Published December 14, 2021
If you received an official-looking email from your school or a government agency about COVID-19, would you click it? Cybercriminals are using the latest public health scare to spread scams, viruses and misinformation.
As always, exercise caution when browsing online, downloading apps or reading email.
Organizations like the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) have been warning the public that cybercriminals are using their names and images for phishing attacks.
The WHO cautions on their website, “If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.”
This same caution should be applied when receiving messages about COVID-19 from the University at Buffalo. Scammers have posed as schools and universities to target students with messages that appear to contain important information about COVID-19. But the actual goal is to steal login credentials or infect the student's computer with a virus, often with a harmful attachment or a link to a website that looks exactly like a university, Microsoft, or Google login page. Scammers even recreate the Duo prompt to fool students and employees into entering their passcode.
When looking for information about coronavirus online, visit official websites for trusted sources (such as the CDC or WHO) directly. For official information from UB about COVID-19, visit buffalo.edu/coronavirus.
Phishing emails will likely include alerts and warnings about COVID-19, along with a link. Once clicked, the link will take you to a malicious website trying to steal your personal information.
The email address may look legitimate at first glance. For example:
UB students regularly receive phishing emails in the form of fake job offers. These emails sometimes even appear to be coming from people at UB, like advisors, professors and deans.
Now many of these fake job emails are being branded as COVID-19 relief. One variation of the email touts a "student empowerment program" that is offering online jobs to students... all you have to do is reply and send them your personal email address.
Take a minute to review the signs of a fake job email. Although these scams may incorporate the latest events from the news, there are usually still signs that a job offer is too good to be true.
According to the U.S. Department of Justice, malicious websites that claim to host information about coronavirus actually contain trojan viruses that steal information, including sensitive data, from your computer.
Specifically, the website corona-virus-map[dot]com was cited as containing the AZORult Trojan.
The U.S. DOJ also reports that at least one Android app posing as a "coronavirus tracking app" (downloaded from coronavirusapp[dot]site) is actually ransomware that will infect your phone or tablet, locking it until payment is received.
Exercise caution when looking for coronavirus information on apps and websites not provided by reputable government, healthcare or educational sources.
Be skeptical of any email asking you to click on a link or open an attachment. Before clicking or opening anything in an email:
As the coronavirus sitatuation evolves, scammers continue finding new ways to exploit the crisis for personal gain.
By being careful about how you engage with apps, websites and email, you can avoid becoming a victim during this difficult time.