An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : News : News
JBSA News
NEWS | Feb. 7, 2020

How to avoid phishing emails exploiting coronavirus fears

By Joint Regional Intelligence Center-LA Cyber Lab Joint Regional Intelligence Center-LA Cyber Lab

According to open-source reporting, nefarious actors are exploiting the public’s fears of the 2019 Novel Coronavirus in phishing email campaigns.

Malicious emails are appearing as official Centers for Disease Control and Prevention Health Alert Network messages and contain camouflaged links urging readers to view the latest number of novel coronavirus infections in their jurisdictions. These links, once opened, may be used to steal users’ Microsoft Outlook credentials.

Malicious emails may also include attachments containing malware, including Emotet, often used by threat actors to deliver, Ryuk – a sophisticated ransomware.

Phishing e-mails are a common occurrence of military and personal network systems designed to steal your identity by asking for personal information.

Even though the links look legitimate, do not be fooled.

In a phishing email, the sender often delivers shocking and commonly frightening news in order to trick an unsuspecting user into action. However, remember that a legitimate company will never ask you to download a program or enter personally identifiable information, or PII, in an email.

Follow these simple rules to avoid phishing campaigns:

Stay alert - Know what is in your inbox, don't open any old email. If you don't know the sender be overly suspicious.

Don't let emails frighten you - In most cases an email will not be the source of legitimate good or bad news. Read the email carefully and don't be easily duped.

Don't share information through email - A legitimate company should have the PII they need. Call the company help desk and ask for clarification if necessary.

Ensure you are a secure - Look for "https" and the security symbol of a pad lock in your browser. If you're not secure, don't enter information.

Never click on links within emails - If an email requests verification or further information find the website yourself, ensure it is the correct site, and verify that it is secure.

Never open mysterious attachments - Attachments can be laden with malware that can infect you computer.

Use layered defense - Utilize up-to-date spam filters, anti-virus, anti-rootkit, anti-spyware, and firewalls.