CORONAVIRUS: Detect and PROTECT Yourself AGAINST COVID-19 Phishing Emails & SCAMS - UPDATED
March 25, 2020
Cybercriminals are taking advantage of the news coverage around the novel coronavirus by impersonating legitimate organizations in phishing attacks. These phishing emails may ask you to click on a link or open an attachment to review statistics or updated policies. Once you click you are likely to download malicious software onto your device.
How can you spot coronavirus phishing emails & scams?
These fake emails can take different forms. Here are some examples:
- CDC Alerts - These messages are designed to look like messages from the US Center for Disease Control with a link to a list of cases in your area.
- Health advice emails - These messages appear to provide timely health and medical advice to help you protect against the virus
- Workplace policy emails - These messages are targeting employees' workplace accounts and include links to fake company policies that discuss remote work or travel.
- Charity Emails - These messages will appear to come from a charity requesting donations during a time of crisis. Please do your research on any organization you choose to collaborate with
- Mobile applications - There have been a number of fake apps such as coronavirus outbreak map trackers that are actually ransomware, that lock down your phone and demands you pay the hackers.
- Personal Protection Equipment Sales - These scams relate to the online sale (through ads or websites) of protective items, and items that are in short supply across the country, such as protective face masks, hand sanitizer, and other products, due to the COVID-19 outbreak.
- Scam Calls - Scammers are using phone calls and robocalls, taking advantage of the coronavirus pandemic to prey on fears and uncertainty. These calls may offer free testing kits or assistance with student loans.
How do I avoid scammers and fake ads?
Almost always the scammers appeal to a sense of urgency to get a response or get you to click on the attachment, link or advertisement. Like other scams, avoid clicking links or providing your personal information.
Where can I find legitimate information about the coronavirus?
Additional Resources and Email Samples:
Additional Security Training:
To protect yourself take the online Drexel University Security Training (DUST). Students receive a certificate of completion from SANS, valued by some employers. Faculty and staff who complete this training -more comprehensive than the mandatory annual training- receive a certificate from Human Resources.
Students sign up by contacting the Information Security Office at firstname.lastname@example.org.
Faculty and professional staff sign up via Drexel One Career Pathway at https://one.drexel.edu.