As the COVID-19 pandemic continues to impact communities worldwide, many of us are spending more time than usual online, reading the news and searching for the latest information. You may also have received many emails from businesses and organizations updating their status during the pandemic.

Hackers are taking advantage of this increased online activity in the form of phishing campaigns and malicious fake websites—one of the most notorious examples being a site that used a real-time coronavirus map to spread password-stealing malware. While that site has been taken down, others continue to circulate. 

The Virginia Tech IT Security Office (ITSO) urges students, faculty, staff, and the general public to be aware of this uptick in cyber attacks and offers the following tips to help recognize and avoid falling victim to phishing attempts:

  • Learn to recognize red flags in emails and phone calls. Common tactics used by cyber attackers include: 

    • Spoofing the identity of someone you know . If an email you get from a friend or colleague seems “off” in its tone or subject matter, it likely is.
    • Creating a sense of urgency. Be wary of phrases such as “FINAL NOTICE” or “immediate response required,” especially in the subject line.
    • Using fear tactics. Examples include threats of fines or arrest if a user doesn’t respond with personal information.
    • Making an offer that’s too good to be true. Phishing attempts during COVID-19 include fake tax refunds, “miracle” cures, and more. These emails often include a malicious attachment or try to trick users into providing login information.
    • Impersonating a government/official organization, such as the CDC or IRS. Authentic representatives of government agencies will not demand personal information.
  • Report, don’t respond. Do NOT click on any links or reply to suspicious emails; instead, report them as phishing to your email provider. Virginia Tech students, faculty, and staff are asked to forward the email with its header information/message details to the Virginia Tech IT Security Office at itso@vt.edu and abuse@vt.edu. Community members should report suspicious websites to their organization’s IT department or help desk.

  • Know the official sites for information about COVID-19. Go directly to these sites in your browser; do not click on links in emails, even if they appear to be going to the official websites—phishers will often hide a malicious link behind text that looks real. 

If you have any questions about cybersecurity, please contact the IT Security Office at itso@vt.edu. For help with your technology needs, submit a 4Help ticket or call the 24-hour help desk at 540-231-4357.

Additional Resources