As concerns continue to rise over the spread of COVID-19, hackers are taking advantage of people’s fears to extract confidential information from victims. Several phishing scams of scammers posing as authoritative sources – like the CDC or WHO – have been identified by security organizations around the country. Here’s one recent example:
In these emails, a hacker may offer information about the virus in an attempt to collect a person’s account information and financial records, or to get someone to download malicious software. As a reminder, ITS highly recommends protecting yourself and your personal data when it comes to any suspicious communications:
- Watch out for persuasion to take action with little information (e.g., “Log into this site for more details about COVID-19 in your area”).
- Be on the lookout for spelling mistakes and grammatical errors.
- For any URLs provided in an email, check for https:// and examine the address to make sure it looks accurate.
- If you’re uncertain about a given URL, navigate to the website directly (e.g., head to cdc.gov or who.int for national and international updates, andWCM Central for institutional information regarding COVID-19).
- Verify the source of the information. Check the email address in the From: field by double clicking it to verify, or by hitting "Reply" to start a draft message and see where the email is going.
- Be wary of messages asking you to provide personal information to access content that should be widely available, like public health updates.
- If you’re not expecting a particular message, chances are it’s not for you!
Example of phishing attempt with a malicious attachment.
Think you’ve been hacked? Contact ITS
If you believe that your WCM accounts have been compromised, or if you’ve provided sensitive information, contact ITS immediately so we can take precautionary measures to secure your accounts. For personal accounts, change your passwords and set up multi-factor authentication, using a tool like Duo, when possible.
You can also forward suspected spam emails as an attachment to spam@med.cornell.edu. More fraud protection tips are available at phish.weill.cornell.edu.