Be extra vigilant and stay alert!
As much of the world grapples with COVID-19 and how to handle it, cyber attackers are taking advantage of the widespread discussion of COVID-19 in emails and across the web. ITS wants to alert our community to remain vigilant for scams related to COVID-19. Cybercriminals may send phishing emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise extreme caution in handling any email with a COVID-19-related subject line, attachments or hyperlinks, and be wary of social media pleas, texts or calls as well.
Be on the lookout for vishing (voice mail phishing) too. Phone scammers have seized the opportunity to prey on consumers. Scammers are also using robocalls to target consumers during this national emergency.
If you receive a suspicious email, please forward it to email@example.com and the ITS Information Security team will investigate the incident.
These phishing emails may also claim to be related to the following subject. Click the list below for an example.
- Spoofs of authoritative sources, such as CDC (Centers for Disease Control), WHO (World Health Organization), and HR
- Fake charitable contributions to an individual or to a fake charity
- Health advice emails with health insurance pitches and fake medical bills
- General financial relief
- Airline carrier refunds
- Fake cures and vaccines
- Fake testing kits
Check this page often for updates on COVID-19 related scams. The following are some phishing emails examples.
Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.