Since March, organized crime and other threat actors have used the COVID-19 crisis as a basis for increased attacks on computer systems and phishing campaigns designed to obtain sensitive or personal information.
Through social engineering, these threat actors attempt to take advantage of the COVID-19 pandemic by prompting associates to provide personal information or passwords, click on or open malicious links or attachments, or transfer money. These attacks can come through phishing emails, texts or voice calls to a workstation, smartphone, or other devices.
The threat actor may spoof a known source for COVID-19 information, such as the Centers for Disease Control and Prevention (CDC), World Health Organization (WHO), MedStar Human Resources, or a local school district. Phishing attempts may also come from vendors purporting to have or sell Personal Protective Equipment (PPE) or other supplies.
To avoid these risks, follow these important recommendations:
- Take your time when reviewing email or text messages. Be careful before you click!
- Be alert for phishing messages in your email inbox. Since phishing emails arrive from outside of the network, determine whether the email is legitimate. All external emails include a tag of [EXTERNAL] in the email subject line and a banner:
** ATTENTION: This email originated from outside the MedStar network.
** DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe.
- If you don’t know the sender and it looks suspicious, delete the email. Do not click on any attachments or links within the body of the email.
- Look for spoofed addresses. For example, if an email appears to come from an associate and the sender’s address is not @medstar.net, it is not a legitimate email.
- If you receive a text message from a number you do not know, delete the text message. Do not click on any links within the text message.
- Report suspicious emails to [email protected] or [email protected]. Call the IS Service Desk at 877-777-8787 with any questions.
Thank you for your efforts to protect our network, important data, systems, and organization.