Cybercriminals are taking advantage of financial concerns and the increase of remote work during this difficult time. Security researchers are seeing an increasing volume of financial scams, wireless router attacks, and phishing messages.
- Financial scams
Attackers are sending phishing emails impersonating major financial institutions claiming to have received the recipient’s stimulus check. Recipients are asked to verify their account information to receive the funds. These messages may use a deadline to give victims a sense of urgency.
If you receive an email claiming to be from your bank, refer to the contact information listed on your account statements or bank card instead of clicking on any links. For more information on the economic impact payments, please see the IRS website: https://www.irs.gov/coronavirus-tax-relief-and-economic-impact-payments.
- Wireless router attacks
Cybercriminals are targeting home wireless routers to send victims to fake Coronavirus-themed websites. Attackers gain access to the router by brute forcing admin passwords. Once in, they change the router’s domain name system (DNS) settings to redirect victims to malicious websites.
If you attempt to visit a website but find yourself redirected to a site offering Coronavirus information apps to download, you may be affected. Follow these steps to resolve the issue:
– Change your router’s administrator password to a new, complex password.
– Check your wireless router’s DNS settings and remove any servers you did not add. Refer to your router manufacturer’s website for instructions.
- Phishing
Cybercriminals have ramped up their phishing attacks. It is critical that you remain vigilant and cautious when receiving emails that ask you to take action. Closely examine links and the email address of the sender in emails and do not open attachments you weren’t expecting.
- How can I protect myself and UCF?
– Make sure your wireless router is running the latest firmware provided by the manufacturer.
– Set a unique, complex administrator password on the router.
– Avoid downloading software from unknown sources.
– Ensure you are running up-to-date antimalware software on your devices.
– Use the UCF VPN any time you need to connect to your office computer: https://secure.vpn.ucf.edu/
– View any emails or websites claiming to offer Coronavirus updates with suspicion.
– Contact the sender via a trusted phone number to confirm messages before opening attachments.
– Forward suspicious emails to SIRT@ucf.edu and use the Phish Alert Button to report phishing attempts: https://infosec.ucf.edu/awareness/phish-alert-button/.
If you have any questions, please contact the Information Security Office at infosec@ucf.edu. Thank you for remaining vigilant and helping to keep UCF and yourself secure.