the application is malware, designed to steal sensitive information from the device it is downloaded onto, such as passwords.
The Catholic Diocese of Auckland warned its members about the fake map scam earlier this week.
Cert NZ advises people to
• Be sceptical of advice that doesn't come from official sources, particularly if it's been sent to you unexpectedly. Pope recommends anyone looking for Covid-19 information looks to their regular news sites and official government websites.
• Protect your passwords and login credentials, don't enter these into any websites relating to the COVID-19 virus.
• Keep your devices up-to-date.
• Keep your antivirus up to date and run regular checks.
• Report suspected malware or phishing attempts to Cert NZ
Earlier, Herald tech columnist Juha Saarinen warned organisations that many staff working from home would have older modems and routers with poor security - and that while software and services like virtual private networks could boost remote-access security, they can also hurt performance if an unusually high number of people use them at once. Run drills now to see how your orgnaisation's network holds up under pressure, and whether it need reconfiguring.