Skip to main content

Cyber threats in the midst of the COVID-19 pandemic

Since mid-March, the Rutgers community has successfully pivoted in-person learning and business operations to remote learning and teleworking (where possible), and we all continue to respond and adapt the various ways in which we work, teach and deliver services as a result of the coronavirus outbreak.  As we move toward winter and flu season in the midst of a third wave of COVID-19, it is important to remember that cyber threat actors are still hard at work. With that in mind, the Office of Information Technology continues to encourage all members of our community to exercise caution to avoid scams and other cyber threats that seek to exploit this global health crisis.

The Federal Trade CommissionFBI, and Center for Internet Security are a few of the trusted sources that have reported an increase in scams and cyber threats that are taking advantage of the COVID-19 pandemic. A few of these exploits are highlighted below, along with tips to be used in avoiding these scams.

Cyber ThreatTip
Unemployment fraud: Surging unemployment has forced states to expedite claim reviews, and scammers are taking advantage. Fraudulent unemployment claims made with stolen social security numbers and other personal data are skyrocketing here in New Jersey and all across the country.

A few things to be on alert for include the following:

  • emailed “employment termination notices” that come without any prior communication from UHR or your managers and request personal or confidential information
  • phone calls from people who claim to be from the New Jersey Department of Labor and Workforce Development and want personal information to verify an unemployment claim you have not filed
  • actual mail from the Department of Labor and Workforce Development regarding an unemployment claim you have not filed
If you believe that a fraudulent unemployment claim has been filed on your behalf, please take these steps:
  1. Contact your manager.
  2. Contact UHR via the OneSource Rutgers Faculty and Staff Service Center at (732) 745-7378.
  3. Contact the New Jersey Department of Labor and Workforce Development at (609) 777-4304.
Email exploits – Spam and phishing scams: Cyber threat actors will utilize emails to spread fear as a social engineering tactic to get individuals to click on links that may contain malware or redirect users to bogus websites. These emails may also request individuals to provide personal, healthcare or financial data.

Note:
Other threat opportunities may involve scams that exploit proposed government assistance efforts — i.e. the availability of testing kits and stimulus checks.
Never click on links or open attachments in emails from unknown sources.

It is always important to know the different ways in which the University, your physician and other professionals typically interact with you. For example, Rutgers IT will never ask for your password to be sent via email. In this crisis, that has not changed!

Individuals: DO NOT
provide personal, healthcare or financial data via email or an untrusted website.

Faculty & Staff: VERIFY
changes to or requests for payments. Ensure that third-party vendors know the protocol for submitting payments to the University (avoid wire fraud or purchase order scams). Ensure that faculty know that deans and department chairs will never send them an email request to purchase gift cards (BEC scams).


Always verify the source of any email request for personal, financial or other restricted data (see Information Classification Policy 70.1.2 for each data classification definition).
Bogus websites: These sites promote inferior healthcare products or services, such as masks or unproven treatments.To avoid falling victim to these scams, always use trusted resources for information.

COVID-19 care and precautions: Follow precautions established by the CDC, your healthcare provider, as well as the steps for care and prevention as outlined on the university’s COVID-19 website.
Social media exploits: These can include fake news articles or other messages to influence victims into purchasing products or services. Threat actors will also utilize social media for bogus crowd funding requests.COVID-19 news/updates: Seek to get your updates on this rapidly emerging health crisis from trusted sources, such as the university’s COVID-19 website or the CDC website.

Crowd funding: Even if a source appears legitimate, exercise caution when choosing to give online. Cyber threat actors are very savvy and can spoof legitimate social media accounts for financial exploits. Contact agencies and organizations that you have worked with in the past and follow their protocols for secure giving during this crisis.
Mobile device exploits via texts or apps: Cyber threat actors can utilize texts or apps to download malware to your device to steal personal and/or financial information or lock your device and demand payment (ransomware).Clicking on links or downloading apps that make claims to help you keep track of the spread of the disease can in fact be a ploy for you to download malware that will enable threat actors to steal your personal and financial information.

Avoid falling victim to these scams and seek to get updates via trusted sources as outlined in this article.

DO NOT click on links sent via text from unsolicited sources.

DO NOT download any new apps related to COVID-19.

How to report cyber threats

If you are working at the University or working/learning remotely, it is important to report any suspected scams, breaches, or theft to the appropriate parties. Learn how to report and what actions you should take.

Additional resources

Always utilize approved university IT resources and/or equipment when conducting university
business.

Below is a listing of the various technology resources from Rutgers that should be utilized by
faculty, staff and students. These resources can also be found on the university’s COVID-19
website.

*The information on this page was developed by the Office of Information Technology information security team.