How the Corona Virus is Spreading to Computers

The New Jersey Cybersecurity and Communications Integration Cell is reporting a number of phishing attacks based on the recent Corona outbreak.  In some, attackers pretend to be vendors or shippers explaining that an order is delayed because it is being quarantined in Asia. An attached Word document offers “an explanation”, but also runs an infected program that steals information from your computer.  Another scheme has attackers pretending to be the World Health Organization, using logos identical to the WHO. However, the links in the email, which purport to offer safety and protection measures, go to a forged look-alike site, and will steal any credentials like email addresses or passwords you enter.

We’ve done a number of CISO Updates and Cybersafe posts about the frequency with which attackers leverage disasters and other major world events as a pretext for phishing.  It’s terrible, but it’s common. Don’t let your concern about the virus convince you to set aside your healthy skepticism.

What can you do?

• Follow all the advice we’ve given about email. Be careful about unsolicited emails.  Don’t assume they are harmless, and only open emails that make sense to you.
• Only download software and provide personal information on sites you trust and can verify.
• Don’t pull emails out of your spam folders unless you are at least 100% sure they are legitimate.
• Hover your mouse over links in emails or web pages to make sure they go there they claim to.

Stay aware, and stay cybersafe!

About Cybersafe
The Division of Information Technology is dedicated to informing the community of the latest cybersecurity threats. Visit fitnyc.edu/cybersafe and stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Walter Kerner
Chief Information Security Officer
Division of Information Technology

Read past issues of the CISO Updates Newsletter here.