Alerts blog COVID-19 Phishing

UPDATED: Cyber Attackers Exploit Vulnerabilities amid Surge in Remote Work

As we transition to remote work in response to the coronavirus pandemic, cyber attackers seek new opportunities to exploit unsuspecting users. Reports of ransomware attacks, phishing attempts, and scam websites are on the rise around the world, especially targeting those who work at universities and medical institutions. While we take our work to our home networks, we should exercise additional caution to avoid these criminal opportunists. Home networks are often less secure than institutional networks, which are supported by staff and features to keep users safe.

Some common scams include using fake e-mail addresses that may include some aspects of official email addresses. For example, an e-mail address such as ‘gilthephish.wustl@gmail.com’ may appear to originate from Washington University, but in fact it is a fake e-mail address attempting to deceive the recipient and elicit a reply. These attempts may include a request for a follow-up phone number contact or even a request to purchase a gift card to overcome an emergency situation.

If you receive such a message, please take care to forward the message to phishing@wustl.edu. Do not reply or engage with the sender. Do not click on any links or download the message. This one small step can help us protect our privacy and that of the people and the institution we serve.

For more information about the myriad cyber-attacks that are emerging during the COVID-19 response, please visit our COVID-19 criminal scams page. We are updating this page with additional information about criminal scams related to coronavirus as it becomes available.

Additional Information about stating safe while working remotely can be found at the following page from the Federal Trade Commission.

FBI: FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic

Cybersecurity and Infrastructure Security Agency (CISA): FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing
https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom

FTC: Online Security Tips for Working from Home
https://www.consumer.ftc.gov/blog/2020/03/online-security-tips-working-home

Recent articles about the rise in online scamming amid the coronavirus pandemic are linked below.

Wired: Coronavirus Sets the Stage for Hacking Mayhem
https://www.wired.com/story/coronavirus-cyberattacks-ransomware-phishing/

ThreatPost: Coronavirus Poll Results: Cyberattacks Ramp Up
https://threatpost.com/coronavirus-poll-cyberattacks-work-from-home/153958/

The Hacker News: COVID-19: Hackers Begin Exploiting Zoom’s Overnight Success to Spread Malware
https://thehackernews.com/2020/03/zoom-video-coronavirus.html

As always, if you suspect you might have been the victim of a cyberattack or phishing attempt, or if you have any questions about how to best protect yourself, your data, and our shared systems, do not hesitate to reach out to us at infosec@wustl.edu.