Cyber criminals persist, even in face of pandemic

April 08, 2020
red glowing keyboard
Even in the face of unprecedented times, criminals are still out there, scamming. Photo by Taskin Ashiq on Unsplash

Never has internet access been more valuable than it is right now.

Whether conducting video conferences, ordering groceries or simply providing the kids with entertainment while attempting to work from home, our reliance on this modern marvel is more important than ever.

But sadly, there are those out there who – even in a time of pandemic – look to take advantage of innocent people. According to Sanjeev Sah, chief information security officer at MUSC, with this increased reliance on the web comes increased vulnerability.

“Our digital risks are rising with the significantly increased use of collaboration technologies,” he said, noting that many of these collaboration methods might lack sufficient security controls. “Cyberthreat actors with various motives, including malicious intent and scams, are taking advantage of the current circumstances.”

Sah said nowhere are the risks greater than in health care and the public health sector.

COVID-19-related phishing campaigns are on the rise, he said, and as of the week of April 6, over 11,000 websites have been registered with the words “corona” or “covid” in their domain names. While no one knows just how many are malicious, information security personnel strongly recommend that all users maintain a heightened sense of awareness and vigilance to keep an eye out for anything that seems out of the ordinary or peculiar.

Sah said the most common characteristics of a suspected phishing email are:

  • The web and email addresses do not look genuine such as  cole@MUSCC.com or cawley@musc.foo.hz. “These threat actors may try to get ‘MUSC’ into the address,” he said, “but it’s clearly not musc.edu.”
  • The email is poorly written.
  • There’s a suspicious attachment.
  • The message is designed to make the reader panic and act by conveying a sense of urgency or scarcity of a resource.

At the end of March, the FBI warned of teleconferencing and online classroom hijacking,  called “Zoom-bombing,” as reports of nationwide video teleconferencing technology hijackings surfaced.

Around that same time, MUSC was the subject of yet another type of COVID-19-related scam in which letters were sent to College of Charleston students claiming that MUSC and the City of Charleston were collaborating on a COVID-19 vaccine trial and seeking healthy students to participate, offering $5,000 to each of the first 100 students. There was no such trial, and the ploy not only caused confusion but wasted time for all three entities during an already tumultuous period for the community. 

According to Sah, MUSC is remaining vigilant and monitoring for all types of threats, while the Information Solutions team is taking proactive actions and implementing measures to detect and respond to cyber threats. He urged MUSC employees to help address these threats by reporting them immediately. If it’s a suspected phishing email, forward it to phishing@musc.edu. If the recipient has knowledge of something suspicious going on, they should send all details to security-incident@musc.edu.

For questions or assistance, contact the service desk at 843-792-9700.