Many employees shifted to working from home over the last two months in response to the COVID-19 pandemic, creating dramatic changes to Washington State’s information technology environment. The information security threat landscape has also changed across many industries, including higher ed, as threat actors are heavily leveraging the COVID-19 crisis.
Cyber threat actors are sending emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19. — Cybersecurity and Infrastructure Security Agency (CISA)
Information Technology’s Security Operations continues to see significant increases in COVID-19 related phishing lures directed toward WSU users. Attackers are leveraging a broad spectrum of techniques including credential theft, remote access tools, malware downloads and installation, ransomware, and financial fraud. The most common tactics used attempt to lure the recipient into opening a COVID-19 related email attachment or clicking on a link in the email that directs them to a malicious website. Both tactics are then used to either steal the users credentials or install malicious software on their device.
Defending against Cyber-attacks is a team sport and all WSU faculty, staff, and students play a part. Everyone should continue to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). WSU ITS continues to recommend that all faculty, staff, and students take the following precautions:
- Avoid clicking on links in unsolicited/unexpected emails and be wary of email attachments.
- Use trusted sources for web content, such as legitimate University, higher education, and government websites for up-to-date information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email or phone call solicitations for this type of information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review WSU Guidelines for working remotely
- Report all phishing and social engineering attempts to the WSU Security Operations Center ( firstname.lastname@example.org; 335-0404)