Kettering Health Network has been alerted to activity on the Internet around cyber threat actors taking advantage of the recent global health events to use malicious e-mails and social media posts in an attempt to steal information or encrypt systems/data for ransom.
Healthcare is among many industries being targeted for these campaigns, but anyone may receive them. Social media is also being used to disseminate misinformation / disinformation about the spread of Covid-19 and to post links that leads to malicious websites.
Cybercriminals are using convincing but fake e-mails from the World Health Organization (WHO) and Center for Disease Control (CDC) to trick people into downloading malicious files, some of which download ransomware that encrypts your system. There are also 2 Coronavirus-themed Android mobile applications that have been identified.
How do I protect myself and my company?
- Avoid clicking on links in unsolicited e-mails and be wary of e-mail attachments.
- Do not reveal personal or financial information in e-mails, and do not respond to e-mail solicitations for this information, even over the phone.
- Watch for e-mails claiming to be from the Center for Disease Control (CDC) or World Health Organization (WHO) or experts saying that they have information about the Coronavirus.
- Visit these sites directly for the most up to date information.
- Ignore online offers for vaccinations.
- Don’t let anyone rush you into making a donation or a quick investment
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request
Please report any suspicious email traffic by forwarding it to the KHN Phish Alerts email found in the global address list or to your company’s IT department. If you have any questions or concerns related to the above information, please contact a member of the KHN Information Security team or your organization’s information security program.