Make-believe and malicious: Cyber scam targets Australian media using fake news website

| 07 Sep 2022

Media Enquiries

M: +61 2 9385 2864
E: media@unsw.edu.au

Find a UNSW Canberra Expert

A cyber espionage campaign has targeted Australian government agencies, media companies and universities through a fake news website filled with malware.

According to US cyber investigators Proofpoint, the scam saw hackers set up a fake news website populated with stolen content from BBC News. The hackers, claiming to be from Australian media outlets, contacted unsuspecting targets to provide written content for the website, including a link to the malicious site. When targets visited the site, harmful code would be installed onto their device, allowing the hackers to steal vital and personal data.

Screenshot of email being sent by hackers
Hackers posed as fake Australian news outlets. Image: Proofpoint

The scam ran for over a year, showing the extra length hackers are willing to go to gain the trust of unsuspecting targets; only to lead users straight into a twisted trap.

Creating fake and malicious news sites appear to be an obvious tactic for hackers considering how much news the average person consumes according to UNSW Canberra cyber security expert Nigel Phair.

Hackers can be very rational when required, they change their tools and techniques as needed to create a ‘winning’ formula,” Nigel said.

With phishing scams appearing more complex and realistic, it is becoming increasingly difficult to identify scams in an instant. Nigel provides some checkpoints that everyone should consider when they are uncertain if they are the target of a phishing scam.

“Firstly, internet users need to look at some key features, including the URL to determine if the address looks realistic, let alone if there is any similarity with what is in the contents.

“Secondly, the call-to-action is another decision point. Online criminals will usually ask for something, like username and password details, or filling out a form with other personally identifying information or clicking on a link which may download a computer virus.”

You never know when you will be the next target for a phishing scam, but you should always remain aware to avoid your personal data being unknowingly harvested.

“Always be wary when navigating the online environment, the internet is neither nirvana or a cesspit, it is up to us, as digital citizens to make it be best place it can be and help each other to identify criminal activity and make sure our friends and family don’t fall prey.”

Priority Area
lensCyber
Tags
lensNews
Organisational units