Skip to main content

Cyber threats in the midst of the COVID-19 pandemic

As Rutgers continues to respond and adapt the ways in which we work, teach, deliver services
and conduct business in the wake of the COVID-19 outbreak, we must all be reminded that
cyber threat actors are also hard at work. With that in mind, the Office of Information
Technology wants to encourage all members of our community to exercise caution to avoid
scams and other cyber threats that seek to exploit this global health crisis.

The Federal Trade Commission, FBI, and Center for Internet Security are a few of the trusted
sources that have reported an increase in scams and cyber threats that are taking advantage of
the COVID-19 pandemic. A few of these exploits are highlighted below, along with tips to be
used in avoiding these scams.

Cyber ThreatTip
Email exploits – Spam and phishing scams: Cyber threat actors will utilize emails to spread fear as a social engineering tactic to get individuals to click on links that may contain malware or redirect users to bogus websites. These emails may also request individuals to provide personal, healthcare or financial data.

Note:
Other threat opportunities may involve scams that exploit proposed government assistance efforts — i.e. the availability of testing kits and stimulus checks.
Never click on links or open attachments in emails from unknown sources.

It is always important to know the different ways in which the University, your physician and other professionals typically interact with you. For example, Rutgers IT will never ask for your password to be sent via email. In this crisis, that has not changed!

Individuals: DO NOT
provide personal, healthcare or financial data via email or an untrusted website.

Faculty & Staff: VERIFY
changes to or requests for payments. Ensure that third-party vendors know the protocol for submitting payments to the University (avoid wire fraud or purchase order scams). Ensure that faculty know that deans and department chairs will never send them an email request to purchase gift cards (BEC scams).


Always verify the source of any email request for personal, financial or other restricted data (see Information Classification Policy 70.1.2 for each data classification definition).
Bogus websites: These sites promote inferior healthcare products or services, such as masks or unproven treatments.To avoid falling victim to these scams, always use trusted resources for information.

COVID-19 care and precautions: Follow precautions established by the CDC, your healthcare provider, as well as the steps for care and prevention as outlined on the university’s COVID-19 website.
Social media exploits: These can include fake news articles or other messages to influence victims into purchasing products or services. Threat actors will also utilize social media for bogus crowd funding requests.COVID-19 news/updates: Seek to get your updates on this rapidly emerging health crisis from trusted sources, such as the university’s COVID-19 website or the CDC website.

Crowd funding: Even if a source appears legitimate, exercise caution when choosing to give online. Cyber threat actors are very savvy and can spoof legitimate social media accounts for financial exploits. Contact agencies and organizations that you have worked with in the past and follow their protocols for secure giving during this crisis.
Mobile device exploits via texts or apps: Cyber threat actors can utilize texts or apps to download malware to your device to steal personal and/or financial information or lock your device and demand payment (ransomware).Clicking on links or downloading apps that make claims to help you keep track of the spread of the disease can in fact be a ploy for you to download malware that will enable threat actors to steal your personal and financial information.

Avoid falling victim to these scams and seek to get updates via trusted sources as outlined in this article.

DO NOT click on links sent via text from unsolicited sources.

DO NOT download any new apps related to COVID-19.

How to report cyber threats

If you are working at the University or working/learning remotely, it is important to report any suspected scams, breaches, or theft to the appropriate parties. Learn how to report and what actions you should take.

Additional resources

Always utilize approved university IT resources and/or equipment when conducting university
business.

Below is a listing of the various technology resources from Rutgers that should be utilized by
faculty, staff and students. These resources can also be found on the university’s COVID-19
website.

*The information on this page was developed by the Office of Information Technology information security team.