Main menu (IT)

COVID-19 Phishing Attacks

COVID-19 Phishing Attacks

Cybercriminals are capitalizing on Coronavirus (COVID-19) to send fake email and SMS phishing attacks that could infect computers or lead to the theft of logins and personal information. CSUN faculty, staff and students should all be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened. Phishing attacks promise information on COVID-19 and entice users to open malicious attachments (some containing dangerous malware) and follow links designed to steal logins. Cybercriminals build their attacks around major news events and have been doing this for years. They tend to morph relatively quickly from one breaking event to another. With the Coronavirus commanding an almost unprecedented amount of coverage around the world, these latest campaigns have been nothing short of a flurry of attacks that show no signs of slowing down.

Coronavirus-themed phishing emails can take different forms, including these.

CDC, AMA, WHO alerts. Cybercriminals have sent phishing emails designed to look like they are from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of Coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazard,” the text of one phishing email reads. The phishing emails are part of a surge of COVID-19 themed phishing campaigns that include malicious messages purportedly sent on behalf of the American Medical Association (AMA), National Institute of Health (NIH) and global bodies including the World Health Organization (WHO). CSUN has seen phishing frauds capitalizing on the pandemic.

Links from College Officials with Links to Office 365 Logins or OneDrive: Emails are being sent to college students posing as official communications offering bogus updates about closures and other Coronavirus-related news. Hover over all links and make sure they are in the domain.

Scholarships, Work from Home and Internships:  A variation of this type of email purports to come from employers and targets people who are working from home. In reality, both frauds provide links to fake OneDrive or Office365 login screens that capture user credentials. Students have been receiving emails about working from home or fake internship opportunities.

Health advice emails. Phishers have sent emails that offer purported medical advice to help protect you against the Coronavirus. The emails might claim to be from medical experts near Wuhan, China, where the Coronavirus outbreak began. “This little measure can save you,” one phishing email says. “Use the link below to download Safety Measures.”

Workplace policy emails. Cybercriminals have targeted employees’ workplace email accounts. One phishing email begins, “All, Due to the Coronavirus outbreak, CSUN is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you will download malicious software. 

We all need to be vigilant and not respond to unexpected messages over any communications platform, especially those which request links be clicked on or attachments be opened. Hover over all links so they resolve to Hover over the "Send To" on emails to ensure they are coming from CSUN officials.

For more information on phishing please visit Avoid Fraudulent Email Messages.

For more examples of phishing emails, please visit Phishing Examples.