During periods of global crises — global pandemic (i.e. COVID-19) or natural disaster (i.e. Hurricane Sandy), etc. — threat actors will be hard at work to take advantage of vulnerable individuals, systems, and government resources for financial, political or other gain. Unfortunately, these events provide opportunities for threat actors to employ various cyber threat strategies from ransomware to social engineering, as methods to gain access to passwords, networks and other data/systems that lead to their goal of theft, fraud or other unauthorized outcomes.
With these issues in mind, the Office of Information Technology encourages all members of our community to exercise caution to avoid scams and other cyber threats that seek to exploit any global or national crises.
The Federal Trade Commission, FBI, and Center for Internet Security are a few of the trusted sources that report various scams and cyber threats that are currently being exploited against the public and private sectors. Below you will find some examples of current scams to be aware of, and the ways in which you can report these scams at Rutgers.
|Unemployment fraud: Surging unemployment has forced states to expedite claim reviews, and scammers are taking advantage. Fraudulent unemployment claims made with stolen social security numbers and other personal data are skyrocketing here in New Jersey and all across the country.|| |
A few things to be on alert for include the following:
Email exploits – Spam and phishing scams: Cyber threat actors will utilize emails to spread fear as a social engineering tactic to get individuals to click on links that may contain malware or redirect users to bogus websites. Misinformation can also be used to influence behavior, such as to mislead the public about vaccine efficacy and/or distribution.
These emails may also request individuals to provide personal, healthcare or financial data.
|Never click on links or open attachments in emails from unknown sources. |
It is always important to know the different ways in which the university, your physician and other professionals typically interact with you. For example, Rutgers IT will never ask for your password to be sent via email. In this crisis, that has not changed!
Individuals: DO NOT provide personal, healthcare or financial data via email or an untrusted website.
Faculty & Staff: VERIFY changes to or requests for payments. Ensure that third-party vendors know the protocol for submitting payments to the university (avoid wire fraud or purchase order scams). Ensure that faculty know that deans and department chairs will never send them an email request to purchase gift cards (BEC scams).
Always verify the source of any email request for personal, financial or other restricted data (see Information Classification Policy 70.1.2 for each data classification definition).
|Bogus websites: These sites promote inferior healthcare products or services, such as masks or unproven treatments.||To avoid falling victim to these scams, always use trusted resources for information. |
COVID-19 care and precautions: Follow precautions established by the CDC and your healthcare provider, and become familiar with university community safety practices as outlined on the university’s COVID-19 website.
|Social media exploits: These can include fake news articles or other messages to influence victims into purchasing products or services. Threat actors will also utilize social media for bogus crowd funding requests.||COVID-19 news/updates: Seek to get your updates on this rapidly emerging health crisis from trusted sources, such as the university’s COVID-19 information website or the CDC website. |
Crowd funding: Even if a source appears legitimate, exercise caution when choosing to give online. Cyber threat actors are very savvy and can spoof legitimate social media accounts for financial exploits. Contact agencies and organizations that you have worked with in the past and follow their protocols for secure giving during this crisis.
|Mobile device exploits via texts or apps: Cyber threat actors can utilize texts or apps to download malware to your device to steal personal and/or financial information or lock your device and demand payment (ransomware).||Clicking on links or downloading apps that make claims to help you keep track of the spread of the disease can in fact be a ploy for you to download malware that will enable threat actors to steal your personal and financial information. |
Avoid falling victim to these scams and seek to get updates via trusted sources as outlined in this article.
DO NOT click on links sent via text from unsolicited sources.
DO NOT download any new apps related to COVID-19.
How to report cyber threats
If you are working at the University or working/learning remotely, it is important to report any suspected scams, breaches, or theft to the appropriate parties. Learn how to report and what actions you should take.
Always utilize approved university IT resources and/or equipment when conducting university
Below is a listing of the various technology resources from Rutgers that should be utilized by
faculty, staff and students. These resources can also be found on the university’s COVID-19
- Technology Tools for Faculty
- Technology Resources for Students
- Technology Resources for Working Remotely
*The information on this page was developed by the Office of Information Technology information security team.