Duke's IT security offices continue to see an increase in cyber attacks related to COVID-19 and are encouraging Duke faculty, staff and students to use caution with all communications including phone calls, email, text and social media. Attackers will try to take advantage of fear about the situation and may use the guise of COVID-19 news to phish for personal or financial information.
Recent scams include:
- Antibody testing: Scammers are marketing fraudulent and/or unapproved COVID-19 antibody tests, potentially providing false results, according to a recent FBI warning.
- COVID-19 research: The FBI has issued a warning that U.S. health care and research institutions working on COVID-19 response are being targeted by Chinese attackers seeking to obtain intellectual property and data related to vaccines, treatments and testing. Watch this video from Duke's IT security offices. Researchers should be report any suspicious activity to firstname.lastname@example.org and should take necessary steps to protect their systems, according to the FBI statement.
- Charity scams: Organizations or individuals that you don’t recognize may ask for donations in the wake of COVID-19.
- Online shopping scams: Cybercriminals may try to sell bogus vaccination or home-testing kits.
- Email impersonation: Beware of emails and social media that appear to come from the World Health Organization, the CDC and other reputable sources. If you’re looking for information, visit trusted sites such as the CDC, World Health Organization, Federal Trade Commission and the Better Business Bureau.
- Robocalls: Scammers are using illegal robocalls to pitch everything from low-priced health insurance to work-at-home schemes. Calls may appear to come from government organizations, family members in distress or banks/credit card companies. Robocalls can be hard to detect since the caller ID can be adjusted to make it look like the call is coming from your area code.
- Remote work and financial scams: As more employees are working remotely, attackers are incorporating references to commonly used collaboration tools such as Microsoft Teams and Zoom or using news about financial relief to phish for personal financial information. More information on coronavirus-related scams can be found on the FBI website and the FTC website.
Duke's IT security offices remind you:
- Don’t respond to texts, emails or calls that seem suspicious. Ignore online offers for vaccinations, and be wary of ads for test kits.
- Hang up on robocalls.
- Watch for emails claiming to be from the CDC or WHO, and don't click on links from sources you don't know. Use sites like coronavirus.gov, https://www.nc.gov/covid19 and https://coronavirus.duke.edu/ to get the latest information.
If you receive a phone call, email or other communication regarding COVID-19 that seems suspicious, please contact email@example.com.
A brief video about COVID-19 scams, developed by Proofpoint, is available online.