Warning: COVID-19 Phishing Scams

Dear College of Medicine Faculty, Students and Staff,

Malicious email phishing scams continue to target University of Arizona students, faculty and staff at a heightened level. The UArizona Information Security Office is especially concerned about phishing and malware scams taking advantage of fears surrounding the Coronavirus. These phishing attempts may ask you to enter credentials or urge you to open an attachment to learn more, potentially installing malicious code on your machine.

Please take the following precautions:

  • Question emails claiming to be from the Centers for Disease Control (CDC) or experts saying that have information about the virus.
  • Ignore online offers for COVID-19 vaccinations. There currently are no vaccines - online or in stores.
  • Do your homework when making donations through charities or crowdfunding sites especially donations requested for cash, gift card, or by wiring money. See: https://www.consumer.ftc.gov/features/how-donate-wisely-and-avoid-charit...

The University's Security Operations Center recommends the following preventive measures:

  • Verify the sender's email address.
  • (Available to UAConnect365 email users only) University of Arizona has recently implemented External Sender Notification to flag emails that come from senders outside the university to help mitigate phishing attempts. Based on campus feedback, the External Sender Notification banner has been modified.  External emails will now have "[EXT]" in the subject line and "External Sender" in red font in the body.  
  • (Available to UAConnect365 email users only) Validate authenticity of DUO Multi Factor Login Requests. 
  • Be cautious with links or attachments.
  • Protect your devices.

The Cybersecurity and Infrastructure Security Agency (CISA), US Department of Homeland Security also warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19).  They issued the following tips and guidance:

  • Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
  • Use trusted sources - such as legitimate, government websites - for up-to-date, fact-based information about COVID-19.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
  • Verify a charity's authenticity before making donations. Review the Federal Trade Commission's page on Charity Scams for more information.
  • Review CISA Insights on Risk Management for COVID-19 for more information.

Support and Resources

Please contact the 24/7 IT Support Center if you have questions about a potential phishing email at (520) 626-TECH (8324).

If you received a phishing email, please notify the Information Security Office at https://security.arizona.edu/content/report-phish

If you have questions about this email, please contact us at servicedesk@medicine.arizona.edu.

Thanks,

Information Technology Services

College of Medicine, Tucson