A phishing pandemic (and offensive): Part III

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

As noted in part I of this blog, various reports have highlighted the significant increase in phishing scams in light of the global COVID-19 pandemic. In particular, there has been an increase in coronavirus-related emails and SMS messages that are embedded with malicious links or documents, created for the purposes of stealing personal information (among other things), usually for financial gain. In order to stop the spread (pardon the pun) of such virus-inspired phishing scams, the Australian Signals Directorate (ASD) has confirmed that it has launched an offensive against malicious attackers located offshore.

In a media release published by the Minister for Defence, Senator the Hon Linda Reynolds CSC noted that the ASD has launched the offensive against offshore attackers and has already successfully disrupted their activities by “disabling their infrastructure and blocking their access to stolen information”. Minister Reynolds also confirmed that some of the phishing attacks involved the attackers posing as health officials and using malware to infect vulnerable Australians’ computers in order to steal their personal information.

As part of its offensive against phishing attacks, the ASD’s Australian Cyber Security Centre (ACSC) is working closely with telecommunication companies in order to block access to websites identified as malicious. The ACSC is also working with web-browser companies, such as Google, to have the websites flagged as malicious in order to warn web-users prior to visiting the websites.

While we are likely to continue to see further surges in phishing scams during the pandemic, the ASD’s offensive against malicious offshore actors has only just begun and is expected to bring about a reduction in successful viral (of the electronic kind) attacks.