The Information Security Department at Syracuse University has seen an increase in reports of employees receiving phishing messages that use COVID-19 as a pretext to get users to click on links. The emails promise government checks as part of the federal stimulus package or ask employees to click links to complete a “COVID-19 Payroll Adjustment.” Clicking on the links in the email usually results in a compromise of the user’s password or an attempt to download malware.
Our students, faculty and staff are our best line of defense against phishers. Be extra vigilant during this time, and ask yourself these questions the next time you receive a suspicious email:
- Does the URL look right?
- On your smartphone or tablet, press the link and hold down until a dialog box appears containing the URL.
- On your computer, hover over the link with your mouse. The URL will usually appear in the lower-left corner of your window.
- If you clicked on the link, does the login screen look right?
- Do not enter your NetID password unless you are sure it is safe.
- Are you expecting the document or link?
- Be suspicious of unexpected emails sharing documents and links you are not expecting. If you are not sure, contact the sender (preferably via text message, phone or an alternative email address) and ask if they shared a document with you.
- Do you know the person sharing it?
- Consider the message suspicious if you do not know the sender. Remember, though, that phishers often use compromised accounts to send their messages, and they also can forge the sending address. If you feel at all unsure, call the person and ask if they shared a document or link with you.
- If a document is attached, can you tell what it is?
- Is it clear to you from the document title and message what the document is and why it is being shared with you? Phishers often send vague messages that just say a document has been shared with you. They rely on your curiosity. Do not open suspicious shared documents just to see what they are.
- Does the product or offer seem too good to be true?
- Beware of emails promising financial gain, quick fixes or easy solutions.