COVID-19 scams: How to identify them and protect yourself

Due to a significant increase in COVID-19 phishing attempts, the Information Security Office (ISO) recently urged students, faculty and staff to remain cautious and alert for potential scams during the outbreak. Unfortunately, cybercriminals are hoping to cash in on the international pandemic and they’ll try just about anything to exploit others.

Since you may already be feeling anxious and overwhelmed, let’s focus on a few things you can do right now to stay safe.

Social engineering

Social engineering is a technique used by criminals to trick or persuade victims to do something they might not otherwise do, such as share personal information, click on a malicious link or buy fraudulent goods. Phishing is probably the most well-known, but other examples include various scams, fake text messages, robocalls and fraudulent sellers. Some common scams right now include phishing emails that look like they come from the World Health Organization (WHO), fake charities claiming to solicit donations for COVID-19 relief efforts and social media scams telling people to “click here” to claim government relief money.

 

In the past, scammers also have sent messages designed to look like an official University of Utah communication, and it is possible that they will do so again during the COVID-19 pandemic. Even if something appears official at first glance, take a closer look before opening it, clicking links or responding. If you have any doubts about the authenticity of a University of Utah email, forward the message as an attachment to phish@utah.edu. Our security staff will investigate it and let you know whether it’s legitimate.

So how can you protect yourself from social engineering?

Passwords and two-factor authentication

You’ve already heard a million times how important it is to use good passwords. Well, it’s still true. Solid password practices and two-factor or multifactor authentication (2FA or MFA) go a long way toward preventing cybercrime.

Password basics:

  • Use a different password for every login. Yes, it’s a pain, but this is seriously important.
  • Use a password manager to help you remember all those passwords.
  • Passwords should be 16 or more characters long, hard for others to guess and complex
  • Use 2FA/MFA where possible (e.g., Duo Security for U services and apps such as Google Authenticator).
  • Never accept a Duo Security push you didn’t request, and never give out 2FA codes. If someone asks you to, it’s probably a scam.

Check out our Cybersecurity Tips for more information and examples.

Keep your devices up to date

One simple thing you can do is keep the software on all your devices up to date. When companies discover security flaws in their software, they will create fixes called “patches” and send them out as updates. By keeping your devices updated, you ensure that you have these patches, which help keep you safe.

Additional resources

If you want to know more, check out the resources below. And if you haven’t already, we highly recommend taking our short security course in Canvas.

More information about COVID-19 scams

Legitimate COVID-19 information sources

Short, helpful videos

University of Utah security resources