Warning: COVID-19 Phishing Scams

POSTED ON BEHALF OF THE INFORMATION SECURITY OFFICE

--

Warning: COVID-19 Phishing Scams

Malicious email phishing scams continue to target University of Arizona students, faculty and staff at a heightened level. The Information Security Office is especially concerned about phishing and malware scams taking advantage of fears surrounding the Coronavirus. These phishing attempts may ask you to enter credentials or urge you to open an attachment to learn more, potentially installing malicious code on your machine.

Please take the following precautions:

  • Question emails claiming to be from the Centers for Disease Control (CDC)or experts saying that have information about the virus.
  • Ignore online offers for COVID-19 vaccinations. There currently are no vaccines—online or in stores.
  • Do your homework when making donationsthrough charities or crowdfunding sites especially donations requested for cash, gift card, or by wiring money. See: https://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charity-scams

The University’s Security Operations Center recommends the following preventive measures:

  • Verify the sender’s email address.
    • University of Arizona has recently implemented External Sender Notification to flag emails that come from senders outside the university to help mitigate phishing attempts. Based on campus feedback, the External Sender Notification banner has been modified.  External emails will now have “[EXT]” in the subject line and “External Sender” in red font in the body.  
  • Validate authenticity of DUO Multi Factor Login Requests.
  • Be cautious with links or attachments.
  • Protect your devices.

COVID Scams continue to make their way through our campus, and with this new environment, it is important to share safe computing tips.  Please share the following information with your departments as appropriate.  Also attached, you will find a graphic that could be used in departmental newsletters or emails. 

 

Be Wary of COVID-19 Scams 

New scams continue to arise around the COVID-19 virus. Stay alert, particularly for:

  • Phishing Emails.
    • Recent attempts offer governmental financial support and attempt to gather personal information including your SS number
    • Messages promise personal COVID-19 test kits but have a malware attachment.     
  • False Websites. Scammers can prey on fears or make sensational claims. 
  • Illegitimate Charities/Donation Campaigns. Only donate to known, reputable charities.

Search for verified information on your own from sources like https://www.cdc.gov/coronavirus/2019-nCoV/index.html and major news outlets. Local resources for COVID information can be found athttps://www.bannerhealth.com/patients/patient-resources/covid-19.

Remote Work Cybersecurity 

Working remotely also brings about new nuances that might not have been considered in your or your staff’s normal business practices. Here are a few things to keep in mind around safe computing in a remote environment:

Data Classification

As information sharing changes, make sure you use the appropriate technologies for the classification of data you handle (Regulated, Confidential, Internal, Public). See the Data Classification and Handling Standard:https://security.arizona.edu/content/data-classification-and-handling-standard.

Conference Call Meetings

Many campus units are using Zoom as a means to stay connected for meetings and other social interactions. Add protections to your meetings to ensure they’re not interrupted by unwanted participants.  

  1. Password protect meetings and securely share the password with participants
  2. Enable a waiting room so that you grant access as people enter the meeting (not practical when you expect a large number of participants)
  3. Use the Only Host Can Share their Screen setting
  4. Turn off Allow Removed Participants to Rejoin

Home Computer Security

All computers used for University business should have a screen lock and be protected by antivirus/anti-malware. Remote staff who are using their personal computers to do work are eligible to install Sophos Home Premium. Learn more at: https://softwarelicense.arizona.edu/sophos-central.

It is recommended to do the following:

1.       Apply all Updates for Operating System and other Software

2.       Use VPN to connect securely to campus

3.       Utilize approved cloud storage instead of your local hard drive (protects from ransomware and other malware accessing documents)

For more information or to report a phish, visit https://security.arizona.edu/

 

Support and Resources

Please contact the 24/7 IT Support Center if you have questions about a potential phishing email at (520) 626-TECH (8324).   

If you received a phishing email, please notify the Information Security Office at https://security.arizona.edu/content/report-phish

Information Security Office
Computer Center
PO Box 210073 | Tucson, AZ 85721
security.arizona.edu