CORONAVIRUS: Detect and PROTECT Yourself AGAINST COVID-19 Phishing Emails & SCAMS - UPDATED
May 27, 2020
Cybercriminals are taking advantage of the news coverage around the novel coronavirus by impersonating legitimate organizations in phishing attacks. These phishing emails may ask you to click on a link or open an attachment to review statistics or updated policies. Once you click you are likely to download malicious software onto your device.
How can you spot coronavirus phishing emails & scams?
These fake emails can take different forms. Here are some examples:
- CDC Alerts - These messages are designed to look like messages from the US Center for Disease Control with a link to a list of cases in your area.
- Health advice emails - These messages appear to provide timely health and medical advice to help you protect against the virus
- Workplace policy emails - These messages are targeting employees' workplace accounts and include links to fake company policies that discuss remote work or travel.
- Charity Emails - These messages will appear to come from a charity requesting donations during a time of crisis. Please do your research on any organization you choose to collaborate with
- Mobile apps - There are a number of fake apps related to coronavirus contact tracing and outbreak maps that can install malware or steal your information.
- Personal Protection Equipment Sales - These scams relate to the online sale (through ads or websites) of protective items, and items that are in short supply across the country, such as protective face masks, hand sanitizer, and other products, due to the COVID-19 outbreak.
- Scam Calls and Texts - Scammers are using phone calls and text messages, to prey on fear and uncertainty. These calls and texts may offer free testing kits or protective equipment, assistance with student loans, or simulate a contact tracing alert.
- Internal Revenue Service (IRS) Scams - Scammers may try to get you to sign over your check to them or may use this opportunity to get you to "verify" your filing information, in order to receive your money, using your personal information to file false tax returns in an identity theft scheme.
- Extortion Emails - These e-mails threaten to release sexually explicit photos or personally compromising videos to your contacts unless you provide payment, often in virtual currencies. They often include personal information such as an old password, obtained in an older data breach.
How do I avoid scammers and fake ads?
Almost always the scammers appeal to a sense of urgency to get a response or get you to click on the attachment, link or advertisement. Like other scams, avoid clicking links or providing your personal information. If you had contact with someone infected with COVID-19, you may first get a text message from the health department, then get a call from a specific number. But tracers won't ask you for money or information like your Social Security, bank account, or credit card number. Anyone who does is a scammer.
Where can I find legitimate information about the coronavirus?
Additional Resources and Email Samples:
Additional Security Training:
To protect yourself take the online Drexel University Security Training (DUST). Students receive a certificate of completion from SANS, valued by some employers. Faculty and staff who complete this training -more comprehensive than the mandatory annual training- receive a certificate from Human Resources.
Students sign up by contacting the Information Security Office at firstname.lastname@example.org.
Faculty and professional staff sign up via Drexel One Career Pathway at https://one.drexel.edu.