
Dear Faculty and Staff,
IT Services is seeing an advanced persistent threat and increase in phishing and social engineering scams due to the coronavirus (COVID-19) global pandemic. Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.
IT services advises the College community to remain vigilant for scams related to COVID-19. Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Please exercise caution in handling any email with a coronavirus or COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to coronavirus or COVID-19.
Summary of Attacks
Cybercriminals will often masquerade as trusted entities, and their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities. Malicious cyber actors rely on basic social engineering methods to entice College Community users to carry out a specific action. These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic in order to persuade users to:
Unique Characteristics of Malicious E-mails
Cybercriminals will often use one of the following traits in malicious emails.
Phishing
IT Services has observed, a large volume of phishing campaigns that use the social engineering techniques described above. Examples of phishing email subject lines include:
These emails contain a call to action, encouraging users to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information.
SMS Phishing
Most phishing attempts come by email but IT Services has received reports that there are increasing attempts to carry out phishing by other means, including text messages (SMS). See example of SMS Phishing message asking the user to donate money.
Phone Scams
Due to COVID-19 Phone Call Scams have increased drastically over the past few months. In some scams, the scammer will act friendly and helpful. In others, they might threaten or try to scare you. One thing you can count on is that a phone scammer will try to get money or your personal information to commit identity theft. Please be aware and never disclose personal or financial information. For more information on Phone Scams please see FTC.gov website, click here.
A few tips from the FTC website
How to Stop Phone Calls from Scammers
Defending Against Coronavirus (COVID-19) Cyber Scams
Malicious cyber actors are continually adjusting their tactics to take advantage of new situations, and the COVID-19 pandemic is no exception. Malicious cyber actors are using the high appetite for COVID-19-related information as an opportunity to deliver malware and ransomware, and to steal user credentials. College community users should remain vigilant
IT Services encourages the community to take the following precautions:
Please note: All incoming emails to Mercy College email accounts from external parties will have a pre-fix in the subject of the message and a disclaimer in the body of the message. This text will only appear if the email is coming from an external email system.
IMPORTANT NOTE: If you see this disclaimer text in the subject and body of an email you receive, please exercise caution when clicking on any links or opening attachments. You should never provide sensitive or confidential information such as usernames and password when responding to such emails.
If you have any questions, please contact the Mercy College Help Desk at 914.674.7256 or helpdesk@mercy.edu.
Thank you,
Mercy College IT Helpdesk
914-674-7526
Protect your ID, and never provide your username and password in response to an Email telling you that they are needed. IT Services would never send a request for this information via Email. Official IT announcements will have the Mercy College logo at the top.