Information Security

Take the TWU Info Sec Course

Useful Cybersecurity Tools

Beware of COVID-19 related scams and phishing emails

As people across the country take to distance learning and teleworking, cybercriminals are looking to profit from pandemic fears with a surge of scams, phishing emails, and malicious software related to COVID-19. You will most likely experience an increase in COVID-19 related marketing and messaging through various channels (e.g. browsing websites, emails, phone calls). Some of these messages will convey important official news, while others will undoubtedly be fake with malicious intentions. 

Scams and phishing attacks range from the typical “Are you available?” gift card scam, fake charity organizations, to COVID-19 trackers applications containing malware. Recognize more of these attacks by reviewing the latest round-up of COVID-19 related scams and phishing attacks. 

In these uncertain times, practice the following security tips to stay safe online: 

Verify the source - The new proactive cybersecurity adage has become ‘verify, then trust.’ When a message seems out of place, trust your gut feelings and verify the request through another separate method of contact to confirm it’s authentic.

Play defensively - Ensure you practice good cybersecurity hygiene by installing anti-malware software on your computer and examine messages with additional scrutiny.

Scrutinize the urgency - If the message carries a undue sense of urgency, especially one that prompts you to act, take a deep breath, step back and analyze the message objectively. Scams and phishing campaigns force an emotional response. Recognizing when this happens puts you one step ahead. 

Think before you click - In addition to the above tips, never open an attachment or click on a link from senders you don’t recognize. The attachment or link won’t expire, so you’ll have time to think it over for a few extra critical seconds. 

Report a Phish - Everyone plays a crucial role in preventing scams and phishing attacks. If you receive one, please follow these instructions for reporting a phish

For additional helpful consumer tips, please review from the Federal Trade Commission advisory on responding to COVID-19 scams.

What is Smishing?

Text or SMS-based phishing (otherwise known as ‘smishing’) has become an emerging threat.

Your contact information is scraped or gathered through a public forum or contact list such as an attendee listing or conference/webinar signup sheet. An attacker makes the assumption that the parties are related (e.g. all work at twu) and attempts to send the phishing attack through sms texts impersonating one party.

Here are some additional resources that explain what a smishing attack is, as well as tips to guard against them:

The best ways to guard against a smishing are similar to guarding against phishing emails. Always scrutinize the implied urgency of any message you receive, and if possible, verify with the sender using another method (e.g. calling the sender to confirm). 

Page last updated 1:27 PM, July 30, 2020