Skip to main content

One Step Ahead: Stay Safe: Protect Yourself Against COVID-19 Scams

Another tip in a series provided by the Offices of Information Security, Information Systems & Computing and Audit, Compliance & Privacy

As the COVID-19 virus dominates the news, the Penn Office of Information Security (OIS) and other information security affiliates have identified a disturbing new trend: COVID-19 phishing scams. Cyber scammers are taking advantage of your desire to learn more about the coronavirus to lure you into opening malicious email attachments, or clicking on fake website links, all in an effort to steal your identity and harvest your credentials. These scams include, but are not limited to:

Fake websites with web addresses (URLs) like “coron-virus-map[dot]com” or “corona-virus-map[dot]com” that are designed to steal sensitive data.

Emails with links to fake web-login screens designed to steal employee credentials, such as your PennKey and password or other login information.

Email messages with malicious links claiming to provide information on how to protect yourself and your family from the coronavirus. When you click the links, malware or ransomware is downloaded to your computing device and used for the scammer’s financial gain.

Malicious phone apps with names like “coronavirusapp[dot]site” designed to load ransomware on phones.

The IT professionals at ISC are working diligently to block identified malicious web addresses and email messages at the Penn network border. However, with many Penn affiliates now working, teaching and learning remotely, you should take the following steps to help keep your computing devices, Penn-sensitive data you have access to, and your personal information safe:

  1. Download and run Symantec antivirus on your home and work computing devices—it is available for free (https://tinyurl.com/PennSymantec) to Penn community members.
  2. Verify Penn-related emails urging you to click on links or attachments by contacting your School or Center IT support staff. Report suspicious emails, text messages or chat announcements to your IT support staff or to phishing@upenn.edu
  3. Back up your data frequently to avoid work interruption and denial of access.
  4. Enable and use two-factor authentication whenever possible, including on your personal email account and on websites you visit.
  5. Seek information from credible resources, e.g., “My HR”/Penn Human Resources, the CDC, and official state and federal websites.

For additional information, visit https://tinyurl.com/coronavirusscams

For additional tips, see the One Step Ahead link on the Information Security website: https://www.isc.upenn.edu/security/news-alerts#One-Step-Ahead

Back to Top