UH Experts Warn Against COVID-19 Cyber Scams

How to Spot Threats and Protect Yourself

covid-19 cyber scams

As we all take steps to protect ourselves against the spread of COVID-19, cybersecurity experts at the University of Houston are warning against the spread of another threat – hackers trying to capitalize on confusion and fear. Cyber scams targeting your personal information and bank accounts are on the rise, according to federal officials.

“We’ve entered a world where most human contact is being mediated by a computer. Cyber thieves are going to be clever and very good at separating people from their money,” said Chris Bronk, assistant professor in the UH Department of Information and Logistics Technology.

According to the Federal Bureau of Investigation, these are the top cyber scams: 

  • Fake CDC emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations that offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
  • Phishing emails asking you to verify your personal information to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information to send you money. Phishing emails may also claim to be related to charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines and fake testing kits.
  • Counterfeit products that claim to prevent, treat, diagnose or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns and gloves. More information on unapproved or counterfeit PPE can be found on the CDC website. You can also find information on the Food and Drug Administration website, as well as the Environmental Protection Agency website. Report counterfeit products at IC3.gov and to the National Intellectual Property Rights Coordination website at iprcenter.gov.

Mary Dickerson, chief information security officer at UH, develops best practices and works across departments to help minimize security risks. “These are unusual times for everyone so don’t forget to use common sense in determining your actions,” she said.

Dickerson offers these best practices to protect yourself:

  • Do not open attachments or click links within emails from senders you don't recognize.
  • Do not provide your username, password, date or birth, social security number, financial data or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link; for example, an address that should end in a ".gov" ends in ".com" instead.
  • Be skeptical. Always verify the source and rely only on information provided by official sources.
  • Create different passwords for different services. Don’t use the same password for your social media account that you use for your online banking.
  • Keep your devices updated with the latest security updates. This will help protect your computer and data from criminals.
  • Protect your home Wi-Fi. Help keep criminals out by changing the default passwords on all of your home network Wi-Fi devices (wireless routers, etc.).