We remind you that during media intense events like the Coronavirus outbreak (COVID-19), cyber attackers are taking advantage of the situation by preying on our fears. They will try to scam you or launch phishing attacks that attempt to get you to click on malicious links or open infected email attachments. Here are some of the most common indicators that the phone call or email you received is probably a scam or attack.

• Any messages that communicates a tremendous sense of urgency. The bad guys are trying to rush you into making a mistake.
• Any message that pressures you into bypassing or ignoring our security policies and procedures.
• Any message that promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.

Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action.

What We’re Doing to Protect You

• Most phishing emails are automatically blocked by the UO's current email security controls, preventing them from ever reaching your inbox.
• UO’s Information Security Office is continuously monitoring incoming messages for new phishing attempts, including any that may be focused on coronavirus.
• The Information Security Office may sometimes systematically remove confirmed malicious phishing messages from UO email accounts to reduce the likelihood of harm to the UO community.

What You Can Do to Protect Yourself

• Do continue reading messages and news from the University of Oregon about coronavirus. The UO's coronavirus webpage contains the most current information. You may also receive email messages from your department.
• Don't reveal personal or financial information by email, and don't respond to email solicitations for such information.
• To protect your Duck ID, sign up for two-step login (Duo).
  • Instructions: Getting Started with Two-Step Login (Duo)
  • Tech support: Get help from IT staff in your unit or the Technology Service Desk
  • More information: Article - Getting Started with Two-St...
• If you have any questions about phishing or email security, please contact the Information Security Office at infosec@uoregon.edu.

Please keep in mind Coronavirus scams and attacks can happen at work or at home, via email, text messaging or even over the phone. Don’t fall victim to bad guys playing on your emotions. If you feel you have received an attack:

• First check UO's Phish Tank. If a message is already posted there and labeled a "Phishing Email," simply delete it from your inbox; no need to report it. If it isn’t posted in the Phish Tank; please forward the message, including headers and attachments, to phishing@uoregon.edu.

Following are tips from the Federal Trade Commission (FTC) to help you keep the scammers away:

• Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying that have information about the virus. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
• Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease 2019 (COVID-19) — online or in stores.
• Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.

The Cyber and Infrastructure Security Agency (CISA) also offers this advice:

• Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
• Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Review CISA Insights on Risk Management for COVID-19 for more information.