News reports indicate threat actors are taking advantage of the coronavirus outbreak in new phishing email campaigns.
Threat actors are using public fear to increase the likelihood that users will click on a link or open an attachment.
In one campaign, the phishing email reportedly impersonates the U.S. Centers for Disease Control and Prevention, warning of new infections and promising to provide a list of active infections in the surrounding area if users click on a link.
Other phishing emails ask recipients to open an attachment to view safety measures regarding the spread of the virus.
As this latest attack method demonstrates, phishing campaigns are continuously evolving. It is becoming increasingly difficult to identify malicious emails. This incident provides a good opportunity for reminding staff to:
- Be suspicious of any emails that urge you to take action and try to create a sense of urgency.
- Never click on links or open attachments without first making sure the request is authentic.
- Call the sender by looking up their phone number independently.
- Never call a phone number included in a suspicious email or reply to the sender.
If you are a state employee and receive a suspicious email at work, please contact your information technology (IT) security staff immediately.