SECURITY ALERT: Coronavirus-related phishing attacks
In March, I sent an email alerting the KU community that criminals were using the COVID-19 pandemic to send phishing messages, dangerous attachments and links to malicious websites. These attacks have continued and intensified over the past several weeks because attackers know people remain frightened and crave COVID-19 information. This pandemic makes us all more vulnerable to social engineering and cyber-attacks.
The most important thing I can tell you is:
- Do not open attachments or click on links in emails from unknown senders that claim to provide coronavirus/COVID-19 information.
- Check the “from” email address carefully to make sure it is legitimate.
There are plenty of credible sources for COVID-19 and related health information (see below). I can guarantee an email isn’t going to be the source of new and eye-opening information about COVID-19 or the pandemic.
KU Information Technology employs sophisticated technology to protect your KU workstation and our campuswide systems. However, you are the most important line of defense. Your diligence in identifying suspicious emails or other malicious activity is the strongest protection for you and the University.
Remember—all phishing and malware messages share common features:
- The “from” address is not a legitimate sender for the information source the message claims to be from. (For example, from address domain is “@gmx.com” but the message claims to be from the Centers for Disease Control and Prevention.)
- The message is intentionally written in a way to make you panic and click without thinking.
- The message might use poor spelling, grammar or unusual syntax.
Attackers will vary their techniques and COVID-19 phishing emails will come in different forms, so be wary of any messages that look suspicious.
Credible Sources for Coronavirus Information
The first and best source of authoritative information on COVID-19 is federal government's Coronavirus website. KU-specific information is available on the university's official COVID-19 website. The Douglas County Health Department has local information for Lawrence and the county.
If you receive a message you think is suspicious, do not respond, click links or open attachments. Forward the message to email@example.com and then delete it immediately.
For more information about cyber-threats and COVID-19, visit the Cybersecurity & Infrastructure Security Agency website.