Cyber criminals working overtime during pandemic

According to Gus Anagnos, Chief Information Security Officer for ITS and head of the TrojanSecure program, opportunistic cyber criminals are preying on our fears in these uncertain times. Read this important Q&A with Anagnos to learn how to better protect yourself, your family and the university.

What keeps you up at night – especially during this pandemic?

Many people are feeling powerless right now because they are not able to control the spread of illness, or control what’s happening with the economy. The good news is that we do have control over what goes on inside our homes, on our screens and mobile devices. I realize that this may not be your main focus right now, but these cyber criminals are working overtime to capitalize on your fears. If you take the right steps now to protect yourself, your family and the university – you can better focus on the health and wellbeing of you and your loved ones and on teaching, working and protecting the university.

What types of threats are out there?

There are many threats right now related to the pandemic. Recently, the World Health Organization reported that they were targeted. Someone sent them fraudulent DocuSign emails that were almost identical to legitimate DocuSign emails that the WHO uses for someone to give approvals and authorizations. Another example is how unsuspecting people are also receiving texts from thieves posing as IRS employees trying to gather information for stimulus checks. Other opportunistic cybercriminals are starting fake charities in the names of pandemic victims and their families.

Also, something very familiar to USC, businesses and organizations right now is “Zoombombing.” That’s where interlopers take advantage of features of the Zoom video-conferencing platform to interrupt meetings and lectures. As the worldwide pandemic continues and more and more people communicate online, Zoombombing is becoming a daily occurrence. Luckily, at USC we have taken steps to better prevent it within the USC-provided Zoom. (See this Gateway article.)

Why is USC a target?

USC is one of the world’s leading private institutions for research, medicine, arts, technology, international business and other areas, so the university is often a target. Scammers try and obtain intellectual property, access funds and valuable data. We commonly see phishing or password re-use as some of the methods they try here at USC.

How can you keep yourself and the university safe?

Phishing attempts are rampant during this pandemic. Phishing is when someone tries to gain sensitive data such as usernames, credit card numbers, social security numbers and other information. The thief poses as a trusted source in an electronic communication. And before many people know what they are doing – they click on the information sent and hackers are able to obtain data from just one click. Phishing has now presented itself as information about COVID-19. That’s why, as general rule, do not click links in emails. If you want to access a website reference, copy and paste the website into your internet browser to view it there.

Also, keep your passphrases safe on your mobile devices. Strong, complex passphrases are the best defense. And never use the same passphrases on multiple sites. For instance, if someone gets a hold of your Instagram passphrase, and it’s the same as your online banking, they might be stealing more than your selfies!

Also, consider refreshing your cybersecurity skills by taking the latest cybersecurity training module in TrojanLearn (search for TrojanSecure).

**

Look for more information security safety tips on the Gateway soon. In the meantime, Anagnos asks us to report any suspected phishing emails to phishing@usc.edu. Other links for more information:

3+
Contact the editors

Comment

Employee update on Novel Coronavirus