COVID-19 scams and phishing messages

Overview

The University of Idaho has observed an increase in COVID-19/Coronavirus themed spam, scam, and phishing messages sent to university recipients. Messages may pretend to offer information about the virus but link to malicious websites or ask for money. Exercise caution when reviewing messages related to the Coronavirus. Information should be obtained from reputable sources, such as the CDC or official university communications, to avoid scams and phishing attacks.

For additional information on avoiding COVID-19 scams, please see:
https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams
https://www.ic3.gov/media/2020/200320.aspx

Where should I watch for scams?

Scammers may send COVID-19 themed scams and attacks through a variety of channels, including but not limited to:

  • Phishing
  • Vishing
  • Physical Mail

Phishing

A phish is a malicious email message. A phishing message could include a virus infected attachment, or a link to a fake login webpage designed to trick you into entering your credentials. Recent phish messages have included COVID-19 themes in an attempt to gain credebility. For more information on phishing please see What is phishing?

Vishing

Vishing refers to scam attemtps conducted via a phone call. A phone caller stating you have a fine from the IRS and you need to provide your Social Security Number would be an example of a vishing attack. Be wary of unsolicited phone calls, especially any claiming information about COVID-19.

Physical Mail

Scammers still send scam messages through traditional physical mail. Letters and cards asking for prompt action should be checked to ensure it is from a valid sender, or if it is junk mail.

How do I report a suspicious message?

You can report suspicious emails using the Report Phish button. For more information please see How do I report a phishing message?

For other forms of suspicious communication please report to abuse@uidaho.edu.

Has the U of I seen any COVID-19 phishing messages?

A sample COVID-19 phishing message received by the U of I is shown below. The message has several suspicious indicators:

  • The sender email address ("splashmath.com") is unrelated to the World Health Organization (WHO).
  • The subject ("HIGH-RISK") attempts to shock the recipient into taking quick action.
  • The body is short on details and simply references "your city".

Sample phishing message with coronavirus theme

The University of Idaho has received a variety of COVID-19/Coronavirus themed phishing and spam messages. A few selected examples are shown below:

Phishing Messages

Covid 19 themed phish email

Coronavirus themed phishing message

Coronavirus themed phishing message

Spam Messages

Coronavirus themed spam message

Coronavirus themed spam message

Details

Article ID: 1596
Created
Mon 3/16/20 3:13 PM
Modified
Thu 4/2/20 2:09 PM