IT Security UPDATE - Defend against COVID-19 Scams
Date: 4/17/2020
Subject: IT Security UPDATE - Defend against COVID-19 Scams
From: CPP IT Security
Security Update: Cyber criminals continue to capitalize on questions and fears related to COVID-19. They use it as an opportunity to spread misinformation, sell fraudulent products and/or phish for your credit card or personal information.
NOTE: Official Cal Poly Pomona (CPP) communications related to COVID-19 will be posted on the university’s Health Alert website (www.cpp.edu/healthalert/). If you have questions or concerns, please email healthalert@cpp.edu.
Tips to avoid COVID-19 Scams:
- Think Before You Click. Cyber criminals take advantage of people hurriedly seeking information on COVID-19. Phishing messages and malware are distributed through COVID-19 related links and interactive maps, and are impersonating reputable organizations, such as the World Health Organization (WHO) & Centers for Disease Control & Prevention (CDC).
- Instead of clicking, go directly to a reputable website to access the content.
- For the most up-to-date information about the coronavirus, refer to authoritative sources directly. CPP provides a campus COVID-19 website with current campus information, as well as links to local authoritative sources.
- Do not respond to texts, emails or calls about checks from the government.
- Ignore online offers for products or remedies, such as vaccinations, home test kits, “corona safety” masks. There are no products proven to treat or prevent COVID-19 at this time.
- Hang up on robocalls. Robocall are illegal and used to promote work-at-home schemes, insurance scams, etc.
- Research any requests for donations. Do not let anyone rush you into making a donation. Do NOT provide any donation by cash, gift card, or by wiring money.
- “Lock down your Login”: Create long and unique passwords for all accounts including CPP Bronco account, banking, and online shopping websites. When in doubt, change your password. Use two-factor authentication wherever possible.
- Note: Cal Poly Pomona has added two-step verification and will be rolling it out in the coming weeks.
What should I do if I receive a message that is suspicious:
- Do NOT correspond or forward the message other than to report it to suspectemail@cpp.edu or authorities. Change your campus password immediately if you replied to a suspicious/fraudulent message.
- Do NOT click on any links or enter confidential or private information on an unfamiliar website. Change your CPP password immediately if you clicked on any links or interacted with a suspicious/fraudulent website.
- In most cases, you can delete the message if you have not replied to the message and did not click on any links.
- Call the IT Service Desk, or related campus administrative office directly to evaluate your campus accounts and determine whether your information has been compromised.
- Contact the University Police at 909-869-3070 if you have been a victim of a scam.
Possible signs of a Phish or Scam
- Is the sender claiming to be someone official (e.g. your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
- Are you told you have a limited time to respond (e.g. in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
- Does the message make you panic, fearful, or curious? Criminals often use threatening language, make false claims of support, or attempt to teas you into wanting to find out more
- Is the message offering something in short supply (e.g. concert tickets, money or a cure for medical conditions)? Scammers can make you think you’ll miss out on a good deal or opportunity to entice you to respond quickly.
- The email subject line or content looks unusual or not typical for that friend, colleague or business to send. “It just doesn’t sound like them.”
- The email has spelling and grammar mistakes.
- Overly vague or over-use of professional jargon to sound legitimate.
Additional COVID-19 Cyber Security and Consumer Resources:
- National Cyber Security Alliance (NCSA) StaySafeOnline/COVID-19 Security Resource Library
- Federal Trade Commission (FTC): Coronavirus (COVID-19) Pandemic: The FTC in Action
- Federal Emergency Management Agency (FEMA): FEMA Rumor Control
Questions: Contact the IT Service Desk if you have questions or need assistance with Phishing or changing your CPP Bronco password.
IT Security and Compliance
Chief Information Security Officer
Information Technology & Institutional Planning Division
California State Polytechnic University Pomona
ciso@cpp.edu