How Phish Multiply

FIT Information Technology Information Security

The human and economic losses associated with Covid-19 are seen as tragic by most of us. However, just as they always do, hackers are using the crisis as an opportunity.

They are taking advantage of distraction and disruption to gain footholds and to attack more people and institutions.  By hijacking or impersonating trusted sources, phishers can send attacks that are more believable and more likely to be opened.

In the past few weeks we at FIT have responded to large phishing attacks from real email accounts from another college and from a K-12 school district.  An attacker got control of those accounts, probably by tricking the account owners into revealing their passwords, and then used them to send malicious emails to us.  We have also seen attacks pretending to be from the World Health Organization (WHO). In another attack, we were actually able to investigate and see the date when an organization that sends email to FIT got compromised.  Prior to that date, links in the emails pointed to marketing material. After that date they pointed to malware downloads from unfriendly countries. The key point is that each of these attacks leverages your trust in the sender to get you to click, download, or reveal information, which will give the attacker another jumping off point from which to attack someone else.  In addition to stealing your money and information, phish multiply, and the Covid-19 crisis provides a fertile breeding ground.

What can you do?

  • Follow all the advice we’ve given about email. Be careful about unsolicited emails.  Don’t assume they are harmless, and only open emails that make sense to you.
  • Only download software and provide personal information on sites you trust and can verify.
  • Don’t pull emails out of your spam folders unless you are at least 100% sure they are legitimate.
  • Hover your mouse over links in emails or web pages to make sure they go there they claim to.
  • If you haven’t already done so, take our annual online Cybersafe training here: https://training.knowbe4.com/login
  • Stay aware, and stay cybersafe!

About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Walter Kerner
Chief Information Security Officer
Division of Information Technology

Read past issues of the CISO Updates Newsletter here.

4304add4 61aa 43da Bdd1 6939bdb90183