SUBJECT:

Be Prepared: COVID-19 Scams Are Targeting You

The COVID-19 pandemic presents an imminent and serious threat to the
members of our community, the U.S. healthcare system, and the economy.
The welfare and safety of our community during this time is our primary
concern. Yet in every crisis there are those who will attempt to profit
from the chaos and disruption created.

Across the Internet we are seeing evidence of organized crime attempting
to lure unsuspecting users to bogus COVID-19 information websites that
quietly download malicious software designed to steal corporate and
personal information. A recent example uses the actual COVID-19 data
taken off an identical (legitimate) site provided by Johns Hopkins
University. This can be safely viewed at
https://app.box.com/v/coronavirusscam.

In addition, federal law enforcement and the FTC are reporting a massive
growth of spam, phishing, and text messaging, as well as web-based
advertising offering false COVID-19 cures, treatments, and personal
protection advice.

THE IMPERATIVE: PROTECT YOURSELF
Do not respond to email, phone, or digital advertising pertaining to the
COVID-19 pandemic. Rely instead on established, respected news sources,
such as:

-UC San Diego’s Information Page: https://coronavirus.ucsd.edu/
-The New York Times https://www.nytimes.com/news-event/coronavirus
-The UN’s Coronavirus Portal: https://www.un.org/coronavirus

While UC San Diego’s anti-spam service has been stopping several large
coronavirus-related phishing campaigns, some messages will manage to get
delivered. If you receive a suspicious email, please forward it to
abuse@ucsd.edu, where it will be automatically analyzed and the results
used to prevent additional deliveries.

IMMEDIATE ACTION REQUIRED: PROTECT YOURSELF AND THE UNIVERSITY AT HOME
At home, your laptop or home computer does not benefit from the full
range of protections computers receive when on campus. Loaner or
emergency laptops and tablets are also less likely to be managed by
campus IT professionals. Please take the following actions when using a
home or loaner computer off campus.

*If your computer is not managed by campus IT staff, or is a loaner or
emergency computer, immediately run the system update service that
installs software fixes for known security weaknesses in your software.

Apple instructions
https://support.apple.com/guide/mac-help/get-macos-updates-mchlpx1065/mac

Windows instructions
https://bit.ly/3dKBgHj

*Install a quality antivirus product on your personal computer. The
campus recommends the Sophos Home edition. See
https://antivirus.ucsd.edu for more information.

*When logging into the campus VPN, use the group “2-step secured -
allthruucsd”. This will ensure that all of the traffic to your computer
runs through campus network-based security sensors. While working on
university business, this is the preferred VPN group.

*UC San Diego Health remote users should use the ucsdh-vpn.ucsd.edu
Health VPN (ucsdh-vpn.ucsd.edu) or connect via CWP, depending on the
specific instructions you received from the Health IS team.

*Make sure that all your personal banking, investment, and email
accounts are protected by two-step login, also known as multi-factor
authentication (MFA). Most commercial services do this by texting you a
short code to a phone registered with the service. Take the time to set
this up immediately.

*With the tremendous reliance on Zoom within higher education, a
phenomenon known as “Zoom Bombing” is becoming common. Our colleagues at
UC Berkeley have an informative description of what Zoom Bombing is and
how to prevent it: https://bit.ly/2Xe9yNl

WHAT WE’RE DOING TO PROTECT YOU
In addition to the campus’s usual security support mechanisms, we are
exploring several additional techniques to identify and block
coronavirus-related scams and to further protect university faculty,
staff, and students while working remotely. Further announcements will
be made as these are implemented.

Please feel free to contact the IT Services or Health service desks as
appropriate for support at
https://blink.ucsd.edu/technology/help-desk/service-desk/index.html and
send comments or suggestions directly to me at mcorn@ucsd.edu.

Finally, you may reference this information in more detail at
https://blink.ucsd.edu/technology/file-sharing/remote-work/security.html

Michael Corn Chief Information Security Officer UC San Diego Campus Ken Wottge Chief Information Security Officer UC San Diego Health