IT Security UPDATE - Defend against COVID-19 Scams

Date: 4/17/2020
Subject: IT Security UPDATE - Defend against COVID-19 Scams
From: CPP IT Security

Security Update:  Cyber criminals continue to capitalize on questions and fears related to COVID-19. They use it as an opportunity to spread misinformation, sell fraudulent products and/or phish for your credit card or personal information.  

NOTE: Official Cal Poly Pomona (CPP) communications related to COVID-19 will be posted on the university’s Health Alert website (www.cpp.edu/healthalert/). If you have questions or concerns, please email healthalert@cpp.edu.

Tips to avoid COVID-19 Scams: 

• Think Before You Click. Cyber criminals take advantage of people hurriedly seeking information on COVID-19. Phishing messages and malware are distributed through COVID-19 related links and interactive maps, and are impersonating reputable organizations, such as the World Health Organization (WHO) & Centers for Disease Control & Prevention (CDC).
  • Instead of clicking, go directly to a reputable website to access the content. 
  • For the most up-to-date information about the coronavirus, refer to authoritative sources directly. CPP provides a campus COVID-19 website with current campus information, as well as links to local authoritative sources.
• Do not respond to texts, emails or calls about checks from the government. 
• Ignore online offers for products or remedies, such as vaccinations, home test kits, “corona safety” masks. There are no products proven to treat or prevent COVID-19 at this time. 
• Hang up on robocalls. Robocall are illegal and used to promote work-at-home schemes, insurance scams, etc. 
• Research any requests for donations. Do not let anyone rush you into making a donation. Do NOT provide any donation by cash, gift card, or by wiring money. 
• “Lock down your Login”: Create long and unique passwords for all accounts including CPP Bronco account, banking, and online shopping websites. When in doubt, change your password. Use two-factor authentication wherever possible. 
  • Note: Cal Poly Pomona has added two-step verification and will be rolling it out in the coming weeks.   

What should I do if I receive a message that is suspicious:

• Do NOT correspond or forward the message other than to report it to suspectemail@cpp.edu or authorities. Change your campus password immediately if you replied to a suspicious/fraudulent message. 
• Do NOT click on any links or enter confidential or private information on an unfamiliar website. Change your CPP password immediately if you clicked on any links or interacted with a suspicious/fraudulent website. 
• In most cases, you can delete the message if you have not replied to the message and did not click on any links.
• Call the IT Service Desk, or related campus administrative office directly to evaluate your campus accounts and determine whether your information has been compromised. 
• Contact the University Police at 909-869-3070 if you have been a victim of a scam.

Possible signs of a Phish or Scam

• Is the sender claiming to be someone official (e.g. your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
• Are you told you have a limited time to respond (e.g. in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
• Does the message make you panic, fearful, or curious? Criminals often use threatening language, make false claims of support, or attempt to teas you into wanting to find out more
• Is the message offering something in short supply (e.g. concert tickets, money or a cure for medical conditions)? Scammers can make you think you’ll miss out on a good deal or opportunity to entice you to respond quickly.
• The email subject line or content looks unusual or not typical for that friend, colleague or business to send. “It just doesn’t sound like them.”  
• The email has spelling and grammar mistakes.
• Overly vague or over-use of professional jargon to sound legitimate.

Additional COVID-19 Cyber Security and Consumer Resources: 

• National Cyber Security Alliance (NCSA) StaySafeOnline/COVID-19 Security Resource Library
• Federal Trade Commission (FTC): Coronavirus (COVID-19) Pandemic: The FTC in Action
• Federal Emergency Management Agency (FEMA): FEMA Rumor Control 

Questions: Contact the IT Service Desk if you have questions or need assistance with Phishing or changing your CPP Bronco password.

IT Security and Compliance

Chief Information Security Officer
Information Technology & Institutional Planning Division
California State Polytechnic University Pomona
ciso@cpp.edu