Dear colleagues:

Opportunistic cybercriminals are targeting individuals and organizations with COVID-19 related attacks. These attacks come in the form of malicious “phishing” emails, SMS texts, phone apps, and websites. In many cases, their goal is to get you to click on a link, open an attachment, or install an app, that will infect your device with different types of malware (including ransomware) that will steal and/or destroy data. In other cases, the goal is to get you to divulge personal or financial information to the attacker.

COVID-19 related themes that attackers have attempted to exploit include:

  • Communications pretending to come from the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), or other health organizations
  • Fake online maps and tracking sites for COVID-19
  • Donations to charity or relief organizations
  • Personal protective equipment (PPE) scams
  • Cancelation of events
  • Stimulus checks
  • Remote work offers
  • Rent and mortgage relief

Common red flags to look out for include:

  • Suspicious email address – a majority of phishing emails can be spotted by looking at the sender’s email address. If the sender address looks suspicious, it is recommended to verify if the email is legitimate. For example at UCI, if you ever receive an email with before the “@” symbol it may be a scam. Scammers also like to create accounts on free email services like Gmail and Hotmail and set the “From” address to the person they want to impersonate.
  • Generic or non-routine message – most of the time attackers don’t have internal information, so their messages are very generic. These can also include unexpected “too good to be true” offers or asking to perform non-routine requests.
  • Sense of urgency – attackers like to take advantage of our emotions and often times create a sense of urgency to get us to respond. Particularly now when most of us are working remotely and our usual methods of interaction have changed, the authenticity of our communication is much more vulnerable.
  • Misspelling, typos, unfamiliar languages – most phishing emails are not written very well and can contain grammatical errors.

Additional phishing awareness resources are also available on the OIT Security website.

Please forward any suspicious emails that you want checked to OIT Security at

Please email OIT Security at with any other questions.


Josh Drummond
Chief Information Security Officer
Office of Information Technology