You are here

Message from the Acting Chief Information Officer on Phishing Attempts Related to COVID-19

Message from the Acting Chief Information Officer on Phishing Attempts Related to COVID-19

Dear Colleagues,

Major news events create opportunities for our adversaries or cybercriminals to wreak havoc by playing with our emotions or targeting our natural curiosity. As the death toll from the coronavirus outbreak continues to rise, online scammers are using email phishing schemes in an attempt to profit on people's confusion and fear surrounding the virus. Security researchers have identified multiple phishing scams in which attackers pose as authorities like the Centers for Disease Control and Prevention or the World Health Organization in emails, offering information about the virus in order to trick victims into downloading malicious software or handing over their login credentials.

As a result, there has been a large number of phishing emails from so-called analysts about these events. These emails may come with infected attachments.

Attackers know we are trained to be suspicious of links in emails, so they are changing their tactics. Now, they are delivering their mischief via email attachments. When the attachment is opened, nothing may display or a form that looks legitimate may pop-up. However, it's what you don't see running in the background that is the problem. A link or attachment can infect your computer or the network you are on. If you accidentally or mistakenly click on a link or open an attachment from an unknown sender, please report it immediately.

While you should always avoid clicking on suspicious links or opening suspicious attachments, it is still your responsibility to report these instances. The sooner you report, the sooner DHS information technology specialists can respond before additional damage is caused.

Follow These Tips to Avoid Falling for Cybercriminals' Trick:

  • Always be alert about emails from unknown senders or with unknown attachments.
  • Do not open attachments unless you know the sender and are expecting the attachment.
  • Even if you know the sender, if the email is suspicious, verify with the sender that they intentionally sent the attachment to you.

Don't know who to contact or where to report? Email DHSSPAM@hq.dhs.gov.

Beth Cappello
CIO (acting)

Additional Information

Subscribe for updates to the Employee and Family Readiness Blog

Microsite Carousel

Back to Top