Avoiding COVID-19 cyberscams


This page provides tips for protecting yourself against online scams related to COVID-19.


Cybercriminals often take advantage of crises to trick people into divulging passwords, donating to fraudulent charities, or clicking on malicious links or email attachments. Such phishing scams and cyberattacks may prey on fears about the novel coronavirus and may impersonate university officials or government agencies.

Be alert for such scams and attacks via email, text message, and phone, both at work and at home.

Common Indicators of Fraud

Beware of any phone call, email, or text message that:

  • Appears to come from an official or government organization and urges you to take immediate action.
  • Communicates a tremendous sense of urgency. The cybercriminals are trying to rush you into making a mistake.
  • Pressures you into bypassing or ignoring our security policies and procedures.
  • Promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.

See also our general guidance about email phishing.

How UO Protects You

  • Most phishing emails are automatically blocked by the UO's current email security controls, preventing them from ever reaching your inbox.
  • UO’s Information Security Office is continuously monitoring incoming messages for new phishing attempts, including any that may be focused on coronavirus.
  • The Information Security Office may sometimes systematically remove confirmed malicious phishing messages from UO email accounts to reduce the likelihood of harm to the UO community.
  • All UO faculty, staff, and GEs are required to use two-step login (Duo) to access protected UO services as of July 29, 2020. Students will be required to enroll in Duo in the future.

How to Protect Yourself

  • Continue reading messages and news from the University of Oregon about COVID-19. The UO Coronavirus website contains the most current information. You may also receive email messages from your department.
  • Don't reveal personal or financial information by email, and don't respond to email solicitations for such information.
  • Beware of emails claiming to be from the Centers for Disease Control and Prevention (CDC) or from experts saying they have information about the virus. For reliable information about COVID-19, visit the CDC and World Health Organization (WHO) websites directly.
  • Do your homework before making donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
  • If you receive a suspicious email message, first check UO's Phish Tank. If a message is already posted there and labeled a "Phishing Email," simply delete it from your inbox; no need to report it. If it isn’t posted in the Phish Tank, please forward the message to phishing@uoregon.edu.

External Resources

If you have any questions about phishing or email security, please contact the UO Information Security Office at infosec@uoregon.edu.


Article ID: 116321
Wed 9/16/20 12:03 PM
Tue 9/13/22 10:16 AM

Related Articles (2)

How to report phishing attempts to our Information Security Office.
Learn about UO Cybersecurity Basics, an online training available to all UO employees, and about cybersecurity awareness.